java - 如何从 Java X509 证书获取 BasicConstraints 扩展
问题描述
我想阅读 Java X509Certificate 中的扩展 BasicConstraints (证书实现来自默认 JCE,所以它是sun.security.x509.X509CertImpl)。
我想获取 BasicConstraint 扩展值来检查它是否是 CA :
X509Certificate certificate = ...
byte[] basicConstraint = certificate.getExtensionValue("2.5.29.19");
但这给了我包含DEROctetString的字节数组。展开后,我得到 2 个字节的字节数组。但是扩展名BasicConstraint似乎被定义为:
BasicConstraints := SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
我已经看过X509Certificate::getBasicConstraints()返回一个int. -1问题是当扩展名不存在时它也会返回。
这就是为什么我正在寻找一种从 X509 证书中获取此 ASN1 序列以明确检查此 CAboolean标志的方法。
解决方案
BasicConstraints 扩展的有效编码(在 OCTET STRING 内)是:
CA=假:
30 00CA=true,pathlen 省略:
30 03 01 01 FFCA=true,pathlen=0 到 127:
30 06 01 01 FF 02 01 xxCA=true, pathlen >= 128: 使用这么长的路径太傻了我省略了这个案例,但是如果你真的想要的话,你可以使用 DER 规则来解决
您很可能有案例 1。
推荐阅读
- docker - 更改正在运行的 .net core docker 容器中的 javascript 文件
- python - 为什么找不到带有熊猫的csv文件?
- windows-task-scheduler - Win 10 任务计划程序不断禁用任务
- flutter - Flutter: AudioPlayers how to stop multiple sounds at once?
- javascript - When the datepicker is initialized in javascript, why is the html page scrolled up?
- mysql - Why doesn't leftJoin Knex query work and gives me an error?
- javascript - highlight.js: CSS styling absent after setting innerHTML
- php - How to get all users with all their roles in a many to many relation based sql query?
- swift - 从一个属性中按字母顺序排列核心数据实体列表 - SwiftUI
- java - Restrict the number of occurrence of . (dot) to 1 in following regular expression