Results 1 to 2 of 2

Thread: OCSP Validation

  1. #1
    indiikalakmal is offline Member
    Join Date
    Oct 2012
    Posts
    1
    Rep Power
    0

    Exclamation OCSP Validation

    Hi All, I'm trying to validate a X.509 certificate using java. But it always gives a error "Validation failure, cert :java.security.cert.CertPathValidatorException: Responder's certificate is not authorized to sign OCSP responses", I also added certificate to windows certificate store. any clue to resolve this ?

    =========================Code ================================================== =========
    import java.security.cert.*;
    import java.security.*;
    import java.util.*;
    import java.io.*;

    public class OCSPCheck {
    // OCSP URL http://ocsp.lankaclear.lk:11080/ocsp/ee/ocsp
    private static final String TEST_RESPONDER_URL = "http://172.18.60.100:11080/ocsp/ee/ocsp";
    // private static final String TEST_RESPONDER_URL = "http://ocsp-commercial.lankaclear.lk:11080/ocsp/ee/ocsp";
    public static void main(String [] args){
    try {

    // X509Certificate caCert = readCert("TDCOCESSTEST2.cer");
    // X509Certificate clientCert = readCert("PIDTestBruger2.cer");
    // CA Certificate
    X509Certificate caCert = readCert("F:
    4 Development\\X509Validation\\src
    LCPL-ROOT-PUB.cer");
    // Client Cerificate
    X509Certificate clientCert = readCert("F:
    4 Development\\X509Validation\\src
    LCPL-Intermediate-Pub.cer");
    List certList = new Vector();
    certList.add(clientCert);
    certList.add(caCert);
    validateCertPath(certList, caCert, TEST_RESPONDER_URL);
    } catch (Exception e){
    e.printStackTrace();
    }
    }
    private static void validateCertPath(List certList, X509Certificate trustedCert, String responderUrl) {
    try {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    CertPath cp = cf.generateCertPath(certList);
    CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

    // Set the Trust anchor
    TrustAnchor anchor = new TrustAnchor(trustedCert, null);
    try{
    //System.out.println(anchor.toString() + "CA NAME");
    }catch(Exception e)
    {
    }
    PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
    params.setRevocationEnabled(true);
    Security.setProperty("ocsp.enable", "true");
    Security.setProperty("ocsp.responderURL", responderUrl);
    //Security.setProperty("ocsp.responderURL", responderUrl);

    // Validate and obtain results
    try {
    PKIXCertPathValidatorResult result =
    (PKIXCertPathValidatorResult) cpv.validate(cp, params);
    PolicyNode policyTree = result.getPolicyTree();
    PublicKey subjectPublicKey = result.getPublicKey();

    System.out.println("Query Result ");
    System.out.println("Policy Tree:\n" + policyTree);
    System.out.println("Subject Public key:\n" + subjectPublicKey);
    } catch (Exception cpve) {
    System.out.println("Validation failure, cert :"
    + cpve.toString());
    }
    // } catch (CertPathValidatorException cpve) {
    // System.out.println("Validation failure, cert["
    // + cpve.getIndex() + "] :" + cpve.getMessage() + " " + cpve.toString());
    // }

    } catch (Exception e) {
    e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
    }
    }
    private static X509Certificate readCert(String fileName) throws FileNotFoundException, CertificateException {
    InputStream is = new FileInputStream(fileName);
    BufferedInputStream bis = new BufferedInputStream(is);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
    return cert;
    }
    }

    ================================================== ========================================

  2. #2
    DarrylBurke's Avatar
    DarrylBurke is offline Forum Police
    Join Date
    Sep 2008
    Location
    Madgaon, Goa, India
    Posts
    12,048
    Rep Power
    23

Similar Threads

  1. Validation
    By Johnny2009 in forum New To Java
    Replies: 2
    Last Post: 09-23-2012, 11:11 PM
  2. OCSP Request
    By Mysidia in forum Networking
    Replies: 0
    Last Post: 12-09-2011, 05:11 PM
  3. XML validation
    By Onra in forum New To Java
    Replies: 0
    Last Post: 03-24-2011, 07:14 PM
  4. XML Validation
    By sehudson in forum XML
    Replies: 5
    Last Post: 03-21-2011, 01:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •