javax.security.cert.X509Certificate与java.security.cert.X509Certificate之间不兼容

时间:2014-07-06 21:22:07

标签: java ssl x509certificate certificate-revocation

我想验证客户端针对CRL提供的X509证书,看看它是否已被撤销。 我已成功实现java.security.cert.X509CRL,但我在检索会话证书时遇到问题:

try {
    SSLSocket s = (SSLSocket) serverSocket.accept();
    s.setSoTimeout(TIMEOUT_RW * 1000);
    s.startHandshake();
    SSLSession session = s.getSession();
    X509Certificate[] cert = session.getPeerCertificateChain();
    if (crl.isRevoked(cert[0])) {
        System.err.println("Attempted to stablish connection using revoked certificate");
    } else {
        ...
    }
} catch (Exception ex) {
    System.err.println("Something went wrong");
}

SSLSession属于javax.net.ssl包,其方法getPeerCertificateChain()返回javax.security.cert.X509Certificate[],无法转换为我需要提供java.security.cert.X509Certificate[]的{​​{1}} }}。 怎么办呢?

1 个答案:

答案 0 :(得分:9)

javax.security.cert.X509Certificate已弃用。从java.security.cert.Certificate[]获取session.getPeerCertificates();,然后将其传递给crl.isRevoked实施。

另见:

  

包javax.security.cert中的类存在   与早期版本的Java安全套接字兼容   扩展(JSSE)。新应用程序应该使用该标准   Java SE证书类位于java.security.cert。

您可以将java.security.cert.Certificate转换为java.security.cert.X509Certificatesource):

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
    X509Certificate x509 =  (X509Certificate) cf.generateCertificate(bais);