How to get information about an APNS push certificate programmatically?

Question

Is there any java library that enables us to find if the p12 certificate is a proper Apple push certificate?

I use X509Certificate class to check for its validity, but did not find any info about the type of the cert.

Answer 1

I'm not sure if an APNS certificate can actually be distinguished from any other certificate.

However, to check the authenticity of a given certificate, that is, to verify it is trustworthy, its certificate chain needs to be inspected to make sure that it contains a kown, trusted certificate. This usually is one issued by a Certificate Authority.

In the case of the APNS, according to this source and the Apple docs, a certificate from the "Entrust Secure CA" is required to be in the chain. This certificate is supposed to be 'well-known' and can (with a possible minor degradation of long-term security) usually be regarded as a constant during the lifetime of an application; your application can then just compare its known certificate to the one present in the keychain of the certificate in question.

And finally: The crypto library from Bouncy Castle is the de-facto standard implementation of extended crypto functionality for Java and can also be used to inspect and/or validate certificates and their signatures.