Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Other Java > BOOK: Beginning Cryptography with Java
Reload this Page custom PKIXCertPathChecker (chap 7)
|
BOOK: Beginning Cryptography with Java
This is the forum to discuss the Wrox book Beginning Cryptography with Java by David Hook; ISBN: 9780764596339
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Cryptography with Java section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 23rd, 2008, 05:43 AM
Authorized User
  
Join Date: Apr 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default custom PKIXCertPathChecker (chap 7)

Hi

I implemented my own PKIXCertPathChecker which checks status of cert using OCSP and also some custom extensions. My Custom certpathchecker is stateful, and does not support ForwardChecking , since we need certificates passed to our checker starting from Trust ANchror and to target (end entity) certificate, as described in chapter 7

below is the output of certificate chain (1), certstore passed to PKIXParameters (2), certpath passed to PKIXParameters(3) and Trust Anchor used to construct PKIXParameters (4)

1)
***********************
printing certchain for CN=Sample User Certficate
CN=SubAdminCA2,O=EJBCA Sample,C=SE
CN=AdminCA1,O=EJBCA Sample,C=SE
***********************

2)
***********************
printing certs in certstore
CN=Sample User Certficate issuer is CN=SubAdminCA2,O=EJBCA Sample,C=SE
CN=AdminCA1,O=EJBCA Sample,C=SE issuer is CN=AdminCA1,O=EJBCA Sample,C=SE
CN=SubAdminCA2,O=EJBCA Sample,C=SE issuer is CN=AdminCA1,O=EJBCA Sample,C=SE
***********************

3)
***********************
printing certs in certpath
CN=Sample User Certficate issuer is CN=SubAdminCA2,O=EJBCA Sample,C=SE
CN=SubAdminCA2,O=EJBCA Sample,C=SE issuer is CN=AdminCA1,O=EJBCA Sample,C=SE
***********************

4)
***********************
printing trust anchor CN=AdminCA1,O=EJBCA Sample,C=SE
***********************

Inside check method of CustomCertPathChecker I print certificate passed as argument, and the only thing printed is

***********************
certificate prsented to pathcheckerCN=Sample User Certficate
***********************

so it seems as if the only certificate passed to CustomCertPathChecker is end entity certificate, I would assume from text that it should be AdminCA1 first, followed by SubAdminCA2 and last Sample User Certficate.

NOTE: I set setRevocationEnabled(false) on PKIXParameters , and add my customcertpathchecker through addCertPathChecker. CertPathValidator is constructed as CertPathValidator.getInstance("PKIX", "BC")


any advices would be greatly appreciated.

Sincerely
Ray
 
Old July 23rd, 2008, 08:42 AM
Authorized User
  
Join Date: Apr 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Some extra info,

debugging reveals that constructor is called first, then called clone 4 times, then init, and lastly check is called with user certificate.

Alsi I explicitly specify provider as "BC" wherever appropriate (CertificateFactory.getInstance("X509", "BC"), CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs), "BC"), CertPathValidator.getInstance("PKIX", "BC"))

Maybe it will give some clue

Sincerely
Ray
 
Old July 23rd, 2008, 09:41 PM
dgh dgh is offline
Wrox Author
  
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default
You wouldn't expect the trust anchor to appear as it is assumed that the trust anchor the basis for the chain, if you imagine the CRL case you can see that the CRL for the trust anchor is against the intermediate certificates not the trust anchor itself.

With the checker only being called on the end entity, that has to be a bug. It appears it to have been introduced in 1.39 during the path checker rewrite. Try the provider at http://downloads.bouncycastle.org/betas - that should fix your problem.

Regards,

David
 
Old July 24th, 2008, 02:13 AM
Authorized User
  
Join Date: Apr 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Hi

Yes you are right about trust anchor.

So it was a filed bug with path checker, I will try beta in hope that it will be release soon.
Thanks alot

Sincerely
Ray





Similar Threads
Thread Thread Starter Forum Replies Last Post
Custom Server Control....Custom Property Editor ZArrinPour ASP.NET 1.0 and 1.1 Basics 1 June 15th, 2010 11:30 AM
Web Service, Custom Control, Custom Return Type robzyc ASP.NET 2.0 Basics 6 June 10th, 2008 08:03 AM
Chap. 9 - ValidationSummary Ciupaz BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 6 May 28th, 2008 09:58 PM
Using A Custom Assembly, chap 5 p154 - 155 jmurdock BOOK: Professional SQL Server Reporting Services ISBN: 0-7645-6878-7 2 June 20th, 2007 05:01 PM
chap 15 manal_sag BOOK: Beginning ASP 3.0 2 July 10th, 2005 03:29 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.