Question

新加密和安全性并尝试生成x509证书。

尝试使用BouncyCastle API的以下代码：

X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
System.out.println("- ---Inside createCertificate Method----- certificate generated");
certGenerator.setSerialNumber(BigInteger.valueOf(Math.abs(new Random().nextLong())));
certGenerator.setIssuerDN(new X509Name(dn));
certGenerator.setSubjectDN(new X509Name(dn));
certGenerator.setIssuerDN(new X509Name(issuer)); // Set issuer!
Calendar instance = Calendar.getInstance();
X509Certificate certificate = (X509Certificate) certGenerator.generate(
                    privateKey, "BC");

并遇到异常。

security: The OCSP support is enabled
security: The CRL support is enabled
security: Failing over to CRLs: Certificate does not specify OCSP responder
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
    at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.Class.getDeclaredConstructors0(Native Method)
    at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
    at java.lang.Class.getConstructor0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter$1.run(Unknown Source)
    at java.awt.event.InvocationEvent.dispatch(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$200(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 54 more
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7.0.51

试图谷歌，没有线索。谢谢你的帮助。

Answer 1

您的问题与BouncyCastle和证书生成无关。您正在使用Java小程序，java插件正在尝试验证JAR文件签名。但是，签名证书（或证书链中的证书之一）似乎没有包含CRL服务器或OCSP响应程序URL的合适扩展名。因此签名验证失败，无法使用JAR。

一种解决方案可能是在Java控制中心停用证书验证（在“高级”选项卡中，“执行证书吊销检查”选项，选择“无验证”）。请注意，这是 NOT WOMMENDED ，用于日常使用，但可用于测试目的（例如在开发时使用开发/自签名证书对applet进行签名）。

撤销状态在BouncyCastle中生成X.509证书时出现未知错误

1 个答案: