Strona główna Odkrywaj Pomoc
Zaloguj się
OpenSource
/
hertzbeat
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

feature 检测网站SSL证书是否过期 (#50)

* [collector]feature 检测网站SSL证书是否过期

* [collector]fix cannot find symbol class BASE64Decoder
tomsun28 3 lat temu
rodzic
327f527082
commit
fbf7ebd834
2 zmienionych plików z 16 dodań i 3 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 14 1
      collector/src/main/java/com/usthe/collector/collect/common/http/CommonHttpClient.java
  2. 2 2
      collector/src/main/java/com/usthe/collector/util/KeyPairUtil.java

+ 14 - 1
collector/src/main/java/com/usthe/collector/collect/common/http/CommonHttpClient.java
Wyświetl plik 

@@ -17,7 +17,9 @@ import javax.net.ssl.SSLContext;
 
 import javax.net.ssl.TrustManager;
 
 import javax.net.ssl.X509TrustManager;
 
 import java.security.cert.CertificateException;
 
+import java.security.cert.CertificateExpiredException;
 
 import java.security.cert.X509Certificate;
 
+import java.util.Date;
 
 import java.util.concurrent.TimeUnit;
 
 
 /**
 
@@ -75,7 +77,18 @@ public class CommonHttpClient {
 
                 @Override
 
                 public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
 
                 @Override
 
-                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
 
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
 
+                    // 判断服务器证书有效期时间
 
+                    Date now = new Date();
 
+                    if (x509Certificates != null && x509Certificates.length > 0) {
 
+                        for (X509Certificate certificate : x509Certificates) {
 
+                            Date deadline = certificate.getNotAfter();
 
+                            if (deadline != null && now.after(deadline)) {
 
+                                throw new CertificateExpiredException();
 
+                            }
 
+                        }
 
+                    }
 
+                }
 
                 @Override
 
                 public X509Certificate[] getAcceptedIssuers() { return null; }
 
             };

+ 2 - 2
collector/src/main/java/com/usthe/collector/util/KeyPairUtil.java
Wyświetl plik 

@@ -1,12 +1,12 @@
 
 package com.usthe.collector.util;
 
 
 import lombok.extern.slf4j.Slf4j;
 
-import sun.misc.BASE64Decoder;
 
 
 import java.security.KeyFactory;
 
 import java.security.KeyPair;
 
 import java.security.PublicKey;
 
 import java.security.spec.X509EncodedKeySpec;
 
+import java.util.Base64;
 
 
 /**
 
  * 密钥工具类
 
@@ -35,7 +35,7 @@ public class KeyPairUtil {
 
                 return null;
 
             }
 
             // todo fix 公钥解析
 
-            byte[] publicKeyBytes = (new BASE64Decoder()).decodeBuffer(publicKeyStr);
 
+            byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyStr);
 
             X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
 
             PublicKey publicKey = keyFactory.generatePublic(keySpec);
 
             return new KeyPair(publicKey, null);