获取证书父母的URL(JAVA)

时间:2016-02-05 09:31:18

标签: java android certificate

我有leaf certificate。使用openssl我会看到字段:

Authority Information Access: 
                CA Issuers - URI:http://pki...parentCert.crt
                OCSP - URI:http://ocsp...com/

如何使用URL获取此父JAVA

我正在使用bouncyCastle和标准版本的libs。我试过了x509Certificate.getAlternativeNames等等......

我需要在线获取所有家长证书并验证它们。

1 个答案:

答案 0 :(得分:1)

我终于找到了解决方案!     如果有人遇到这样的麻烦,那将是有用的。     此代码打印授权信息访问扩展。

import sun.security.util.ObjectIdentifier;
import sun.security.x509.X509CertImpl;
import java.util.regex.Matcher;  
import java.util.regex.Pattern;

class readCert{

    public boolean isExtAuthorityInfoAccess(Extension ext){
        Pattern re = Pattern.compile("\\bcaIssuers\\b",Pattern.CASE_INSENSITIVE);
        Matcher m = re.matcher(ext.toString());
        if (m.find()) {
            return true;
        } else {
            return false;
        }
    };

    public static List<String> getAuthorityInfoAccesssUrls(String text)
    {
        List<String> containedUrls = new ArrayList<String>();
        Pattern pattern = Pattern.compile(
                "(?:^|[\\W])((ht|f)tp(s?):\\/\\/|www\\.)"
                        + "(([\\w\\-]+\\.){1,}?([\\w\\-.~]+\\/?)*"
                        + "[\\p{Alnum}.,%_=?&#\\-+()\\[\\]\\*$~@!:/{};']*)",
                Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
        Matcher urlMatcher = pattern.matcher(text);
        while (urlMatcher.find())
        {
            containedUrls.add(text.substring(urlMatcher.start(0),
                    urlMatcher.end(0)));
        }
        return containedUrls;
    };

    public static void main(String[] args) {

        readCert rc = new readCert();

        try {
            File file = new File("yourcert.crt");
            byte[] encCert = new byte[(int) file.length()];
            FileInputStream fis = new FileInputStream(file);
            fis.read(encCert);
            fis.close();

            InputStream in = new ByteArrayInputStream(encCert);
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);

            X509CertImpl impl = (X509CertImpl)cert;
            int extnum = 0;
            if (cert.getNonCriticalExtensionOIDs() != null) {
                for (String extOID : cert.getNonCriticalExtensionOIDs()) {
                    Extension ext = impl.getExtension(new ObjectIdentifier(extOID));
                    if (ext != null) {
                        if (rc.isExtAuthorityInfoAccess(ext)) {
                            System.out.println(rc.getAuthorityInfoAccesssUrls(ext.toString()));
                            // System.out.println("#"+(++extnum)+": "+ ext.toString());
                            // CA ISSUERS ARE HERE
                        }
                    }
                }
            }
        } catch (  Exception e) {
            e.printStackTrace();
          };
    }
}
相关问题
最新问题