1. 首页
  2. 问答
  3. 获取证书父项的URL(JAVA)

获取证书父项的URL(JAVA)

2016-02-05 64 views
1

我有一个leaf certificate。使用openssl我看到字段:获取证书父项的URL(JAVA)

Authority Information Access: 
       CA Issuers - URI:http://pki...parentCert.crt 
       OCSP - URI:http://ocsp...com/

如何获得使用JAVA这个父URL

我使用bouncyCastle和标准android libs。我试过x509Certificate.getAlternativeNames等...

我需要在线获取所有父证书并验证它们。

来源

2016-02-05 Rainmaker

+0

如果我理解你的问题,你需要的是验证证书链,对不对? –

+0

是的,但我没有所有的证书链。我只有叶证书,其中包含一个父母的链接。 – Rainmaker

回答

1

我终于找到了解决方案! 如果有人陷入这样的麻烦,这将是有益的。 此代码打印授权信息访问扩展。

import sun.security.util.ObjectIdentifier; 
import sun.security.x509.X509CertImpl; 
import java.util.regex.Matcher; 
import java.util.regex.Pattern; 

class readCert{ 

    public boolean isExtAuthorityInfoAccess(Extension ext){ 
     Pattern re = Pattern.compile("\\bcaIssuers\\b",Pattern.CASE_INSENSITIVE); 
     Matcher m = re.matcher(ext.toString()); 
     if (m.find()) { 
      return true; 
     } else { 
      return false; 
     } 
    }; 

    public static List<String> getAuthorityInfoAccesssUrls(String text) 
    { 
     List<String> containedUrls = new ArrayList<String>(); 
     Pattern pattern = Pattern.compile(
       "(?:^|[\\W])((ht|f)tp(s?):\\/\\/|www\\.)" 
         + "(([\\w\\-]+\\.){1,}?([\\w\\-.~]+\\/?)*" 
         + "[\\p{Alnum}.,%_=?&#\\-+()\\[\\]\\*[email protected]!:/{};']*)", 
       Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); 
     Matcher urlMatcher = pattern.matcher(text); 
     while (urlMatcher.find()) 
     { 
      containedUrls.add(text.substring(urlMatcher.start(0), 
        urlMatcher.end(0))); 
     } 
     return containedUrls; 
    }; 

    public static void main(String[] args) { 

     readCert rc = new readCert(); 

     try { 
      File file = new File("yourcert.crt"); 
      byte[] encCert = new byte[(int) file.length()]; 
      FileInputStream fis = new FileInputStream(file); 
      fis.read(encCert); 
      fis.close(); 

      InputStream in = new ByteArrayInputStream(encCert); 
      CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 
      X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in); 

      X509CertImpl impl = (X509CertImpl)cert; 
      int extnum = 0; 
      if (cert.getNonCriticalExtensionOIDs() != null) { 
       for (String extOID : cert.getNonCriticalExtensionOIDs()) { 
        Extension ext = impl.getExtension(new ObjectIdentifier(extOID)); 
        if (ext != null) { 
         if (rc.isExtAuthorityInfoAccess(ext)) { 
          System.out.println(rc.getAuthorityInfoAccesssUrls(ext.toString())); 
          // System.out.println("#"+(++extnum)+": "+ ext.toString()); 
          // CA ISSUERS ARE HERE 
         } 
        } 
       } 
      } 
     } catch ( Exception e) { 
      e.printStackTrace(); 
      }; 
    } 
}

来源

2016-02-07 08:03:53 Rainmaker

+0

'这将是少数'意味着什么? – EJP

+0

此代码给出了父证书的链接。 – Rainmaker

+0

这意味着有用) – Rainmaker

相关问题

 相关问题