![](/img/trans.png)
[英]Check X509 certificate revocation status in Spring-Security before authenticating
[英]How to get revocation status of an X509 certificate with DSS?
我正在嘗試使用DSS框架根據其撤銷狀態來驗證X509證書,在哪里找到它?
我正在使用這段代碼來通過CRL和OCSP驗證證書。 我想了解toValidateToken
是否已被撤銷。
CertificateToken
類具有isSignatureValid
, isExpired
, isValidOn
類的方法,但沒有與吊銷相關的方法。
我在其他論壇中找到了isRevoked()
方法,但我沒有。 我確定我已經安裝了所有依賴項。
CommonCertificateSource adjunctCertificateSource = new CommonCertificateSource();
// Firstly, we load the certificate to be validated
CertificateToken toValidate = getCertificateFromSignature(documentPath);
CertificateToken toValidateToken = adjunctCertificateSource.addCertificate(toValidate);
//Configure the certificate verifier using the trust store and the intermediate certificates
//OnlineOCSPSource and OnlineCRLSource will invoke the OCSP service and CRL
//distribution point extracting the URL from the certificate
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
certificateVerifier.setAdjunctCertSource(adjunctCertificateSource);
certificateVerifier.setCrlSource(new OnlineCRLSource());
certificateVerifier.setOcspSource(new OnlineOCSPSource());
//Perform validation
CertificatePool validationPool = certificateVerifier.createValidationPool();
SignatureValidationContext validationContext = new SignatureValidationContext(validationPool);
validationContext.addCertificateTokenForVerification(toValidateToken);
validationContext.validate();
因此,我只需要一個簡單的true / false。
不論DSS框架是什么 ...這是一篇文章,如何使用CRL和OCSP檢查有效性: 如何檢查X509證書是否已在Java中吊銷?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.