Mobile Technologies Web Technologies Digital Marketing Creative Design Career Talk Medical General Tech Interviews Internet Of Things

Embark on a journey of knowledge! Take the quiz and earn valuable credits.

Take A Quiz

Challenge yourself and boost your learning! Start the quiz now to earn credits.

Take A Quiz

Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.

Take A Quiz

Popular Categories

All
Interview Questions
Question Bank
Quantitative Aptitude
Engineering
Govt Exams
Digital Marketing
Management
Interviews

Validate a certification path

General Tech QA/Testing 3 years ago

2.91K 2 0 0 0
author
Previous Next

User submissions are the sole responsibility of contributors, with TuteeHUB disclaiming liability for accuracy, copyrights, or consequences of use; content is for informational purposes only and not professional advice.

Answers (2)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 3 years ago

 

I implement a SAML SP in Java.
In order to to validate the certificate of the SAML response,
I extract the X509Certificate element from the SAML response and validate it against a Java keystore file which I uploaded the IDP certificate to in advance.
I use the following code to validate the certificate:

 X509Certificate certFromResponse = //extract from SAML response 
 KeyStore keyStore = getKS();
 PKIXParameters params = new PKIXParameters(keyStore);
 params.setRevocationEnabled(false);
 CertPath certPath = 
 certificateFactory.generateCertPath(Arrays.asList(certFromResponse));
 CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
 CertPathValidatorResult result = certPathValidator.validate(certPath, params);

This works fine for certificates which are root CA.
When the certificate has a certification path, the validation fails.
A possible way to handle it is to manually upload all the certificates from the path into the JKS file
with different aliases, and then extract them into a list like this:

List<Certificate> certs = new ArrayList<Certificate>();
certs.add(certFromResponse);
if (keyStore.getCertificate("ALIAS_CA_1") != null) {
    certs.add(keyStore.getCertificate("ALIAS_CA_1"));
}
if (keyStore.getCertificate("ALIAS_CA_2") != null) {
    certs.add(keyStore.getCertificate("ALIAS_CA_2");
}
...
CertPath certPath = certificateFactory.generateCertPath(certs);

Is there a more straightforward way to do it? 
Is it possible to extract the certification path from the certificate Itself?

Thanks!

0 views
0 shares
profilepic.png
manpreet 3 years ago

It seems that the PKIXParameters extracts the certification path automatically, so no need to do it manually.
All we have to do is uploading all certificates to the keystore.

shareimprove this answer

0 views   0 shares

No matter what stage you're at in your education or career, TuteeHUB will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Similar Forum

Q

Which operating system you favour and why?

Q

What are the most popular tech portals in India?

Q

What are best technologies available today for education / aiding learning?

View All

Explore Other Libraries

Online Exams

Question Bank

Career News

Feeds

Full Forms

Dictionary

Interview Question

Gigs

Quotes

Lyrics

Videos

Courses

Blogs

Tutorials

Forum

Educators

Corporates

Tools

Related Searches

General Tech QA/Testing

Important General Tech Links

Bugs & Fixes
Technology & Software
Learning Aids/Tools
QA/Testing