Posted on 16 Aug 2022, this text provides information on QA/Testing related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

Answers (2)

Post Answer

manpreet Best Answer 2 years ago

I implement a SAML SP in Java.
In order to to validate the certificate of the SAML response,
I extract the X509Certificate element from the SAML response and validate it against a Java keystore file which I uploaded the IDP certificate to in advance.
I use the following code to validate the certificate:

 X509Certificate certFromResponse = //extract from SAML response 
 KeyStore keyStore = getKS();
 PKIXParameters params = new PKIXParameters(keyStore);
 params.setRevocationEnabled(false);
 CertPath certPath = 
 certificateFactory.generateCertPath(Arrays.asList(certFromResponse));
 CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
 CertPathValidatorResult result = certPathValidator.validate(certPath, params);

This works fine for certificates which are root CA.
When the certificate has a certification path, the validation fails.
A possible way to handle it is to manually upload all the certificates from the path into the JKS file
with different aliases, and then extract them into a list like this:

List<Certificate> certs = new ArrayList<Certificate>();
certs.add(certFromResponse);
if (keyStore.getCertificate("ALIAS_CA_1") != null) {
    certs.add(keyStore.getCertificate("ALIAS_CA_1"));
}
if (keyStore.getCertificate("ALIAS_CA_2") != null) {
    certs.add(keyStore.getCertificate("ALIAS_CA_2");
}
...
CertPath certPath = certificateFactory.generateCertPath(certs);

Is there a more straightforward way to do it?
Is it possible to extract the certification path from the certificate Itself?

Thanks!

0 views

0 shares

manpreet 2 years ago

It seems that the PKIXParameters extracts the certification path automatically, so no need to do it manually.
All we have to do is uploading all certificates to the keystore.

0 views 0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Explore Other Libraries

Blogs Tutorials Question Bank Feeds Careernews

Popular Categories

Validate a certification path

Take Quiz To Earn Credits!

Answers (2)

manpreet Best Answer 2 years ago

manpreet 2 years ago

Which operating system you favour and why?

What are the most popular tech portals in India?

What are best technologies available today for education / aiding learning?

What professional training certifications are most marketable?

What are the course certificates or skills that engineers should have other than their academics?

What is the full form of NABARD ?

How to refresh app upon shaking the device?

What are the govt exams after BCA?

TYPO3 v8. Override function in Core class

Why do people in India give so much importance to Government jobs?

<div>zkskKsk</div>

<span style="font-size: 1em;">Qwerty 4</span>

<div>What are the key differences between AMOLED and LCD displays in smartphones?</div>

<div>What are the key challenges in Mobile App Development for Cross-Platform Solutions?</div>

who is the smallest man in the world

Explore Other Libraries

Tags

Important General Tech Links

Join Our Community Today