堆栈内存溢出
  简体   繁体   English

javax.security.cert.X509Certificate与java.security.cert.X509Certificate之间不兼容

[英]Incompatibility between javax.security.cert.X509Certificate and java.security.cert.X509Certificate

 原文  2014-07-06 21:22:07       java/ ssl/ x509certificate/ certificate-revocation

问题描述

I want to verify the X509 certificate presented by a client against a CRL to see if it has been revoked. 我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销。 I have successfully instanciated a java.security.cert.X509CRL , but I am having problems retrieving the certificate of the session: 我已经成功实现了java.security.cert.X509CRL ,但是我在检索会话证书时遇到了问题: 

try {
    SSLSocket s = (SSLSocket) serverSocket.accept();
    s.setSoTimeout(TIMEOUT_RW * 1000);
    s.startHandshake();
    SSLSession session = s.getSession();
    X509Certificate[] cert = session.getPeerCertificateChain();
    if (crl.isRevoked(cert[0])) {
        System.err.println("Attempted to stablish connection using revoked certificate");
    } else {
        ...
    }
} catch (Exception ex) {
    System.err.println("Something went wrong");
}

SSLSession belongs to the javax.net.ssl package, and its method getPeerCertificateChain() returns a javax.security.cert.X509Certificate[] , which cannot be converted to the java.security.cert.X509Certificate[] that I need to feed the java.security.cert.X509CRL . SSLSession属于javax.net.ssl包,其方法getPeerCertificateChain()返回一个javax.security.cert.X509Certificate[] ,它无法转换为我需要提供的java.security.cert.X509Certificate[] java.security.cert.X509CRL How can it be done? 怎么做到呢?

1 个解决方案

解决方案1
 10 已采纳  2014-07-06 21:48:52

javax.security.cert.X509Certificate is deprecated. 不推荐使用javax.security.cert.X509Certificate Get java.security.cert.Certificate[] by session.getPeerCertificates(); 通过session.getPeerCertificates();获取java.security.cert.Certificate[] session.getPeerCertificates(); , and then pass it to your crl.isRevoked implementation. ,然后将其传递给crl.isRevoked实现。

See also: 也可以看看:

The classes in the package javax.security.cert exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). 存在包javax.security.cert中的类,以便与早期版本的Java安全套接字扩展(JSSE)兼容。 New applications should instead use the standard Java SE certificate classes located in java.security.cert. 相反,新应用程序应使用位于java.security.cert中的标准Java SE证书类。

You can convert java.security.cert.Certificate to java.security.cert.X509Certificate ( source ): 您可以将java.security.cert.Certificate转换为java.security.cert.X509Certificatesource ): 

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
    X509Certificate x509 =  (X509Certificate) cf.generateCertificate(bais);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 javax.security.cert.X509Certificate vs java.security.cert.X509Certificate? - javax.security.cert.X509Certificate vs java.security.cert.X509Certificate? 新创建的java.security.cert.X509Certificate引发java.security.cert.CertificateNotYetValidException - java.security.cert.CertificateNotYetValidException thrown on newly created java.security.cert.X509Certificate 扩展 java.security.cert.X509Certificate 的正确方法是什么? - What is the proper way to extend java.security.cert.X509Certificate? 将 PEM 格式的字符串转换为 java.security.cert.X509Certificate - Convert a PEM-formatted String to a java.security.cert.X509Certificate 如何比较java.security.cert.X509Certificate的不同实现 - how to compare distinct implementations of java.security.cert.X509Certificate 将充气城堡X509Certificate转换为Java.security.cert.Certificate [] - Casting bouncy castle X509Certificate to Java.security.cert.Certificate[] javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现 - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available 错误 [Ljava.lang.Object; 将 X509Certificate 的数组列表转换为数组时,无法转换为 [Ljava.security.cert.X509Certificate - Error [Ljava.lang.Object; cannot be cast to [Ljava.security.cert.X509Certificate when converting an arraylist of X509Certificate to array 引起:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:在java(spring)中没有可用的X509TrustManager实现 - Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available in java(spring) 具有X.509证书的Spring Security - Spring Security With X.509 Certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM