当前位置：文江博客话题详情

Java - 获取证书链

发布于 2024-09-24 12:28:55 字数 97 浏览 3 评论 0原文

我有一个以 Base64 编码的证书 ----- BEGIN 证书 - - - MIIGezCCBWOgAwIBA ....，如何从中获取出现在证书路径中的根证书和中间证书！

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

草莓味的萝莉 2024-10-01 12:28:55

我以前也遇到过同样的问题。您会看到，证书有一个颁发者字段，其中包含颁发者的主题。
您可以进行比较，或者/并且您可以测试签名。只有 CA 才能验证证书的签名。
像这样的事情：

//load all the ca certificates and get their public keys
caCertificate.getIssuerDN().equals(caCertificate[i].getSubjectDN());
// OR/AND

try {
   verifySignature(certificate,
        caCertificate[i].getPublicKey());
    //issuer found
}
catch (Exception e) {
    // not the issuer
}

我没有测试代码，但你明白了。

编辑：

java中有一些专门用于验证链的类。其中之一是CertPathBuilder 类。我还在研究如何使用它。我总是用错误的参数创建它，我想...

编辑2：

我正在使用一些灵感来自这个。

祝你好运

I had the same problem before. You see, the certificate have an Issuer field, which has the issuer's subject.
You can compare that, or/and you can test the signature. Only the CA can verify the certificate's signature.
Something like this:

//load all the ca certificates and get their public keys
caCertificate.getIssuerDN().equals(caCertificate[i].getSubjectDN());
// OR/AND

try {
   verifySignature(certificate,
        caCertificate[i].getPublicKey());
    //issuer found
}
catch (Exception e) {
    // not the issuer
}

I didn't test the code, but you got the idea.

EDIT:

There are some classes in java that are specially made for validating a chain. one of them is the CertPathBuilder class. I am still researching on how to use it. I always create it with the wrong parameters, i suppose...

EDIT 2:

I am using something that was inspired by this.

good luck

回复收藏 0 原文

~没有更多了~