Validating saved smime messages

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Validating saved smime messages

This post has NOT been accepted by the mailing list yet.
Hello, I have a problem with smime messages validation.

I have a folder with saved smime eml messages, each containing signature:
 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256;

I also have a folder with x509 certificates.
What I'm trying to do is following:
1. read eml file
2. read the corresponding x509 certificate with public key for this eml file.
3. validate message

I'm using SignedMailValidator calss for this purpose:

            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null); // new & empty keystore

            String path = GetCertificatePathForEmail(GetSenderEmailAddress());
            InputStream isc = new FileInputStream(new File(path));
            BufferedInputStream bisCertificate = new BufferedInputStream(isc);

           CertificateFactory cf = CertificateFactory.getInstance("X.509", BC);

            while (bisCertificate.available() > 0) {
                Certificate cert = cf.generateCertificate(bisCertificate);
                keyStore.setCertificateEntry(GetSenderEmailAddress(), cert);
            PKIXParameters param = new PKIXParameters(keyStore);

            SignedMailValidator validator = new SignedMailValidator(msg, param);

            Iterator it = validator.getSignerInformationStore().getSigners().iterator();
            while (it.hasNext()) {
                SignerInformation signer = (SignerInformation) it.next();
                SignedMailValidator.ValidationResult result = validator.getValidationResult(signer);

                if (result.isValidSignature()) {
                } else {
I'm getting following error message:
Certificate path invalid
The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation.

This is how the certificate path in my certificate looks like:
                                root CA
                                    |_> CA2
                                             |_>end point certificate

What am I doing wrong here?