1. 首頁
  2. 問答
  3. Java Bouncy Castle OCSP Url

Java Bouncy Castle OCSP Url

2013-04-17 134 views
2

我正在使用bouncy castle 1.48來驗證OCSP的證書驗證。它運作良好。 但我使用Ocp Url作爲靜態變量,我想從證書中讀取它。網址是寫在證書Authority Info AccessJava Bouncy Castle OCSP Url

[1]Authority Info Access 
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) 
Alternative Name: 
     URL=http://ocsp.mydomain

我從證書

byte[] octetBytes = certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId()); 
ASN1InputStream octetStream = new ASN1InputStream(octetBytes); 
byte[] encoded = X509ExtensionUtil.fromExtensionValue(octetBytes).getEncoded(); 
ASN1Sequence seq = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(encoded)); 
AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(seq);

其寫入AuthorityInformationAccess: Oid(1.3.6.1.5.5.7.48.1)org.bouncycastle.asn1.x509.AuthorityInformationAccess對象,但不能從那裏

來源

2013-04-17 Epsilon

回答

4

獲得地址我找到了辦法。

private String getOcspUrl(X509Certificate certificate) throws Exception { 
    byte[] octetBytes = certificate 
      .getExtensionValue(X509Extension.authorityInfoAccess.getId()); 

    DLSequence dlSequence = null; 
    ASN1Encodable asn1Encodable = null; 

    try { 
     ASN1Primitive fromExtensionValue = X509ExtensionUtil 
       .fromExtensionValue(octetBytes); 
     if (!(fromExtensionValue instanceof DLSequence)) 
      return null; 
     dlSequence = (DLSequence) fromExtensionValue; 
     for (int i = 0; i < dlSequence.size(); i++) { 
      asn1Encodable = dlSequence.getObjectAt(i); 
      if (asn1Encodable instanceof DLSequence) 
       break; 
     } 
     if (!(asn1Encodable instanceof DLSequence)) 
      return null; 
     dlSequence = (DLSequence) asn1Encodable; 
     for (int i = 0; i < dlSequence.size(); i++) { 
      asn1Encodable = dlSequence.getObjectAt(i); 
      if (asn1Encodable instanceof DERTaggedObject) 
       break; 
     } 
     if (!(asn1Encodable instanceof DERTaggedObject)) 
      return null; 
     DERTaggedObject derTaggedObject = (DERTaggedObject) asn1Encodable; 
     byte[] encoded = derTaggedObject.getEncoded(); 
     if (derTaggedObject.getTagNo() == 6) { 
      int len = encoded[1]; 
      return new String(encoded, 2, len); 
     } 
    } catch (IOException e) { 
     e.printStackTrace(); 
    } 
    return null; 
}

來源

2013-04-18 10:33:02 Epsilon

0

這是我做的:

private String getOcspUrlFromCertificate(X509Certificate cert) { 
    byte[] extensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); 

    try { 
     ASN1Sequence asn1Seq = (ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue); // AuthorityInfoAccessSyntax 
     Enumeration<?> objects = asn1Seq.getObjects(); 

     while (objects.hasMoreElements()) { 
      ASN1Sequence obj = (ASN1Sequence) objects.nextElement(); // AccessDescription 
      DERObjectIdentifier oid = (DERObjectIdentifier) obj.getObjectAt(0); // accessMethod 
      DERTaggedObject location = (DERTaggedObject) obj.getObjectAt(1); // accessLocation 

      if (location.getTagNo() == GeneralName.uniformResourceIdentifier) { 
       DEROctetString uri = (DEROctetString) location.getObject(); 
       String str = new String(uri.getOctets()); 
       if (oid.equals(X509ObjectIdentifiers.id_ad_ocsp)) { 
        return str; 
       } 
      } 
     } 
    } catch (Exception e) { 
     logger.error("Error", e); 
    } 

    return null; 
}

來源

2016-10-26 17:51:29

相關問題

 相關問題