所需证书吊销列表:https://pan.baidu.com/s/1gka42qZn8gsr5Y2tyZdmqw?pwd=6666
package org.example;
import java.io.*;
import java.security.cert.*;
import java.text.SimpleDateFormat;
import java.util.*;
public class CrlUtils {
public static void main(String[] args) {
List<Crl> crls = parseToList("F:\\GDCA_Guangdong_Certificate_Authority_RSA.crl", false);
//List<Crl> crls = parseToList(new File("F:\\test.crl"), true);
//List<Crl> crls = parseToList(str, true);
crls.forEach(System.out::println);
}
/**
* 读取 crl 文件,解析 crl
* @param crlFile crl 文件
* @param isBase64Decode 文件是否需要 Base64 解码
* @return
*/
public static List<Crl> parseToList(File crlFile, boolean isBase64Decode) {
List<Crl> result = new ArrayList<>();
try {
// 证书工厂的功能,用于从其编码生成证书,认证路径( CertPath )和证书吊销列表(CRL)对象。
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL aCrl;
if (isBase64Decode) {
byte[] decodedCrl = getEncodeFile(crlFile);
if (decodedCrl == null) {
return result;
}
ByteArrayInputStream bais = new ByteArrayInputStream(decodedCrl);
// 生成证书撤销列表(CRL)对象,并使用从输入流 inStream 读取的数据进行 inStream。
aCrl = (X509CRL) cf.generateCRL(bais);
} else {
FileInputStream fis = new FileInputStream(crlFile);
aCrl = (X509CRL) cf.generateCRL(fis);
}
// 获取此 CRL 中的所有条目。
Set tSet = aCrl.getRevokedCertificates();
Iterator tIterator = tSet.iterator();
while (tIterator.hasNext()) {
X509CRLEntry tEntry = (X509CRLEntry) tIterator.next();
String sn = tEntry.getSerialNumber().toString(16).toUpperCase();
String issName = aCrl.getIssuerDN().toString();
String time = new SimpleDateFormat("yyyy:MM:dd:HH:mm:ss").format(tEntry.getRevocationDate());
String revocationReason = tEntry.getRevocationReason() == null ? "UNSED" : tEntry.getRevocationReason().toString();
Crl crl = new Crl(sn, issName, time, revocationReason);
result.add(crl);
}
return result;
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
/**
* 从字符串中读取内容,解析 crl
* @param content 字符串内容
* @param isBase64Decode 是否需要 Base64 解码
* @return
*/
public static List<Crl> parseToList(String content, boolean isBase64Decode) {
List<Crl> result = new ArrayList<>();
if (content.isEmpty()) {
return result;
}
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL aCrl;
ByteArrayInputStream bais;
if (isBase64Decode) {
byte[] decode = Base64.getDecoder().decode(content);
bais = new ByteArrayInputStream(decode);
}else {
bais = new ByteArrayInputStream(content.getBytes());
}
aCrl = (X509CRL) cf.generateCRL(bais);
Set tSet = aCrl.getRevokedCertificates();
Iterator tIterator = tSet.iterator();
while (tIterator.hasNext()) {
X509CRLEntry tEntry = (X509CRLEntry) tIterator.next();
String sn = tEntry.getSerialNumber().toString(16).toUpperCase();
String issName = aCrl.getIssuerDN().toString();
String time = new SimpleDateFormat("yyyy:MM:dd:HH:mm:ss").format(tEntry.getRevocationDate());
String revocationReason = tEntry.getRevocationReason() == null ? "UNSED" : tEntry.getRevocationReason().toString();
Crl crl = new Crl(sn, issName, time, revocationReason);
result.add(crl);
}
return result;
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
public static byte[] getEncodeFile(File file) {
try {
FileInputStream inputStream = new FileInputStream(file);
byte[] buffer = new byte[(int) file.length()];
int read = inputStream.read(buffer);
inputStream.close();
byte decoded[] = Base64.getDecoder().decode(buffer);
return decoded;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
package org.example;
public class Crl {
public String SN;
public String issuerDN;
public String time;
public String revocationReason;
public Crl(String SN, String issuerDN, String time, String revocationReason) {
this.SN = SN;
this.issuerDN = issuerDN;
this.time = time;
this.revocationReason = revocationReason;
}
public String getSN() {
return SN;
}
public void setSN(String SN) {
this.SN = SN;
}
public String getIssuerDN() {
return issuerDN;
}
public void setIssuerDN(String issuerDN) {
this.issuerDN = issuerDN;
}
public String getTime() {
return time;
}
public void setTime(String time) {
this.time = time;
}
public String getRevocationReason() {
return revocationReason;
}
public void setRevocationReason(String revocationReason) {
this.revocationReason = revocationReason;
}
@Override
public String toString() {
return "Crl{" +
"SN='" + SN + '\'' +
", issuerDN='" + issuerDN + '\'' +
", time='" + time + '\'' +
", revocationReason='" + revocationReason + '\'' +
'}';
}
}