java - 使用 Bouncy-Castle 库从证书中读取 SubjectAlternativeNames
问题描述
我正在使用bouncy-castle
图书馆制作一个TLS-Handshake
并Web-Server
获取公共证书。下面是我的代码
private org.bouncycastle.asn1.x509.Certificate[] certificateList;
public static void main(String... args) {
new BCMain().testBCTLS();
}
private void testBCTLS() {
try {
Socket s = new Socket(InetAddress.getByName(WEB_SERVER), WEB_SERVER_PORT);
//TlsProtocolHandler tlsHandler = new TlsProtocolHandler(s.getInputStream(), s.getOutputStream());
TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(), new SecureRandom());
TlsClient client = new DefaultTlsClient() {
private Boolean connectionStatus = Boolean.FALSE;
@Override
public TlsAuthentication getAuthentication() throws IOException {
return new ServerOnlyTlsAuthentication() {
public void notifyServerCertificate(Certificate serverCertificate)
throws IOException {
certificateList = serverCertificate.getCertificateList();
}
};
}
@Override
public Hashtable getClientExtensions() throws IOException {
Hashtable clientExtensions = super.getClientExtensions();
clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientExtensions);
Vector<ServerName> serverNames = new Vector(1);
serverNames.add(new ServerName(NameType.host_name, SNI_HOST_NAME));
TlsExtensionsUtils.addServerNameExtension(clientExtensions, new ServerNameList(serverNames));
return clientExtensions;
}
public Boolean getConnectionStatus() {
return connectionStatus;
}
};
protocol.connect(client);
if (this.certificateList!=null) {
org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];
System.out.println(certificate.getSubject());
}
InputStream is = protocol.getInputStream();
System.out.println(is);
} catch (Exception e) {
e.printStackTrace();
}
}
我想Subject Alternative Names
从那个公共证书中提取
JDK的X509Certificate有提取方法SubjectAlternativeNames
。但我想从bouncy-castle
证书中得到相同的结果。
有人可以帮忙吗?
解决方案
我能够从库中提取Subject-Alternative-Names
usingX509CertificateHolder
和JcaX509CertificateConverter
classes BouncyCastle
.. 继续上面的代码
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
if (this.certificateList!=null) {
org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];
X509CertificateHolder holder = new X509CertificateHolder(certificate.getEncoded());
X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(holder);
Collection<List<?>> sanCollections = x509Certificate.getSubjectAlternativeNames();
}
推荐阅读
- google-cloud-platform - GCP AI Notebook Platform ModuleNotFoundError
- javascript - 管理角色用户 - [Angular]
- flutter - Flutter ''http'' 总是给我 503 状态码
- r - 如何将列标题及其值拆分为长格式的单独列
- php - PHP Dotenv 的路径问题
- python - Pandas 获取给定字符串的 1 和 0 序列
- java - 是否可以构造一个 Java 流表达式来返回一个 2D 布尔数组,所有值都设置为 true?
- ballerina - 尝试运行新的芭蕾舞女演员项目时出现 IOException
- reactjs - 如何在悬停时更改样式组件的前内容 [emotion.js,样式组件]
- ios - UICollectionView 流布局未定义