从truststore

时间:2015-04-29 17:50:07

标签: java ssl x509certificate keystore truststore

我有一个证书链作为编码的byte [] []数组进行验证。我还有一个信任库文件。

从该字节数组[] []创建X509Certificate []并初始化trustmanager之后,我如何告诉TrustManager验证X509Certificate []?这样做的正确方法是什么?

感谢。

示例代码:

int certVerify(byte certChain[][])
{
   CertificateFactory cf = CertificateFactory.getInstance("X509");
   X509Certificate certx[] = new X509Certificate[10];
   for(int i=0;i<certChain.length;i++)
   {
     certx[i] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certChain[i]));
   }

   KeyStore keyStore = KeyStore.getInstance("JKS");
   keyStore.load( new FileInputStream("cacerts.jks"),"123456".toCharArray());

   TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
   trustManagerFactory.init(keyStore);
}

1 个答案:

答案 0 :(得分:1)

有关如何实施一个here

的一些很好的信息

或者你可以按照here

的说明使用BouncyCastle API