我正在尝试使用DSS框架根据其撤销状态来验证X509证书,您在哪里找到它?
我正在使用这段代码来通过CRL和OCSP验证证书。我想了解toValidateToken是否已被撤销。
CertificateToken类具有类似isSignatureValid,isExpired,isValidOn之类的方法,但没有与吊销相关的方法。
我在其他论坛中发现了一种isRevoked()方法,但我没有。我确定我已经安装了所有依赖项。
CommonCertificateSource adjunctCertificateSource = new CommonCertificateSource();
// Firstly, we load the certificate to be validated
CertificateToken toValidate = getCertificateFromSignature(documentPath);
CertificateToken toValidateToken = adjunctCertificateSource.addCertificate(toValidate);
//Configure the certificate verifier using the trust store and the intermediate certificates
//OnlineOCSPSource and OnlineCRLSource will invoke the OCSP service and CRL
//distribution point extracting the URL from the certificate
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
certificateVerifier.setAdjunctCertSource(adjunctCertificateSource);
certificateVerifier.setCrlSource(new OnlineCRLSource());
certificateVerifier.setOcspSource(new OnlineOCSPSource());
//Perform validation
CertificatePool validationPool = certificateVerifier.createValidationPool();
SignatureValidationContext validationContext = new SignatureValidationContext(validationPool);
validationContext.addCertificateTokenForVerification(toValidateToken);
validationContext.validate();
我只需要一个简单的true / false。
答案 0 :(得分:0)
Whatever the DSS framework is ...这是一篇有关如何使用CRL和OCSP检查有效性的文章:How do I check if an X509 certificate has been revoked in Java?