Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Cryptography

OCSP based certificate validation

Hi all,

Is there someone who can help me with OCSP in java. I need to implement certificate validation on server as part of authentication process in a j2ee environment. I'm thinking that the process should look like this:

1. the client will upload its certificate

2. the server will receive the certificate and will try to verify if the certificate is valid to the authority that created and signed the certificate.

Is this possible in java1.4+ to perform such a validation?

Thanks in advance

[531 byte] By [MadalinCosmaa] at [2007-11-27 8:33:07]
«« How to show timer when a process is going on?
»» slash with leading spaces as html text causes problems
# 1
OCSP support was added to Sun's implementation in JDK 1.5. See thePKI Enhancements doc for more information: http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
smullana at 2007-7-12 20:29:09 > top of Java-index,Security,Cryptography...
# 2
i've already seen this page. I'm looking more for sample code that uses OCSP. A simple example that shows how jdk can be used for certificate validation when acting as a OCSP client.
MadalinCosmaa at 2007-7-12 20:29:09 > top of Java-index,Security,Cryptography...
# 3
Hi friend!,I am looking for the source code too. In the next link you can see a source code for the client: http://lists.iaik.tugraz.at/pipermail/jce-general/2005-April/004371.htmlDid you find a code for the server?Thanks a lot.
gonzalo_ron@yahoo.coma at 2007-7-12 20:29:09 > top of Java-index,Security,Cryptography...
# 4
Here you can see a Bouncy Castle extension. I Think this is propietary. http://sourceforge.net/projects/novosec-bc-ext/Greetings!
gonzalo_ron@yahoo.coma at 2007-7-12 20:29:09 > top of Java-index,Security,Cryptography...
# 5

Guys,

both iaik-jce and bouncy castle are distinct APIs. The jdk5.0 page sugests that it is possible to implement a ocsp client only by using jdk5.

The 3rd party libs mentioned by you offers support for ocsp server too (at least iaik) . I don't know details since i'm interested only in an ocsp client implementation based on jdk5.

MadalinCosmaa at 2007-7-12 20:29:09 > top of Java-index,Security,Cryptography...
Security
Cryptography

Security Hot Topic

Security

All Classified