针对Java中的CA验证X.509证书

我假设您的CA的自签名证书已按以下方式加载：

CertificateFactory cf = CertificateFactory.getInstance("X.509");   FileInputStream finStream = new FileInputStream("CACertificate.pem"); X509Certificate caCertificate = (X509Certificate)cf.generateCertificate(finStream);

然后在检查证书的方法中：

@Override         public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)  throws CertificateException { if (certs == null || certs.length == 0) {        throw new IllegalArgumentException("null or zero-length certificate chain");   } if (authType == null || authType.length() == 0) {   throw new IllegalArgumentException("null or zero-length authentication type");    }   //Check if certificate send is your CA's    if(!certs[0].equals(caCertificate)){         try         {   //Not your CA's. Check if it has been signed by your CA  certs[0].verify(caCertificate.getPublicKey())         }         catch(Exception e){      throw new CertificateException("Certificate not trusted",e);         }    }    //If we end here certificate is trusted. Check if it has expired.       try{          certs[0].checkValidity();      }      catch(Exception e){ throw new CertificateException("Certificate not trusted. It has expired",e);      }  }

免责声明： 甚至没有尝试编译代码