将CRL添加到CertPathValidator

时间:2018-02-15 11:21:28

标签: java x509certificate bouncycastle

如何通过CertPathValidator轻松将撤销的证书附加到证书验证?

这是我目前的代码:

public boolean validateCertificate(X509Certificate certificate) {
    try {
        // Create trust anchor from current CA X509Certificate
        TrustAnchor trustAnchor = new TrustAnchor(this.getCACertificate(), null);

        // This is the certificate which should be validated
        CertPath cp = CertificateFactory.getInstance("X.509").generateCertPath(Collections.singletonList(certificate));
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

        // TODO: Add the list with the revoked certificates 
        List<X509Certificate> crl = new ArrayList<>();

        PKIXParameters pkixParams = new PKIXParameters(Collections.singleton(trustAnchor));
        pkixParams.setRevocationEnabled(false);

        CertPathValidatorResult result = cpv.validate(cp, pkixParams);
        return true;
    } catch (Exception e) {
        // e.printStackTrace();
        return false;
    }
}

我阅读了很多,但我没有找到任何简单的解决方案,因为我目前没有使用KeyStoreCertStore

提前致谢!

0 个答案:

没有答案