0

我正在寻找 java 5 中客户端证书的 OCSP 验证示例。此外,java.security 文件中的配置如何用于此目的?

4

1 回答 1

0 
static {
    Security.setProperty("ocsp.enable", "true");
}

public boolean validate(X509Certificate certificate, CertPath certPath,
        PKIXParameters parameters) throws GeneralSecurityException {
    try {
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv
                .validate(certPath, parameters);
        Signature.LOG.debug("Validation result is: " + result);
        return true; // if no exception is thrown
    } catch (CertPathValidatorException cpve) {

        // if the exception is (or is caused by)
        // CertificateRevokedException, return false;
        // otherwise re-throw, because this indicates a failure to perform
        // the validation
        Throwable cause = ExceptionUtils.getRootCause(cpve);
        Class<? extends Throwable> exceptionClass = cause != null ? cause.getClass()
                : cpve.getClass();
        if (exceptionClass.getSimpleName().equals("CertificateRevokedException")) {
            return false;
        }
        throw cpve;
    }
}
于 2010-04-26T10:02:23.337 回答