java 解析证书吊销列表 crl

最新推荐文章于 2023-12-11 13:32:40 发布

后端阿一

最新推荐文章于 2023-12-11 13:32:40 发布

阅读量1k

点赞数 1

分类专栏： X509 文章标签： java jvm 开发语言

本文链接：https://blog.csdn.net/qq_44704799/article/details/127213549

版权

X509 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

所需证书吊销列表：https://pan.baidu.com/s/1gka42qZn8gsr5Y2tyZdmqw?pwd=6666

package org.example;

import java.io.*;
import java.security.cert.*;
import java.text.SimpleDateFormat;
import java.util.*;

public class CrlUtils {
    public static void main(String[] args) {
        List<Crl> crls = parseToList("F:\\GDCA_Guangdong_Certificate_Authority_RSA.crl", false);
        //List<Crl> crls = parseToList(new File("F:\\test.crl"), true);
        //List<Crl> crls = parseToList(str, true);
        crls.forEach(System.out::println);
    }

    /**
     * 读取 crl 文件，解析 crl
     * @param crlFile crl 文件
     * @param isBase64Decode 文件是否需要 Base64 解码
     * @return
     */
    public static List<Crl> parseToList(File crlFile, boolean isBase64Decode) {
        List<Crl> result = new ArrayList<>();
        try {
            // 证书工厂的功能，用于从其编码生成证书，认证路径（ CertPath ）和证书吊销列表（CRL）对象。
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509CRL aCrl;
            if (isBase64Decode) {
                byte[] decodedCrl = getEncodeFile(crlFile);
                if (decodedCrl == null) {
                    return result;
                }
                ByteArrayInputStream bais = new ByteArrayInputStream(decodedCrl);
                // 生成证书撤销列表（CRL）对象，并使用从输入流 inStream 读取的数据进行 inStream。
                aCrl = (X509CRL) cf.generateCRL(bais);
            } else {
                FileInputStream fis = new FileInputStream(crlFile);
                aCrl = (X509CRL) cf.generateCRL(fis);
            }

            // 获取此 CRL 中的所有条目。
            Set tSet = aCrl.getRevokedCertificates();
            Iterator tIterator = tSet.iterator();
            while (tIterator.hasNext()) {
                X509CRLEntry tEntry = (X509CRLEntry) tIterator.next();
                String sn = tEntry.getSerialNumber().toString(16).toUpperCase();
                String issName = aCrl.getIssuerDN().toString();
                String time = new SimpleDateFormat("yyyy:MM:dd:HH:mm:ss").format(tEntry.getRevocationDate());
                String revocationReason = tEntry.getRevocationReason() == null ? "UNSED" : tEntry.getRevocationReason().toString();
                Crl crl = new Crl(sn, issName, time, revocationReason);
                result.add(crl);
            }
            return result;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return result;
    }

    /**
     * 从字符串中读取内容，解析 crl
     * @param content 字符串内容
     * @param isBase64Decode 是否需要 Base64 解码
     * @return
     */
    public static List<Crl> parseToList(String content, boolean isBase64Decode) {
        List<Crl> result = new ArrayList<>();
        if (content.isEmpty()) {
            return result;
        }
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509CRL aCrl;
            ByteArrayInputStream bais;
            if (isBase64Decode) {
                byte[] decode = Base64.getDecoder().decode(content);
                bais = new ByteArrayInputStream(decode);
            }else {
                bais = new ByteArrayInputStream(content.getBytes());
            }
            aCrl = (X509CRL) cf.generateCRL(bais);
            Set tSet = aCrl.getRevokedCertificates();
            Iterator tIterator = tSet.iterator();
            while (tIterator.hasNext()) {
                X509CRLEntry tEntry = (X509CRLEntry) tIterator.next();
                String sn = tEntry.getSerialNumber().toString(16).toUpperCase();
                String issName = aCrl.getIssuerDN().toString();
                String time = new SimpleDateFormat("yyyy:MM:dd:HH:mm:ss").format(tEntry.getRevocationDate());
                String revocationReason = tEntry.getRevocationReason() == null ? "UNSED" : tEntry.getRevocationReason().toString();
                Crl crl = new Crl(sn, issName, time, revocationReason);
                result.add(crl);
            }
            return result;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return result;
    }


    public static byte[] getEncodeFile(File file) {
        try {
            FileInputStream inputStream = new FileInputStream(file);
            byte[] buffer = new byte[(int) file.length()];
            int read = inputStream.read(buffer);
            inputStream.close();
            byte decoded[] = Base64.getDecoder().decode(buffer);
            return decoded;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}

package org.example;

public class Crl {
    public String SN;
    public String issuerDN;
    public String time;
    public String revocationReason;

    public Crl(String SN, String issuerDN, String time, String revocationReason) {
        this.SN = SN;
        this.issuerDN = issuerDN;
        this.time = time;
        this.revocationReason = revocationReason;
    }

    public String getSN() {
        return SN;
    }

    public void setSN(String SN) {
        this.SN = SN;
    }

    public String getIssuerDN() {
        return issuerDN;
    }

    public void setIssuerDN(String issuerDN) {
        this.issuerDN = issuerDN;
    }

    public String getTime() {
        return time;
    }

    public void setTime(String time) {
        this.time = time;
    }

    public String getRevocationReason() {
        return revocationReason;
    }

    public void setRevocationReason(String revocationReason) {
        this.revocationReason = revocationReason;
    }

    @Override
    public String toString() {
        return "Crl{" +
                "SN='" + SN + '\'' +
                ", issuerDN='" + issuerDN + '\'' +
                ", time='" + time + '\'' +
                ", revocationReason='" + revocationReason + '\'' +
                '}';
    }
}