[英]Incompatibility between javax.security.cert.X509Certificate and java.security.cert.X509Certificate
I want to verify the X509 certificate presented by a client against a CRL to see if it has been revoked. 我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销。 I have successfully instanciated a java.security.cert.X509CRL
, but I am having problems retrieving the certificate of the session: 我已经成功实现了java.security.cert.X509CRL
,但是我在检索会话证书时遇到了问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession belongs to the javax.net.ssl
package, and its method getPeerCertificateChain()
returns a javax.security.cert.X509Certificate[]
, which cannot be converted to the java.security.cert.X509Certificate[]
that I need to feed the java.security.cert.X509CRL
. SSLSession属于javax.net.ssl
包,其方法getPeerCertificateChain()
返回一个javax.security.cert.X509Certificate[]
,它无法转换为我需要提供的java.security.cert.X509Certificate[]
java.security.cert.X509CRL
。 How can it be done? 怎么做到呢?
javax.security.cert.X509Certificate
is deprecated. 不推荐使用javax.security.cert.X509Certificate
。 Get java.security.cert.Certificate[]
by session.getPeerCertificates();
通过session.getPeerCertificates();
获取java.security.cert.Certificate[]
session.getPeerCertificates();
, and then pass it to your crl.isRevoked
implementation. ,然后将其传递给crl.isRevoked
实现。
See also: 也可以看看:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificateChain() http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificateChain()
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates() http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates()
The classes in the package javax.security.cert exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). 存在包javax.security.cert中的类,以便与早期版本的Java安全套接字扩展(JSSE)兼容。 New applications should instead use the standard Java SE certificate classes located in java.security.cert. 相反,新应用程序应使用位于java.security.cert中的标准Java SE证书类。
You can convert java.security.cert.Certificate
to java.security.cert.X509Certificate
( source ): 您可以将java.security.cert.Certificate
转换为java.security.cert.X509Certificate
( source ):
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.