use*_*462 5 java ssl certificate-revocation x509certificate
我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销.我已成功实现了一个java.security.cert.X509CRL,但我在检索会话证书时遇到问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession属于javax.net.ssl 包,其方法getPeerCertificateChain()返回一个javax.security.cert.X509Certificate[],无法转换为java.security.cert.X509Certificate[]我需要提供的包java.security.cert.X509CRL.怎么做到呢?
MGo*_*gon 10
javax.security.cert.X509Certificate已弃用.获得java.security.cert.Certificate[]通过session.getPeerCertificates();,然后把它传递给你的crl.isRevoked实现.
也可以看看:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificateChain()
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates()
存在包javax.security.cert中的类,以便与早期版本的Java安全套接字扩展(JSSE)兼容.相反,新应用程序应使用位于java.security.cert中的标准Java SE证书类.
你可以转换java.security.cert.Certificate为java.security.cert.X509Certificate(来源):
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
| 归档时间: |
|
| 查看次数: |
4556 次 |
| 最近记录: |