如何在Java中验证PEM格式的证书

发布于 2024-11-15 05:49:15 字数 229 浏览 15 评论 0原文

我有 PEM 格式文件，如何验证 Java 中的签名，正如我所遵循的 http://download.oracle.com/javase/tutorial/security/apisign/versig.html 但发现Java不支持PEM

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

纵情客 2024-11-22 05:49:15

您可以使用 BouncyCastle 的 PEMReader 读取 PEM 文件中的证书。如果内容是 X.509 证书，您应该获取 X509Certificate 的实例，并根据需要从那里验证它。

：代码应如下所示（未尝试）：（

// The key with which you want to verify the cert.
// This is probably a CA certificate's public key.
PublicKey publicKey = ...;

PEMReader reader = new PEMReader(new FileReader("/path/to/file.pem"));
Object pemObject = reader.readObject();
if (pemObject instanceof X509Certificate) {
    X509Certificate cert = (X509Certificate)pemObject;
    cert.checkValidity(); // to check it's valid in time
    cert.verify(publicKey); // verify the sig. using the issuer's public key
}

当然，与任何 I/O 操作一样，您可能需要使用 try/finally 关闭阅读器。）

编辑 checkValidity 和 verify 不会返回任何内容：相反，如果失败，它们会抛出异常。

You can read a certificate in a PEM file using BouncyCastle's PEMReader. If the content is an X.509 certificate, you should get an instance of X509Certificate and verify it as you want from there.

EDIT: Here is what the code should look like (not tried):

// The key with which you want to verify the cert.
// This is probably a CA certificate's public key.
PublicKey publicKey = ...;

PEMReader reader = new PEMReader(new FileReader("/path/to/file.pem"));
Object pemObject = reader.readObject();
if (pemObject instanceof X509Certificate) {
    X509Certificate cert = (X509Certificate)pemObject;
    cert.checkValidity(); // to check it's valid in time
    cert.verify(publicKey); // verify the sig. using the issuer's public key
}

(Of course, as with any I/O operations, you'll need to close the reader perhaps with try/finally.)

Note that checkValidity and verify don't return anything: instead, they throw exceptions if when they fail.

回复收藏 0 原文

~没有更多了~