Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Question validation certificate chain

Subject: OpenSAML user discussion

List archive

Re: Question validation certificate chain


Chronological Thread 
  • From: Walter Hoehn <>
  • To:
  • Cc:
  • Subject: Re: Question validation certificate chain
  • Date: Mon, 31 Oct 2005 12:36:22 -0600

There is an example of how to do this in the Shibboleth cvs.

http://anoncvs.internet2.edu/shibboleth/

-Walter


On Oct 31, 2005, at 4:05 AM,

wrote:


Hello everybody,

I'm quite new in the use of openSAML, so please be patient. :-)

My problem is the following: I have to implement an application that receives a SAML message with 3 certificates, one of them being the root certificate. I've searched on the internet how to verify certificate chains, but I do not think what I've found is what I'm looking for, and the reason is: they use a CertPathValidator class and verify the certificates they have in the keystore (as shown in Example 1 Step 3 on http://www.javaworld.com/javaworld/jw-12-2001/ jw-1221-jdk4security_p.html). However, in my case, I have to verify the certificates included in the SAML message against the certificates I have in the keystore.

I do not know if the following line is enough to do what I want:
//samlResp is a SAMLResponse, and mCertificate the root certificate retrieved from the keystore.
samlResp.verify(mCertificate);

Maybe I have to do it 3 times, one for each certificate in the chain. I really do not know.
Can anyone help me with this please? Does anyone has an excerpt of code with such validation of a chain?
Thanks in advance.
Regards,
Miro Casanova





Archive powered by MHonArc 2.6.16.

Top of Page