Certificate validation

[RicardoFonsecaSilva]

Transcript from the FAQ:

Make sure the key was generated by a trusted authority. The information about these authorities can be stored in the blockserver.

https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao/

You can use the Java Certification Path (JCP) library, which is included in the JSE (but there are many alternative libraries; another popular one is the Certification Path library).

Here you find the documentation of the whole JCP library:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html

The most relevant classes are:

• The CertPath Class
• Certification Path Building Classes

• Certification Path Validation Classes

  Note that, to perform the validation, you should store the certificates of the "Entidade de Certificação do Cartão de Cidadão", which you can find here:

  https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao/

  There are three certificates, which correspond to different versions of the Cartão de Cidadão.

Here you can find also the Certificate Revocation Lists:

https://pki.cartaodecidadao.pt/publico/lrc/

Some publicly available JAVA code examples:

• http://www.java2s.com/Tutorial/Java/0490__Security/Validatecertificate.htm (using the Java Certification Path library)
• http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/ (using the Bouncy Castle library)

[jm4c]

Sorry taking so long on this issue... @RicardoFonsecaSilva @wefbak

By the way, I opened issue #14 but I'm not sure I can do it until the delivery deadline. Would appreciate help. :zzz: