我有一个使用bouncycastle (ver 1.66)连接到https服务器的客户端
tlsClientProtocol.connect(new DefaultTlsClient(new BcTlsCrypto(new SecureRandom())) {
@Override
public TlsAuthentication getAuthentication() throws IOException {
return new ServerOnlyTlsAuthentication() {
@Override
public void notifyServerCertificate(TlsServerCertificate tsc) throws IOException {
// validate srvCert here. here is the problem
TlsCertificate srvCert = tsc.getCertificate().getCertificateAt(0);
}
};
}
});
"srvCert"是的一个实例。,如何将其转换为比如旧版本的BouncyCastle,或者我怎么能得到"NotBefore","NotAfter","Subject"等等
PS:我现在不关心发行者链,我只想打印出结束证书的所有细节,也bctlcertificate就像接口tlcertificate一样没用。.
BouncyCastle文档没有帮助,我是这个库的新手,互联网上的示例是旧的(如果我没有错的话,在1.6更改之前)
编辑:只是为了清楚,接口org.bouncycastle.tls.crypto. tlcertificate没有我需要的方法,这个类有:org.bouncycastle.asn1.x509.Certificate。但是在最后一个版本中,方法签名被更改为给您无用的类。BouncyCastle有很多getInstance(Object)方法,这些方法允许您将对象转换为另一个对象,如果有意义的话。要找到支持哪些转换,最简单的方法是查看源代码。
在您的情况下,如果tlsCertificate包含您的org.bouncycastle.tls.crypto.TlsCertificate实例,您可以使用以下命令获得org.bouncycastle.asn1.x509.Certificate:
final Certificate certificate = Certificate.getInstance(tlsCertificate.getEncoded());
然而,我宁愿将TlsCertificate转换为ASN.1结构表示,而不是将其转换为JCE的java.security.cert.X509Certificate:
final X509Certificate x509Certificate;
if (tlsCertificate instanceof JcaTlsCertificate) {
x509Certificate = ((JcaTlsCertificate) tlsCertificate).getX509Certificate();
} else {
final CertificateFactory factory = CertificateFactory.getInstance("X.509");
x509Certificate = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(tlsCertificate.getEncoded()));
}