51,397
社区成员
发帖
与我相关
我的任务
分享关于SSL/TSL的handshake控制的问题,急
我需要在SSL/TSL的handshake过程中对客户端的证书(X.509)的扩展属性进行校验,请问在Java中如何来实现?最好提供一个例子,谢谢。
我的程序如下:
........
SSLServerSocketFactory sf = .....;
SSLServerSocket serversocket = (SSLServerSocket) sf.createServerSocket(
HTTPS_PORT);
serversocket.setNeedClientAuth(true);
........
SSLSocket client = (SSLSocket) serversocket.accept();
SSLSession session = client.getSession();
session.getLocalCertificates();
X509Certificate cert = (X509Certificate) client.getSession().
getPeerCertificates()[0];
String peer = cert.getSubjectDN().getName();
System.out.println(ident + ": Request from " + peer);
Set critSet = cert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator i = critSet.iterator(); i.hasNext(); ) {
String oid = (String) i.next();
System.out.println(oid);
}
}
ProcessConnection cc = new ProcessConnection(client);
当程序执行到SSLSession session = client.getSession();时handshake就已经完成。
谢谢
我的程序如下:
........
SSLServerSocketFactory sf = .....;
SSLServerSocket serversocket = (SSLServerSocket) sf.createServerSocket(
HTTPS_PORT);
serversocket.setNeedClientAuth(true);
........
SSLSocket client = (SSLSocket) serversocket.accept();
SSLSession session = client.getSession();
session.getLocalCertificates();
X509Certificate cert = (X509Certificate) client.getSession().
getPeerCertificates()[0];
String peer = cert.getSubjectDN().getName();
System.out.println(ident + ": Request from " + peer);
Set critSet = cert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator i = critSet.iterator(); i.hasNext(); ) {
String oid = (String) i.next();
System.out.println(oid);
}
}
ProcessConnection cc = new ProcessConnection(client);
当程序执行到SSLSession session = client.getSession();时handshake就已经完成。
谢谢
...全文
请发表友善的回复…
发表回复
