Obtenir l'URL du certificat parent (JAVA)
J'ai un leaf certificate
. En utilisant openssl
je vois des champs:
Authority Information Access:
CA Issuers - URI:http://pki...parentCert.crt
OCSP - URI:http://ocsp...com/
Comment obtenir ce parent URL
en utilisant JAVA
?
J'utilise bouncyCastle
et Android standard libs
. J'ai essayé x509Certificate.getAlternativeNames
etc...
J'ai besoin d'obtenir tous les certificats parents en ligne et de les valider.
1
1 answers
J'ai finalement trouvé la solution! Si quelqu'un est coincé dans de tels problèmes, il sera utile. Ce code imprime l'extension d'accès aux informations d'autorité.
import sun.security.util.ObjectIdentifier;
import sun.security.x509.X509CertImpl;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
class readCert{
public boolean isExtAuthorityInfoAccess(Extension ext){
Pattern re = Pattern.compile("\\bcaIssuers\\b",Pattern.CASE_INSENSITIVE);
Matcher m = re.matcher(ext.toString());
if (m.find()) {
return true;
} else {
return false;
}
};
public static List<String> getAuthorityInfoAccesssUrls(String text)
{
List<String> containedUrls = new ArrayList<String>();
Pattern pattern = Pattern.compile(
"(?:^|[\\W])((ht|f)tp(s?):\\/\\/|www\\.)"
+ "(([\\w\\-]+\\.){1,}?([\\w\\-.~]+\\/?)*"
+ "[\\p{Alnum}.,%_=?&#\\-+()\\[\\]\\*$~@!:/{};']*)",
Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
Matcher urlMatcher = pattern.matcher(text);
while (urlMatcher.find())
{
containedUrls.add(text.substring(urlMatcher.start(0),
urlMatcher.end(0)));
}
return containedUrls;
};
public static void main(String[] args) {
readCert rc = new readCert();
try {
File file = new File("yourcert.crt");
byte[] encCert = new byte[(int) file.length()];
FileInputStream fis = new FileInputStream(file);
fis.read(encCert);
fis.close();
InputStream in = new ByteArrayInputStream(encCert);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);
X509CertImpl impl = (X509CertImpl)cert;
int extnum = 0;
if (cert.getNonCriticalExtensionOIDs() != null) {
for (String extOID : cert.getNonCriticalExtensionOIDs()) {
Extension ext = impl.getExtension(new ObjectIdentifier(extOID));
if (ext != null) {
if (rc.isExtAuthorityInfoAccess(ext)) {
System.out.println(rc.getAuthorityInfoAccesssUrls(ext.toString()));
// System.out.println("#"+(++extnum)+": "+ ext.toString());
// CA ISSUERS ARE HERE
}
}
}
}
} catch ( Exception e) {
e.printStackTrace();
};
}
}
1
Author: Rainmaker, 2016-02-07 10:02:18