从TLS获取证书链以使用OCSP

问题描述：

我想使用OCSP检查TLS握手期间来自服务器的证书.

I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake.

我正在使用Bouncy Castle作为OCSP实现的提供者，并且BC验证方法通常希望X509Certificate作为参数.

I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally.

所以；如何在Java端跟踪并获取传入证书链并进行获取?

So; how can I follow and get incoming certificate chain at Java side and fetch it?

感谢您的帮助.

答

您可以使用

You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate

HttpsURLConnection connection = ...
Certificate chain[] = connection.getServerCertificates();
X509Certificate cert = (X509Certificate)chain[0];