Validating a Certification Path using the most-trusted CAs in the JDK's cacerts file. : Certificate « Security « Java Tutorial






import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;

public class Main {
  public static void main(String[] argv) throws Exception {
    String filename = System.getProperty("java.home")
        + "/lib/security/cacerts".replace('/', File.separatorChar);
    FileInputStream is = new FileInputStream(filename);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    String password = "password";
    keystore.load(is, password.toCharArray());

    PKIXParameters params = new PKIXParameters(keystore);

    params.setRevocationEnabled(false);

    CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator
        .getDefaultType());
    CertPath certPath = null;
    CertPathValidatorResult result = certPathValidator.validate(certPath, params);

    PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
    TrustAnchor ta = pkixResult.getTrustAnchor();
    X509Certificate cert = ta.getTrustedCert();
  }
}








36.7.Certificate
36.7.1.Using Certificates in Java
36.7.2.KeyStore Example
36.7.3.Creating a Certificate in Java
36.7.4.Import certificate
36.7.5.Generate X.509 certificate
36.7.6.Store Certificate
36.7.7.Validate certificate
36.7.8.Exporting a Certificate to a File
36.7.9.Validating a Certification Path using the most-trusted CAs in the JDK's cacerts file.