How do i check if certificate A got certfiicate B as issuer in Java? --> X509Certificates
Question
I have two X509Certificates, one of them is uploaded and the other one should be the Issuer. What is the simplest whay to check if the given certificate is the issuer of the uploaded certificate? This should be done with Java.
1 answers
solution1
3 ACCPTED 2015-01-27 06:55:26
You need to verify two points:
- The uploaded certificate Issuer DN is equals to the issuer certificate Subject DN .
- The uploaded certificate has been signed by the issuer certificate private key.
It is possible to do it with this java code snippet
public boolean check(X509Certificate issuer, X509Certificate uploaded) {
Principal subjectDN = issuer.getSubjectDN();
Principal issuerDN = uploaded.getIssuerDN();
if (!subjectDN.equals(issuerDN)) {
return false;
}
PublicKey pubKey = issuer.getPublicKey();
try {
uploaded.verify(pubKey);
} catch (Exception e) {
return false;
}
return true;
}
For clarity and concision reasons I put a catch all exceptions in that code sample. Note that this may cause false negative (ie returns false, even if the uploaded certificate has been issued by the issuer certificate) for instance when the signature algorithm is not supported by any of the installed crypto providers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.