• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to verify that a X509Certificate is trusted?  RSS feed

 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello All,

I have received a SOAP response and in the header is a BinarySecurityToken.  The contents of the BinarySecurityToken contain the Base64 encoded contents of an X509Certificate.

This X509Certificate has been successfully used to verify that the signature in the response header is correct. 

Now I want to verify that the certificate is trusted.  We have a truststore containing the rootCA and an intermediate, which should be in the trust path of the X509Certificate.  I am using the CertPathBuilder to verify that the X509Certificate is trusted.

An exception has been thrown during this attempt.  Question:  if the X509Certificate is obtained from the BinarySecurityToken, is the trust chain available within this created X509Certificate?

Thanks very much for any help you can give.

-Ravi


 
Stephan van Hulst
Saloon Keeper
Posts: 7817
142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a reason you're not using a framework to deal with SOAP messages, such as Axis2?
 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello Stephan,

Thank you for continuing this topic.

We have coded a java standalone as our webservice client.

We would like to continue on this path since all but the certificate trust remains to be done.

Do you know how to extract the certificate path from the BinarySecurityToken?

Thanks very much for any help.

-Ravi
 
Stephan van Hulst
Saloon Keeper
Posts: 7817
142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you show us the code you have written so far?
 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello,

The problem has been solved with the following:

certToVerify.verify(parent.getPublicKey());

where certToVerify is the X509Certificate created from the BinarySecurityToken, and parent is the X509Certificate from the truststore (signer of the certToVerify certificate).

-Ravi
 
Stephan van Hulst
Saloon Keeper
Posts: 7817
142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well done, and thanks for reporting back to us. Have a cow.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!