-1

我是证书的新手,我有一个场景,需要阅读 SSL 证书,提取并验证证书中指定的电子邮件。为此,我在下面编写了代码,但我得到了java.lang.IllegalArgumentException.

public GenericFormResponse execute(WebRequest wreq, String epName, String ipAddr, boolean useDefault, MultipartFile certFile)throws Exception {
.......//some code
byte[] certBytes = certFile.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certBytes));
NameAdapter subject = CertificateVerifier.getSubject(cert);
if(StringUtils.equalsIgnoreCase(subject.getEmailAddress(), email)){
    ep.setCertData(cert.getSignature());
}else{
    LOGGER.debug("invalid certificates found.");
    response.setSuccess(false);
    response.setGlobalErrorCode("sa_endpoint_invalid_cert");
    return response;
}
......//some code.
}

CertificateVerifier.getSubject(cert);是在另一种情况下运行良好的自定义代码。异常堆栈跟踪:

Caused by: java.lang.IllegalArgumentException: Bad sequence size: 6
        at org.bouncycastle.asn1.x509.AlgorithmIdentifier.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.TBSCertificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.TBSCertificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.Certificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.Certificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readPEMCertificate(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        ... 43 common frames omitted

请帮助任何人,如何读取.csr文件。证书文件格式如下。

-----BEGIN CERTIFICATE-----
MIIC+zCCAeMCAQAwgYUxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcT
CUJlbmdhbHVydTESMBAGA1UEChMJQ29ubkluZGlhMRYwFAYDVQQLEw1Db25uZWN0IEluZGlhMSIw
IAYDVQQDExl3d3cudGVzdC5jb25uZWN0aW5kaWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA7it/pHtJCLuc4BohScXvruMPY+QI8Y60gsp6Hm9tcWm1c4RHs0suGZ0jptHZEHsF
AJZm9fmjQsF2Oni0Ty1yGymIWcLh3NcXn7tthwpDH1k48fYWsluB1kWbxyTqv9vVDjXBcVoCUIUc
1jXIoaYxzb4VVgQvHkRwtPCIVygMfB6vBChPltdX0w0pQa8oFaL44w1afGukEjrrDuq1L9aejAI1
roPAZ3cYeMjzURrXP2sybdB9pcPvRqMkGhth17fzJOkOTHKiLObXp+euU8FwC/MIj1p0HiSd+XsZ
GKcqzLJ/6u2keOJIn83B4gUCo8Q23zqblPmcNRIdL5qMhtu9DQIDAQABoDAwLgYJKoZIhvcNAQkO
MSEwHzAdBgNVHQ4EFgQUrW69RwCRyWpbF9p4wP/sA//M6IIwDQYJKoZIhvcNAQELBQADggEBAJmC
RJpUZyzW1reLYtd6Iw7rzya3Fg3EKVksHIXxmtRxOMG+kbLdc2+p/SjTIGSWjs7EoCItJ+UsrPQM
uk8dEi4G3R9qIfGXycMX1tST9N4yy4nGALEYQ7MQlikCdsvzGh0u7G75nAMaObgf9hra513SsrqD
ta1jjZBlF6sp0VfRoqpvT09lqEkKmWQhYAtkIPIfgnRxCpC+IqxS2fk/x14pLnaRWtjHQOqOeKEo
KMG7dWtp15MKeKtNt8O5lahHH5yjtutwkGDHIQD6oksqxzBPvdLpQPJ90pxCdegwczRyDq/puzAb
DVwakU/8b0JLco4Mm/Bo3OxGjPmFdkO7P7g=
-----END CERTIFICATE-----

提前致谢。

4

2 回答 2

0

X509 缺少点使用X.509

CertificateFactory cf = CertificateFactory.getInstance("X.509")
于 2014-12-12T06:37:23.980 回答
0

首先,我很困惑。您说您需要阅读 SSL 证书。但是您正在阅读包含“证书签名请求”的 .csr 文件。这不是证书。从这个请求中,人们可以读取公钥、有效期、密钥用法并使用所有这些来创建证书。为此,请按照以下步骤操作。

  1. 将文件数据(字节数组)转换为字符串。
  2. 使用 String 的 replaceAll 方法删除以下行(例如 csrString.replaceAll("...."))
    第 1 行: -----BEGIN CERTIFICATE-----
    第 2 行: -----END CERTIFICATE- ----
  3. 将数据转换为十六进制。Java 7 已内置库

javax.xml.bind.DatatypeConverter.parseBase64Binary("...")

  1. 使用以下方法获取PKCS10格式数据

PKCS10CertificationRequest pkcs10CertificationRequest = new PKCS10CertificationRequest(csrData);

  1. 现在从 pkcs10CertificationRequest 读取数据并创建 X509Certificate
  2. 有关更多信息,请阅读 RFC。 https://www.rfc-editor.org/rfc/rfc2986
于 2014-12-18T10:10:59.413 回答