我正在使用 bouncy caSTLe 1.48 通过 OCSP 验证证书验证。效果很好。
但我使用 Ocsp Url 作为静态变量,我想从证书中读取它。证书中的 URL 写为Authority Info Access
[1]Authority Info Access
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
Alternative Name:
URL=http://ocsp.mydomain
我从证书中获取了org.bouncycaSTLe.asn1.x509.AuthorityInformationAccess对象
byte[] octetBytes = certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId());
ASN1InputStream octetStream = new ASN1InputStream(octetBytes);
byte[] encoded = X509ExtensionUtil.fromExtensionValue(octetBytes).getEncoded();
ASN1Sequence seq = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(encoded));
AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(seq);
其中写入AuthorityInformationAccess: Oid(1.3.6.1.5.5.7.48.1)但无法从那里获取Url
最佳答案
我找到了路。
private String getOcspUrl(X509Certificate certificate) throws Exception {
byte[] octetBytes = certificate
.getExtensionValue(X509Extension.authorityInfoAccess.getId());
DLSequence dlSequence = null;
ASN1Encodable asn1Encodable = null;
try {
ASN1Primitive fromExtensionValue = X509ExtensionUtil
.fromExtensionValue(octetBytes);
if (!(fromExtensionValue instanceof DLSequence))
return null;
dlSequence = (DLSequence) fromExtensionValue;
for (int i = 0; i < dlSequence.size(); i++) {
asn1Encodable = dlSequence.getObjectAt(i);
if (asn1Encodable instanceof DLSequence)
break;
}
if (!(asn1Encodable instanceof DLSequence))
return null;
dlSequence = (DLSequence) asn1Encodable;
for (int i = 0; i < dlSequence.size(); i++) {
asn1Encodable = dlSequence.getObjectAt(i);
if (asn1Encodable instanceof DERTaggedObject)
break;
}
if (!(asn1Encodable instanceof DERTaggedObject))
return null;
DERTaggedObject derTaggedObject = (DERTaggedObject) asn1Encodable;
byte[] encoded = derTaggedObject.getEncoded();
if (derTaggedObject.getTagNo() == 6) {
int len = encoded[1];
return new String(encoded, 2, len);
}
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
关于Java Bouncy CaSTLe OCSP 网址,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16058889/