如何使用 DSS 获取 X509 证书的吊销状态?
How to get revocation status of an X509 certificate with DSS?
我正在尝试使用 DSS 框架根据吊销状态验证 X509 证书,您在哪里可以找到它?
我正在使用这段代码来验证带有 CRL 和 OCSP 的证书。我想知道 toValidateToken 是否已被撤销。
CertificateToken class有isSignatureValid、isExpired、isValidOn等方法,但没有与撤销相关的方法。
我在其他论坛找到了isRevoked()方法,但我没有。我确定我已经安装了所有依赖项。
CommonCertificateSource adjunctCertificateSource = new CommonCertificateSource();
// Firstly, we load the certificate to be validated
CertificateToken toValidate = getCertificateFromSignature(documentPath);
CertificateToken toValidateToken = adjunctCertificateSource.addCertificate(toValidate);
//Configure the certificate verifier using the trust store and the intermediate certificates
//OnlineOCSPSource and OnlineCRLSource will invoke the OCSP service and CRL
//distribution point extracting the URL from the certificate
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
certificateVerifier.setAdjunctCertSource(adjunctCertificateSource);
certificateVerifier.setCrlSource(new OnlineCRLSource());
certificateVerifier.setOcspSource(new OnlineOCSPSource());
//Perform validation
CertificatePool validationPool = certificateVerifier.createValidationPool();
SignatureValidationContext validationContext = new SignatureValidationContext(validationPool);
validationContext.addCertificateTokenForVerification(toValidateToken);
validationContext.validate();
结果我只需要一个简单的true/false
Whatever the DSS framework is... Here is an article how to check validity with CRL and OCSP:
下面的标准是 PKCS#7,在 RFC2315 中定义。加密消息语法定义了所谓的属性,这些属性可以是数据(已签名),经过哈希处理然后对其进行签名,或者位于签名旁边(未签名)。
发布的附加问题似乎包含添加证书验证数据(OCSP 和 CRL):
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
我正在尝试使用 DSS 框架根据吊销状态验证 X509 证书,您在哪里可以找到它?
我正在使用这段代码来验证带有 CRL 和 OCSP 的证书。我想知道 toValidateToken 是否已被撤销。
CertificateToken class有isSignatureValid、isExpired、isValidOn等方法,但没有与撤销相关的方法。
我在其他论坛找到了isRevoked()方法,但我没有。我确定我已经安装了所有依赖项。
CommonCertificateSource adjunctCertificateSource = new CommonCertificateSource();
// Firstly, we load the certificate to be validated
CertificateToken toValidate = getCertificateFromSignature(documentPath);
CertificateToken toValidateToken = adjunctCertificateSource.addCertificate(toValidate);
//Configure the certificate verifier using the trust store and the intermediate certificates
//OnlineOCSPSource and OnlineCRLSource will invoke the OCSP service and CRL
//distribution point extracting the URL from the certificate
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
certificateVerifier.setAdjunctCertSource(adjunctCertificateSource);
certificateVerifier.setCrlSource(new OnlineCRLSource());
certificateVerifier.setOcspSource(new OnlineOCSPSource());
//Perform validation
CertificatePool validationPool = certificateVerifier.createValidationPool();
SignatureValidationContext validationContext = new SignatureValidationContext(validationPool);
validationContext.addCertificateTokenForVerification(toValidateToken);
validationContext.validate();
结果我只需要一个简单的true/false
Whatever the DSS framework is... Here is an article how to check validity with CRL and OCSP:
下面的标准是 PKCS#7,在 RFC2315 中定义。加密消息语法定义了所谓的属性,这些属性可以是数据(已签名),经过哈希处理然后对其进行签名,或者位于签名旁边(未签名)。
发布的附加问题似乎包含添加证书验证数据(OCSP 和 CRL):
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());