问题
I would like to validate a certificate chain which will be imported into my app. I do not know how.
My coleagues told me, that I have to use Bouncing castle for validation. I saw several examples and still do not have any progress.
I have a List<X509Certificate> which contains all certificates which are imported from the UI, and also the PrivateKey.
Could you please show me how to validate the certificate chain with Bouncing castle.
回答1:
You can use the java.security.cert.CertificateFactory to validate your certificate chain.
InputStream inStream = ByteArrayInputStream(<data>);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath cp = cf.generateCertPath(inStream);
List<Certificate> certs = cp.getCertificates();
The certs now contains the certificate chain. The first entry in certs (certs[0]) contais the certificate and the following certificates are the chain.
The last entry in certs is the root certificate which should be compared to a already existing certificate in your application.
In the case that the certification path could not be built up the above code will throw a CertificateException.
来源:https://stackoverflow.com/questions/26097214/validate-certificate-chain-with-java-bouncing-castle