You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Miroslav Nachev <mi...@space-comm.com> on 2007/02/14 11:10:18 UTC

How to get intermediate validation results during PKIX Certificate Path Validation

Hi,

For XAdES I need of additional information during PKIX Certificate Path 
Validation which exists when the debugging is enabled.
Is there any way to get these intermediate validation results?

   1. Key Checker;
   2. Constraints Checker
         - basic constraints
         - name constraints
   3. Certificate Policy Checker
   4. Basic Checker
         - timestamp
         - subject/issuer name chaining
         - signature
         - issuer
   5. OCSP Checker
           - Searching trust anchors for responder's certificate
           - connecting to OCSP service at: http://ocsp.b-trust.org
           - OCSP response: Successful
           - OCSP response type: basic
           - OCSP Responder name
           - Verified signature of OCSP Responder
           - Status of certificate (with serial number 22083) is: Good
   6. CRL Revocation Checker
           - checking revocation status;
           - Choice between CRL Distribution Points (URL) or CRL File
           - Trying to fetch CRL from DP 
http://www.b-trust.org/repository/ca3/crl/b-trust_ca3_oper.crl
           - Downloading new CRL...
           - Returning 1 CRLs
           - Verify Revocation Status: approved crls.size() = 1
           - starting the final sweep...
           - CrlRevocationChecker.verifyRevocationStatus cert SN: 22083
   7. Checking for unresolved Critical Extensions


Best Regards,
Miroslav Nachev