时间戳

首页 > 解决方案 > 使用 Bouncy-Castle 库从证书中读取 SubjectAlternativeNames

java - 使用 Bouncy-Castle 库从证书中读取 SubjectAlternativeNames

问题描述

我正在使用bouncy-castle图书馆制作一个TLS-HandshakeWeb-Server获取公共证书。下面是我的代码

 private org.bouncycastle.asn1.x509.Certificate[] certificateList;

    public static void main(String... args) {
        new BCMain().testBCTLS();
    }

    private void testBCTLS() {
        try {
            Socket s = new Socket(InetAddress.getByName(WEB_SERVER), WEB_SERVER_PORT);
            //TlsProtocolHandler tlsHandler = new TlsProtocolHandler(s.getInputStream(), s.getOutputStream());

            TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(), new SecureRandom());

            TlsClient client = new DefaultTlsClient() {
                private Boolean connectionStatus = Boolean.FALSE;

                @Override
                public TlsAuthentication getAuthentication() throws IOException {


                    return new ServerOnlyTlsAuthentication() {

                        public void notifyServerCertificate(Certificate serverCertificate)
                                throws IOException {

                            certificateList = serverCertificate.getCertificateList();
                        }
                    };
                }

                @Override
                public Hashtable getClientExtensions() throws IOException {
                    Hashtable clientExtensions = super.getClientExtensions();
                    clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientExtensions);
                    Vector<ServerName> serverNames = new Vector(1);
                    serverNames.add(new ServerName(NameType.host_name, SNI_HOST_NAME));

                    TlsExtensionsUtils.addServerNameExtension(clientExtensions, new ServerNameList(serverNames));

                    return clientExtensions;

                }

                public Boolean getConnectionStatus() {
                    return connectionStatus;
                }

            };

            protocol.connect(client);

            if (this.certificateList!=null) {
                org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];

                System.out.println(certificate.getSubject());
            }

            InputStream is = protocol.getInputStream();
            System.out.println(is);


        } catch (Exception e) {
            e.printStackTrace();
        }


    }

我想Subject Alternative Names从那个公共证书中提取

JDK的X509Certificate有提取方法SubjectAlternativeNames。但我想从bouncy-castle证书中得到相同的结果。

有人可以帮忙吗?

标签: javasslbouncycastle

解决方案

我能够从库中提取Subject-Alternative-NamesusingX509CertificateHolderJcaX509CertificateConverterclasses BouncyCastle.. 继续上面的代码

import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;


if (this.certificateList!=null) {
     org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];
     X509CertificateHolder holder = new X509CertificateHolder(certificate.getEncoded());
     X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(holder);
     Collection<List<?>> sanCollections = x509Certificate.getSubjectAlternativeNames();
}

推荐阅读