我试图通过在.crl文件中搜索其条目来检查某个证书是否已被撤销。为此我使用了一个简单的代码,只需点击一个按钮。下载.crl文件,然后在其中搜索一个证书的序列号。
使用X509CRL。
问题是,方法getRevokedCertificate 总是返回null ,虽然我确定撤销证书的序列号在.crl文件中。我确定,因为方法crl.getRevokedCertificates().toString()打印了一些条目,我从中获取序列号。
下面的代码是可复制的,在Android Studio中制作。需要一个唯一的按钮。
public void getCRL(View view) throws IOException {
// Force downloading on main thread
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
// Where is the crl?
String stURL = "http://www.trustcenter.de/crl/v2/tcclass0.crl";
URL url = new URL(stURL);
// Open connection
HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
try {
// Get .crtFile
InputStream in = new BufferedInputStream(urlConnection.getInputStream());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(in);
Log.d("All revoked: ", crl.getRevokedCertificates().toString());
// Test what certificate? Serial number
String STcertSN = "550B00010002F12E05BFE98E3627";
BigInteger certSN = new BigInteger(STcertSN,16);
Log.d("Serial number in decimal: ", certSN.toString());
// See if revoked
X509CRLEntry isRevoked = crl.getRevokedCertificate(certSN);
if (isRevoked != null) {
Log.d("Revoking: ", isRevoked.toString());
} else {
Log.d("Revoing: ","Was not revoked");
}
} catch (Exception e) {
Log.e("uri","Failed at everything");
}
finally {
urlConnection.disconnect();
}
}
修改 我现在在Eclipse中尝试过相同的代码。代码似乎工作正常 - 我收到有关找到的已撤销证书的消息。
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
public class crt {
public static void main(String[] args) {
System.out.println("hello");
try {
getCRL();
} catch (IOException e) {
e.printStackTrace();
}
}
public static void getCRL() throws IOException {
// Where is the crl?
String stURL = "http://www.trustcenter.de/crl/v2/tcclass0.crl";
URL url = new URL(stURL);
// Open connection
HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
try {
// Get .crtFile
InputStream in = new BufferedInputStream(urlConnection.getInputStream());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(in);
System.out.println("All revoked: " + crl.getRevokedCertificates().toString());
// Test what certificate? Serial number
String STcertSN = "550B00010002F12E05BFE98E3627";
BigInteger certSN = new BigInteger(STcertSN,16);
System.out.println("Serial number in decimal: "+ certSN.toString());
// See if revoked
X509CRLEntry isRevoked = crl.getRevokedCertificate(certSN);
if (isRevoked != null) {
System.out.println("FOUND REVOKED CERTIFICATE ALARM!: "+ isRevoked.toString());
} else {
System.out.println("Revoing: "+"Was not revoked");
}
} catch (Exception e) {
System.out.println("uri" +"Failed at everything");
}
finally {
urlConnection.disconnect();
}
}
}
如果这是Android中的错误,我该如何举报?