Results 1 to 2 of 2

Thread: OCSP Validation

  1. #1
    indiikalakmal is offline Member
    Join Date
    Oct 2012
    Posts
    1
    Rep Power
    0

    Exclamation OCSP Validation

    Hi All, I'm trying to validate a X.509 certificate using java. But it always gives a error "Validation failure, cert :java.security.cert.CertPathValidatorException: Responder's certificate is not authorized to sign OCSP responses", I also added certificate to windows certificate store. any clue to resolve this ?

    =========================Code ================================================== =========
    import java.security.cert.*;
    import java.security.*;
    import java.util.*;
    import java.io.*;

    public class OCSPCheck {
    // OCSP URL http://ocsp.lankaclear.lk:11080/ocsp/ee/ocsp
    private static final String TEST_RESPONDER_URL = "http://172.18.60.100:11080/ocsp/ee/ocsp";
    // private static final String TEST_RESPONDER_URL = "http://ocsp-commercial.lankaclear.lk:11080/ocsp/ee/ocsp";
    public static void main(String [] args){
    try {

    // X509Certificate caCert = readCert("TDCOCESSTEST2.cer");
    // X509Certificate clientCert = readCert("PIDTestBruger2.cer");
    // CA Certificate
    X509Certificate caCert = readCert("F:
    4 Development\\X509Validation\\src
    LCPL-ROOT-PUB.cer");
    // Client Cerificate
    X509Certificate clientCert = readCert("F:
    4 Development\\X509Validation\\src
    LCPL-Intermediate-Pub.cer");
    List certList = new Vector();
    certList.add(clientCert);
    certList.add(caCert);
    validateCertPath(certList, caCert, TEST_RESPONDER_URL);
    } catch (Exception e){
    e.printStackTrace();
    }
    }
    private static void validateCertPath(List certList, X509Certificate trustedCert, String responderUrl) {
    try {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    CertPath cp = cf.generateCertPath(certList);
    CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

    // Set the Trust anchor
    TrustAnchor anchor = new TrustAnchor(trustedCert, null);
    try{
    //System.out.println(anchor.toString() + "CA NAME");
    }catch(Exception e)
    {
    }
    PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
    params.setRevocationEnabled(true);
    Security.setProperty("ocsp.enable", "true");
    Security.setProperty("ocsp.responderURL", responderUrl);
    //Security.setProperty("ocsp.responderURL", responderUrl);

    // Validate and obtain results
    try {
    PKIXCertPathValidatorResult result =
    (PKIXCertPathValidatorResult) cpv.validate(cp, params);
    PolicyNode policyTree = result.getPolicyTree();
    PublicKey subjectPublicKey = result.getPublicKey();

    System.out.println("Query Result ");
    System.out.println("Policy Tree:\n" + policyTree);
    System.out.println("Subject Public key:\n" + subjectPublicKey);
    } catch (Exception cpve) {
    System.out.println("Validation failure, cert :"
    + cpve.toString());
    }
    // } catch (CertPathValidatorException cpve) {
    // System.out.println("Validation failure, cert["
    // + cpve.getIndex() + "] :" + cpve.getMessage() + " " + cpve.toString());
    // }

    } catch (Exception e) {
    e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
    }
    }
    private static X509Certificate readCert(String fileName) throws FileNotFoundException, CertificateException {
    InputStream is = new FileInputStream(fileName);
    BufferedInputStream bis = new BufferedInputStream(is);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
    return cert;
    }
    }

    ================================================== ========================================

  2. #2
    DarrylBurke's Avatar
    DarrylBurke is offline Forum Police
    Join Date
    Sep 2008
    Location
    Madgaon, Goa, India
    Posts
    11,254
    Rep Power
    19

    Default Re: OCSP Validation

    If you're forever cleaning cobwebs, it's time to get rid of the spiders.

Similar Threads

  1. Validation
    By Johnny2009 in forum New To Java
    Replies: 2
    Last Post: 09-23-2012, 11:11 PM
  2. OCSP Request
    By Mysidia in forum Networking
    Replies: 0
    Last Post: 12-09-2011, 04:11 PM
  3. XML validation
    By Onra in forum New To Java
    Replies: 0
    Last Post: 03-24-2011, 06:14 PM
  4. XML Validation
    By sehudson in forum XML
    Replies: 5
    Last Post: 03-21-2011, 12:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •