JAVA-Android- Validating the X509Certificate Against CA Certificate(Issuer Certificate)

Question

May be this is duplicate question but i didn't get complete clarity from the previous question, that is why i am posting a new question. please have a look in to this. I will place the Ca certificate in my resource folder to authenticate ca certified certificates and same ca certificate will be there in the server also.

1. I am creating the .crt file which is not signed by any certificate and sending it to the server.
2. server will sign the .crt file using ca certificate and sending that file back to me again.
3. after receiving that signed crt file i need to verify with my ca certificate which i already have in resource folder..

I am able to create a trustmanager with my ca certificate using following code :

AssetManager assetManager = getResources().getAssets();
InputStream inputStream = null;

try {
    inputStream = assetManager.open("Issuer certificate");
    if (inputStream != null)
} catch (IOException e) {
    e.printStackTrace();
}
InputStream caInput = new BufferedInputStream(inputStream);
Certificate ca;
try {
    ca = cf.generateCertificate(caInput);
    System.out.println("ca="
            + ((X509Certificate) ca).getSubjectDN());
} finally {
    caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);

// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();

TrustManagerFactory tmf = TrustManagerFactory
        .getInstance(tmfAlgorithm);
tmf.init(keyStore);

After getting this trust manager how should i compare the crt certificate which i got from the server... My Doubt : Do i need to create another trust manager and after getting those two trust managers comparing any provider names like that??? please provide any information about this process if i am wrong.

Answer 1

Finally Able to Validate the Certificate with the following Process. I hope this will helps for others...

public void validateCertificate() throws Exception {
    try {
        String issuerCertPath = "Issuer Certifate";
        String certPath = "Issued Certificate";
        X509Certificate issuerCert = getCertFromFile(issuerCertPath);
        X509Certificate c1 = getCertFromFile(certPath);
        TrustAnchor anchor = new TrustAnchor(issuerCert, null);
        Set anchors = Collections.singleton(anchor);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        List list = Arrays.asList(new Certificate[] { c1 });
        CertPath path = cf.generateCertPath(list);
        PKIXParameters params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) validator
                .validate(path, params);
        // If
        // not
        // valid
        // will
        // throw
        System.out.println("VALID");
    } catch (Exception e) {
        System.out.println("EXCEPTION " + e.getMessage());
        e.printStackTrace();
    }
}

private X509Certificate getCertFromFile(String path) throws Exception {
    AssetManager assetManager = MyActivity.this.getResources().getAssets();
    InputStream inputStream = null;
    try {
        inputStream = assetManager.open(path);
    } catch (IOException e) {
        e.printStackTrace();
    }
    InputStream caInput = new BufferedInputStream(inputStream);
    X509Certificate cert = null;
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    cert = (X509Certificate) cf.generateCertificate(caInput);
    cert.getSerialNumber();
    return cert;
}