我假设您的CA的自签名证书已按以下方式加载:
CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream finStream = new FileInputStream("CACertificate.pem"); X509Certificate caCertificate = (X509Certificate)cf.generateCertificate(finStream);然后在检查证书的方法中:
@Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { throw new IllegalArgumentException("null or zero-length certificate chain"); } if (authType == null || authType.length() == 0) { throw new IllegalArgumentException("null or zero-length authentication type"); } //Check if certificate send is your CA's if(!certs[0].equals(caCertificate)){ try { //Not your CA's. Check if it has been signed by your CA certs[0].verify(caCertificate.getPublicKey()) } catch(Exception e){ throw new CertificateException("Certificate not trusted",e); } } //If we end here certificate is trusted. Check if it has expired. try{ certs[0].checkValidity(); } catch(Exception e){ throw new CertificateException("Certificate not trusted. It has expired",e); } }免责声明: 甚至没有尝试编译代码
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)