You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/05/12 16:27:35 UTC
How to make the use of CertificatePathValidator provider-independent?
Hello all,
I have a problem implementing a CertificatePath validation. The following code works if I only use classes from BouncyCastle (hardcoded, i.e. org.bouncycastle.jce.cert.*). Now I want to make the code provider-independent.
The first step was using the getCertificateFactory() from Merlin to get the CertificateFactory.
The next step would be to use the interfaces from java.security.cert instead of the hardcoded classes from BC (The last step would be putting CertPathValidator.getInstance("PKIX","BC"); into an own getCertPathValidator() that uses the crypto.properties.)
My problem is the following exception that is thrown when I run the code below:
java.security.NoSuchAlgorithmException: class configured for CertPathValidator: org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi not a CertPathValidator
The code is:
java.util.List certList = java.util.Arrays.asList(certs);
CertPath cp = (CertPath) getCertificateFactory().generateCertPath(certList);
// Trust anchor is the last certificate in the chain
X509Certificate ca = certs[certs.length-1];
// Set the parameters, do not check any revocation list
TrustAnchor anchor = new TrustAnchor(ca, null);
PKIXParameters param = new PKIXParameters(java.util.Collections.singleton(anchor));
param.setRevocationEnabled(false);
// Verify the trust path using the above settings
CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
Does anyone know how to handle this?
Regards,
Christof