我希望能够通过校验证书撤销列表(CRL)来验证客户端提供的X509证书,从而判断它是否已被吊销。
我已经成功实例化了java.security.cert.X509CRL
,但是在检索会话证书方面遇到了问题:
try {
SSLSocket s = (SSLSocket) serverSocket.accept();
s.setSoTimeout(TIMEOUT_RW * 1000);
s.startHandshake();
SSLSession session = s.getSession();
X509Certificate[] cert = session.getPeerCertificateChain();
if (crl.isRevoked(cert[0])) {
System.err.println("Attempted to stablish connection using revoked certificate");
} else {
...
}
} catch (Exception ex) {
System.err.println("Something went wrong");
}
SSLSession属于javax.net.ssl
包,它的方法getPeerCertificateChain()
返回一个javax.security.cert.X509Certificate[]
,但我需要的是java.security.cert.X509Certificate[]
类型的证书链,以便用于java.security.cert.X509CRL
中。如何实现呢?
Certificate
是抽象类 - 我敢打赌cert [0]
是X509Certificate
类的实例。只需检查并转换即可。 - MGorgonX509Certificate[] convertCertificates(Certificate[] certsIn)
方法:https://groups.google.com/forum/#!topic/android-developers/HCiHwBKOsrI - MGorgon