Win a copy of Murach's Python Programming this week in the Jython/Python forum!
    Bookmark Topic Watch Topic
  • New Topic

How to verify a certificate is trusted  RSS feed

 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Report post to moderator

Hello All,

How can I tell that a certificate is trusted?

My scenario is this: 

I receive a SOAP response whose header contains the following SOAPElements:  BinarySecurityToken, Security, and Signature.

To validate the signature, I read and decode the base64 BinarySecurityToken, and transform it to a certificate by storing it in a java truststore.

In another java truststore, we have the trusted root and intermediate.  How can I use the trusted root and intermediate to verify that the certificate obtained from the BinarySecurityToken is trusted? 

This is one of the necessary steps in verifying the Signature of a SOAP response.

Thank you so much for your time.

-Ravi

 
Stephan van Hulst
Saloon Keeper
Posts: 6980
110
  • Mark post as helpful
  • send pies
  • Report post to moderator
By putting the certificate in the trust store, you've essentially said you trust it, without validating it. Don't do this.

I suppose you can create the certificate using CertificateFactory, and then use the PKIX algorithm with CertPathBuilder to verify the certificate chain.

Why are you doing this manually though? I'm pretty sure there are plenty of decent frameworks out there to do this for you.
 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Report post to moderator

Thanks very much.  I'll look into it.
 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Report post to moderator

Hello Stephan,

Is the certificate chain contained in the BinarySecurityToken found in the SOAP header?

I have used the CertificateFactory, and the PKIX algorithm with CertPathBuilder to verify the certificate chain, but this resulted in an exception being thrown.

Does an X509Certificate contain the certificate chain?

Thanks for any help you can give.

-Ravi



 
Stephan van Hulst
Saloon Keeper
Posts: 6980
110
  • Mark post as helpful
  • send pies
  • Report post to moderator
Let's continue the topic here: https://coderanch.com/t/669142/Web-Services/java/verify-Certificate-trusted
 
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!