You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/05/12 16:27:35 UTC

How to make the use of CertificatePathValidator provider-independent?

Hello all,

I have a problem implementing a CertificatePath validation. The following code works if I only use classes from BouncyCastle (hardcoded, i.e. org.bouncycastle.jce.cert.*). Now I want to make the code provider-independent.

The first step was using the getCertificateFactory() from Merlin to get the CertificateFactory.

The next step would be to use the interfaces from java.security.cert instead of the hardcoded classes from BC (The last step would be putting CertPathValidator.getInstance("PKIX","BC"); into an own getCertPathValidator() that uses the crypto.properties.)

My problem is the following exception that is thrown when I run the code below:

java.security.NoSuchAlgorithmException: class configured for CertPathValidator: org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi not a CertPathValidator

The code is:

   java.util.List certList = java.util.Arrays.asList(certs);
   CertPath cp = (CertPath) getCertificateFactory().generateCertPath(certList);
   
   // Trust anchor is the last certificate in the chain
   X509Certificate ca = certs[certs.length-1];
    
   // Set the parameters, do not check any revocation list  
   TrustAnchor anchor = new TrustAnchor(ca, null);
   PKIXParameters param = new PKIXParameters(java.util.Collections.singleton(anchor));
   param.setRevocationEnabled(false);

   // Verify the trust path using the above settings
   CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
   PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);

Does anyone know how to handle this?
 
Regards,
Christof