我如何使用 OCSP 在 java 中手动检查证书吊销状态,只给定客户端的 java.security.cert.X509Certificate?我看不到一个明确的方法。
或者,我可以让 tomcat 自动为我做这件事吗?你怎么知道你的解决方案是正确的?
最佳答案
我找到了一个最优秀的解决方案:
http://www.docjar.com/html/api/sun/security/provider/certpath/OCSP.java.html
/**
54 * This is a class that checks the revocation status of a certificate(s) using
55 * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
56 * the CertPathValidator framework. It is useful when you want to
57 * just check the revocation status of a certificate, and you don't want to
58 * incur the overhead of validating all of the certificates in the
59 * associated certificate chain.
60 *
61 * @author Sean Mullan
62 */
它有一个方法 check(X509Certificate clientCert, X509Certificate issuerCert) 可以解决问题!
关于java - 客户端证书上的 OCSP 吊销,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5161504/