![](/img/trans.png)
[英]javax.security.cert.X509Certificate vs java.security.cert.X509Certificate?
[英]Incompatibility between javax.security.cert.X509Certificate and java.security.cert.X509Certificate
我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销。 我已经成功实现了java.security.cert.X509CRL
,但是我在检索会话证书时遇到了问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession属于javax.net.ssl
包,其方法getPeerCertificateChain()
返回一个javax.security.cert.X509Certificate[]
,它无法转换为我需要提供的java.security.cert.X509Certificate[]
java.security.cert.X509CRL
。 怎么做到呢?
不推荐使用javax.security.cert.X509Certificate
。 通过session.getPeerCertificates();
获取java.security.cert.Certificate[]
session.getPeerCertificates();
,然后将其传递给crl.isRevoked
实现。
也可以看看:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificateChain()
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates()
存在包javax.security.cert中的类,以便与早期版本的Java安全套接字扩展(JSSE)兼容。 相反,新应用程序应使用位于java.security.cert中的标准Java SE证书类。
您可以将java.security.cert.Certificate
转换为java.security.cert.X509Certificate
( source ):
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.