{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《java apis for certificate revocation checks》','https://www.manongdao.com/q-730795.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Java supports OCSP out of the box.
The way it is being done though, (I mean the revocation check) is transparent to the programmer.
My question is, is there any api (part of java) that can create a valid OCSP request or response? So that it would be possible for a programmer to implement a custom OCSP checker?
相关问题
- Delete Messages from a Topic in Apache Kafka
- Jackson Deserialization not calling deserialize on
- How to maintain order of key-value in DataFrame sa
- StackExchange API - Deserialize Date in JSON Respo
- Difference between Types.INTEGER and Types.NULL in
Note that Java 8 has a JEP 124 - Enhance the Certificate Revocation-Checking API which should provide new APIs specifically for certificate revocation.
Check out a recent Oracle blog post describing the new functionality, as well as the official Draft Readme.
Hope this helps.
The standard Java API does not provide publicly available classes to handle OCSP. In Sun/Oracle's JDK, the OCSP management classes are in the
sun.security.provider.certpathpackage (i.e. a package which is outside of the Java specification) and are notpublic(so you cannot use them without resorting to reflection, after giving yourself extended access rights).Also, the implementation in Sun/Oracle's JDK is a pure client: it can encode requests and decode responses, but it cannot decode requests or encode responses.
Hence, implementing a custom OCSP checker would entail implementing the encoding and decoding mechanisms manually: it can be done, but not in five lines of code. EJBCA is an opensource PKI, entirely written in Java, which includes some support for OCSP (I do not know whether extracting the OCSP code for inclusion in another application would be easy or not).