Question

我有一个证书链作为编码的byte [] []数组进行验证。我还有一个信任库文件。

从该字节数组[] []创建X509Certificate []并初始化trustmanager之后，我如何告诉TrustManager验证X509Certificate []？这样做的正确方法是什么？

感谢。

示例代码：

int certVerify(byte certChain[][])
{
   CertificateFactory cf = CertificateFactory.getInstance("X509");
   X509Certificate certx[] = new X509Certificate[10];
   for(int i=0;i<certChain.length;i++)
   {
     certx[i] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certChain[i]));
   }

   KeyStore keyStore = KeyStore.getInstance("JKS");
   keyStore.load( new FileInputStream("cacerts.jks"),"123456".toCharArray());

   TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
   trustManagerFactory.init(keyStore);
}

Answer 1

有关如何实施一个here

的一些很好的信息

或者你可以按照here

的说明使用BouncyCastle API

从truststore

1 个答案: