javax.security.cert.X509Certificate和java.security.cert.X509Certificate之间不兼容
我想根据CRL验证客户端提供的X509证书,以查看它是否已被吊销。 我已成功实例化了javax.security.cert.X509Certificate和java.security.cert.X509Certificate之间不兼容,java,ssl,x509certificate,certificate-revocation,Java,Ssl,X509certificate,Certificate Revocation,我想根据CRL验证客户端提供的X509证书,以查看它是否已被吊销。 我已成功实例化了java.security.cert.X509CRL,但检索会话的证书时遇到问题: try { SSLSocket s = (SSLSocket) serverSocket.accept(); s.setSoTimeout(TIMEOUT_RW * 1000); s.startHandshake(); SSLSession session = s.getSession();
java.security.cert.X509CRL
,但检索会话的证书时遇到问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession属于javax.net.ssl
包,其方法getPeerCertificateChain()
返回javax.security.cert.X509Certificate[]
,无法转换为java.security.cert.X509CRL
所需的java.security.cert.X509CRL
。
如何做到这一点?
javax.security.cert.X509Certificate
已被弃用。通过session.getPeerCertificates()获取java.security.cert.Certificate[]
,然后将其传递给crl.isr
实现
另见:
java.security.cert.Certificate
转换为java.security.cert.X509Certificate
():
这个选项的问题(我考虑过)是,后来我需要使用X509Certificate的方法,所以它对我来说不够好。但是
Certificate
是抽象类-我打赌cert[0]
是X509Certificate
类的实例。检查一下,然后cast@user2891462如果没有,您可以执行如下转换实现X509Certificate[]convertCertificates(Certificate[]certsIn)
方法:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);