如何在没有authorityRevocationList的情况下在LDAP中添加CA证书条目?

时间:2015-08-17 12:38:05

标签: java ldap

我正在尝试在没有authorityRevocationList的情况下添加CA证书条目。 但是我得到了这个错误:

  

javax.naming.directory.SchemaViolationException:[LDAP:错误代码65 - 对象类'certificationAuthority'需要属性'authorityRevocationList']

但据我所知,authorityRevocationList属性不是强制性

这是我的代码:

    FileInputStream fr = new FileInputStream("jack.cer");
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    X509Certificate crt = (X509Certificate) cf.generateCertificate(fr);

    Attribute oc = new BasicAttribute("objectClass");
    oc.add("person");
    oc.add("inetOrgPerson");
    oc.add("certificationAuthority");
    Attributes entry = new BasicAttributes();
    String entryDN=""Cn=test,dc=maxcrc,dc=com";
    entry.put("sn", entryDN);
    entry.put("cACertificate;binary", crt.getEncoded());
    entry.put(oc);
    try {
        ctx.createSubcontext(entryDN, entry);
    } catch (NamingException e) {
        e.printStackTrace();
    }

任何帮助都将不胜感激。

1 个答案:

答案 0 :(得分:0)

我通过使用pkiCA对象类而不是certificationAuthority对象类解决了这个问题。这是工作代码。

FileInputStream fr = new FileInputStream("jack.cer");
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate crt = (X509Certificate) cf.generateCertificate(fr);

Attribute oc = new BasicAttribute("objectClass");
oc.add("person");
oc.add("inetOrgPerson");
oc.add("pkiCA");
Attributes entry = new BasicAttributes();
String entryDN=""Cn=test,dc=maxcrc,dc=com";
entry.put("sn", entryDN);
entry.put("cACertificate;binary", crt.getEncoded());
entry.put(oc);
try {
    ctx.createSubcontext(entryDN, entry);
} catch (NamingException e) {
    e.printStackTrace();
}
相关问题
最新问题