When verifying, configured keystore is not used directly but its copy. And keys don't get copied (in getCertAliases(KeyStore) method there is: if (tmpKs.isCertificateEntry(tmpAlias))). So I can't validate against key. That's probably OK and I'm probably a bit confused about keys purpose. But I've also noticed that Adobe Reader do validates against keys.
Can you, please, explain me this behavior?
Thnaks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You are right. If the Acrobat verifies against keys we should do the same.
The problem could come when the key is not exportable from the original keystore. Maybe it's enough to skip such keys.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi!
I've noticed following situation:
When verifying, configured keystore is not used directly but its copy. And keys don't get copied (in getCertAliases(KeyStore) method there is: if (tmpKs.isCertificateEntry(tmpAlias))). So I can't validate against key. That's probably OK and I'm probably a bit confused about keys purpose. But I've also noticed that Adobe Reader do validates against keys.
Can you, please, explain me this behavior?
Thnaks!
You are right. If the Acrobat verifies against keys we should do the same.
The problem could come when the key is not exportable from the original keystore. Maybe it's enough to skip such keys.
How to detect this case?