java – 客户端证书上的OCSP吊销
作者:互联网
如果仅使用客户端的java.security.cert.X509Certificate,如何使用OCSP手动检查java中的证书撤销状态?我看不清楚这样做的明确方法.
或者,我可以让tomcat自动为我做,你怎么知道你的解决方案是真的?
解决方法:
我发现了一个最优秀的解决方案
http://www.docjar.com/html/api/sun/security/provider/certpath/OCSP.java.html
/**
54 * This is a class that checks the revocation status of a certificate(s) using
55 * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
56 * the CertPathValidator framework. It is useful when you want to
57 * just check the revocation status of a certificate, and you don't want to
58 * incur the overhead of validating all of the certificates in the
59 * associated certificate chain.
60 *
61 * @author Sean Mullan
62 */
它有一个方法检查(X509Certificate clientCert,X509Certificate issuerCert),它可以做到这一点!
标签:java,security,tomcat,x509certificate,ocsp 来源: https://codeday.me/bug/20191004/1851926.html