在 Java 中,如何从 SSL 证书中提取“颁发给”或用户HttpRequest?
我正在使用什么:
Object certChain = request
.getAttribute("javax.servlet.request.X509Certificate");
if (certChain != null)
{
X509Certificate certs[] = (X509Certificate[]) certChain;
X509Certificate cert = certs[0];
String user = cert.getSubjectDN().getName();
}
这是在 httprequest 中提取证书的“颁发给”又名主题的代码,
import java.security.cert.X509Certificate;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
if ((certs == null) || (certs.length == 0)) {
return null;
}
String name = certs[0].getSubjectX500Principal().getName(); // if you are looking for issuer then use cert[0].getIssuerX500Principal().getName();
LdapName ldapName = null;
try {
ldapName = new LdapName(name);
} catch (InvalidNameException e) {
throw new RuntimeException(e);
}
for (Rdn rdn : ldapName.getRdns()) {
String type = rdn.getType();
if ("CN".equals(type)) {
String issuedTo = (String)rdn.getValue();
}
}
JDK 6 本地的 rt.jar 中有 API getSubjectX500Prinicpal(),不确定以前的版本,
getSubjectDN()不应再使用。
Denigrated,由 getSubjectX500Principal() 代替。
所以使用:
cert[0].getSubjectX500Principal().getName();