I would like to validate a certificate chain which will be imported into my app. I do not know how.
My coleagues told me, that I have to use Bouncing castle for validation. I saw several examples and still do not have any progress.
I have a List<X509Certificate> which contains all certificates which are imported from the UI, and also the PrivateKey.
Could you please show me how to validate the certificate chain with Bouncing castle.
You can use the java.security.cert.CertificateFactory to validate your certificate chain.
InputStream inStream = ByteArrayInputStream(<data>);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath cp = cf.generateCertPath(inStream);
List<Certificate> certs = cp.getCertificates();
The certs now contains the certificate chain. The first entry in certs (certs[0]) contais the certificate and the following certificates are the chain.
The last entry in certs is the root certificate which should be compared to a already existing certificate in your application.
In the case that the certification path could not be built up the above code will throw a CertificateException.