0

I am writing code to verify the server certificate chain at client side using X509TrustManager implementation . Is the checkServerTrusted methods validates algorithem, issuers etc. of the remote certificates?

i have written the complete implementation for verifying the server certificates at client side. I am verifying the host name, validity and also calling the checkServerTrusted method. but i am not sure if checkServerTrusted method internally validate for the algorithm, issuer etc. or not ?

initializing the defaultTrustManager with root certs of server and then :

defaultTrustManager.checkServerTrusted( certificates, authType );

In actual scenario my case is working fine and cert validation is successful but its unknown that how this validation is performed.

Expectations are to validate issuer, algorithm, key length etc while processing the cert negotiation.

Deepak Pareek
  • 39
  • 1
  • 8
  • It checks whether the certificate provided is signed by a trusted signer, based on the negotiated authentication type. That's it. JSSE does the other checks (signature, key length, expiration, ...) checks separately. – user207421 Aug 07 '19 at 08:22
  • Thank you. Should i write code to manually check signature, key length, issuer or it will checked by default as i am using ProtocolSocketFactory implementation to create Socket. – Deepak Pareek Aug 08 '19 at 04:57

0 Answers0