Signature. PKI. X.509 Certificate Validation in Java: Build and Verify Chain and Verify CLR with Bouncy Castle. Author: Svetlin Nakov December 1, 2009 For one of my recent projects I needed to implement X.509 certificate validation library that validates a certificate across given set of trusted root certificated and a set of intermediate certificate.
Initially I thought this is a problem that has already out-of-the-box solution in BouncyCastle but the CRL verification was found to be unpleasant to implement and not available out-of-the-box. The task was formulated as follows: given a X.509 certificate and a set of trusted root certificates and a set of intermediate certificates to build a certification chain (if possible) and to extract the CRL distribution point from the certificate (if available) and to check whether the certificate is not revoked.
It was required to support HTTP, HTPS, FTP and LDAP based distribution points. SecTools : ressources pour comprendre la cryptographie.