Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

Certificate chain...

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.

I have created a keystore in my webserver. In this keystore i putted:
1st - My own self signed certificate

keytool -genkey -alias vbvsign -keyalg RSA -keysize 1024 -keystore .keystoreCV -storepass vbvsignpass -storetype jks -dname "CN=172.29.145.110-172.29.145.119, OU=Development, O=SISP, L=Praia, ST=Praia, C=CV"

keytool -certreq -v -alias vbvsign -keystore .keystoreCV -storepass vbvsignpass -file vbvCSR.pem

2nd - CA Certificatekeytool -import -alias MPIclientCA -keystore .keystoreCV -trustcacerts -file pitroot.der

3rd - Client Certificate received by email
keytool -import -alias MPIclientCertificate -keystore .keystoreCV -trustcacerts -file
keytool -import -alias vbvsign -keystore .keystoreCV -trustcacerts -file MPIclient_certificate.der


When i received the last one (3rd), they also send a PKCS#7 certificate chain. Now, i need to validate a XML File, signed, and i dont know what or how can i validate that... Now, i am validating the three certificates (it looks well), but when validating the signature it return a validation error:
"javax.xml.crypto.dsig.XMLSignatureException: the keyselector did not find a validation key"

I think that possibly maybe i need to import or do something else with the PKCS#7 certificate chain that i received by email, but i dont know what to do...

Can you help me please!

Thanks a lot,
Cristovao
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not familiar with the XML security APIs, but I'm sure the concepts are the same as for other PKI applications. First, you must understand that the certified keypair that you have stored at alias vbvsign is used by you to sign documents, not to verify them. To verify a document that someone else has signed, you must have their certified public key. Most APIs, and probably also the XML APIs you are using, allow for this public key certificate to be included in the message itself. All that is required on your part is that you have the root CA that signed their public key in your trusted certificate store.
 
And inside of my fortune cookie was this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!