我正在尝试编写一种方法,在给定连接和搜索 LDAP 的信息(例如主机名、基本 DN 等)的情况下,可以检索包含 CA 证书的属性(“caCertificate”属性) .
我已经看到了一些关于如何做到这一点的建议,但到目前为止还无法让其中一个工作。
我认为我能够进行 LDAP 搜索和检索,但无法弄清楚如何处理作为证书属性值的字节数组。
这是我认为有效的部分的片段:
Date theReturnedDate = null;
String base = "ou=CAs,dc=test,dc=com";
String filter = "(objectclass=CertificationAuthority)";
System.out.println("In LDAPUpdate.checkReadLdap: Entering, theLdapCn = [" + theLdapCn + "]...");
Hashtable envRead = new Hashtable(11);
envRead.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
envRead.put(Context.PROVIDER_URL, "ldap://my.test.ldap:389");
envRead.put(Context.SECURITY_AUTHENTICATION, "simple");
envRead.put(Context.SECURITY_PRINCIPAL, "cn=admin,ou=people,dc=test,dc=com");
envRead.put(Context.SECURITY_CREDENTIALS, "xxx");
//specify attributes to be returned in binary format
envRead.put("java.naming.ldap.attributes.binary","caCertificate");
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[]={"caCertificate"};
searchCtls.setReturningAttributes(returnedAtts);
DirContext ctx = null;
try
{
// Create the initial directory context
InitialDirContext initialContext = new InitialDirContext(envRead);
ctx = (DirContext)initialContext;
System.out.println("Context Sucessfully Initialized");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(base, filter, constraints);
while(results != null && results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
String dn = sr.getName() + "," + base;
System.out.println("Distinguished Name is " + dn);
Attributes ar = ctx.getAttributes(dn, returnedAtts);
if(ar == null)
{
System.out.println("Entry " + dn);
System.out.println(" has none of the specified attributes\n");
}
else
{
System.out.println("In LDAPUpdate.readCheckLdap: returnedAtts.length=[" + returnedAtts.length + "]");
for(int i=0; i<returnedAtts.length; i++)
{
Attribute attr = ar.get(returnedAtts[i]);
System.out.println(returnedAtts[i] + ":");
for(Enumeration vals=attr.getAll(); vals.hasMoreElements();)
{
System.out.println("\t" + vals.nextElement());
}
}
}
}
}
catch(Exception e)
{
System.err.println(e);
}
谁能告诉我如何完成我需要的其余操作,即获取随 CA 证书返回的属性并将其转换为 X509Certificate 对象?
最佳答案
Can anyone tell how to do the rest of what I need, i.e., to take the attribute that is returning with the CA certificate and turn it into an
X509Certificate
object?
类似这样的事情:
import java.io.ByteArrayInputStream;
import java.security.cert.*;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(bytes));
E&OE
关于java - 如何从 LDAP 服务器 (Java) 读取证书属性 (caCertificate)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37805145/