[英]Incompatibility between javax.security.cert.X509Certificate and java.security.cert.X509Certificate
我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销。 我已经成功实现了java.security.cert.X509CRL ,但是我在检索会话证书时遇到了问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession属于javax.net.ssl包,其方法getPeerCertificateChain()返回一个javax.security.cert.X509Certificate[] ,它无法转换为我需要提供的java.security.cert.X509Certificate[] java.security.cert.X509CRL 。 怎么做到呢?
不推荐使用javax.security.cert.X509Certificate 。 通过session.getPeerCertificates();获取java.security.cert.Certificate[] session.getPeerCertificates(); ,然后将其传递给crl.isRevoked实现。
也可以看看:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificateChain()
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates()
存在包javax.security.cert中的类,以便与早期版本的Java安全套接字扩展(JSSE)兼容。 相反,新应用程序应使用位于java.security.cert中的标准Java SE证书类。
您可以将java.security.cert.Certificate转换为java.security.cert.X509Certificate ( source ):
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
javax.security.cert.X509Certificate vs java.security.cert.X509Certificate?
[英]javax.security.cert.X509Certificate vs java.security.cert.X509Certificate?
新创建的java.security.cert.X509Certificate引发java.security.cert.CertificateNotYetValidException
[英]java.security.cert.CertificateNotYetValidException thrown on newly created java.security.cert.X509Certificate
扩展 java.security.cert.X509Certificate 的正确方法是什么?
[英]What is the proper way to extend java.security.cert.X509Certificate?
将 PEM 格式的字符串转换为 java.security.cert.X509Certificate
[英]Convert a PEM-formatted String to a java.security.cert.X509Certificate
如何比较java.security.cert.X509Certificate的不同实现
[英]how to compare distinct implementations of java.security.cert.X509Certificate
将充气城堡X509Certificate转换为Java.security.cert.Certificate []
[英]Casting bouncy castle X509Certificate to Java.security.cert.Certificate[]
javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现
[英]javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
错误 [Ljava.lang.Object; 将 X509Certificate 的数组列表转换为数组时,无法转换为 [Ljava.security.cert.X509Certificate
[英]Error [Ljava.lang.Object; cannot be cast to [Ljava.security.cert.X509Certificate when converting an arraylist of X509Certificate to array
引起:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:在java(spring)中没有可用的X509TrustManager实现
[英]Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available in java(spring)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.