Does X509TrustManagerImpl.checkServerTrusted() handle OCSP by itself if the appropriate properties are set?
public class CustomTrustManager implements X509TrustManager {
private X509TrustManager trustManager;
// If a connection was previously attempted and failed th
-
It does not look like you're checking the revocation via OCSP. Here is an example of how to do this. You will need the target certificate and the responder URL. I extracted this from a working example and modified it to be as generic as possible. Have not tested it, but it should work or be very close to working. You might have to tailor it to your needs, but not by much.
private void validateCertPath(X509Certificate targetCertificate, X509Certificate issuerCertificate, String responderURL, String trustAnchorDirectory) throws CertPathValidatorException, InvalidAlgorithmParameterException, FileNotFoundException, CertificateException, NoSuchAlgorithmException { ListcertList = new Vector (); certList.add(targetCertificate); certList.add(issuerCertificate); CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertPath cp = cf.generateCertPath(certList); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); Set trustStore = new HashSet (); TrustAnchor anchor = null; X509Certificate cacert = null; File directory = new File(trustAnchorDirectory); String certFileNames[] = directory.list(); for (String certFile : certFileNames) { cacert = readCert(trustAnchorDirectory +"/" + certFile); anchor = new TrustAnchor(cacert, null); trustStore.add(anchor); } PKIXParameters params = new PKIXParameters(trustStore); params.setRevocationEnabled(true); Security.setProperty("ocsp.enable", "true"); Security.setProperty("ocsp.responderURL", responderUrl); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, params); System.out.println("Certificate validated"); System.out.println("Policy Tree:\n" + result.getPolicyTree()); }
讨论(0)
加载中...
- 热议问题