我试图通过 SOAP Web 服务将 pkcs10Request 发送到 EJBCA。方法签名是(来自文档)
CertificateResponse pkcs10Request(java.lang.String username,
java.lang.String password,
java.lang.String pkcs10,
java.lang.String hardTokenSN,
java.lang.String responseType)
where
pkcs10 - the base64 encoded PKCS10 (only the public key is used.)
username - the unique username
password - the password sent with editUser call
hardTokenSN - Hard Token support was dropped since 7.1.0. Use null as this parameter
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
目标是为用户生成证书。PKCS#10 是用 java keytoll 制作的,看起来像这样:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC7jCCAdYCAQAweTELMAkGA1UEBhMCUlUxEjAQBgNVBAgTCVRhdGFyc3RhbjEO
MAwGA1UEBxMFS2F6YW4xGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxFTATBgNV
BAsTDE9yZ2FuaXphdGlvbjEUMBIGA1UEAxMLdGVzdHVzZXIucnUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSDWv0Pt1cBDiqWAYLfQs2Dl0jDWmTK9/k
A46/SMg7GP3VY/KKFiMf0LbaYGHQclIy4wlkUA9408NEOoY6Ynuyh3rRHBnBGkpc
LflcTKfV74V5CbTXyIjFsFFN+WNVvfk+BPh6TVMhJ9NiDrcR4C80l0/MhT4OjG1T
2s5sShrYpdkmplFxIBXQd29aTTNVdgm11Vvs08OBXu8a9x3ND+ZxduXUgTxVmoOu
AA0PrE5lXTxD5zcTDuJi+Y2RTPS2SVeu4ghSbE64941W6PA3fzHz90n9uoeeJdUM
9jfWP/7LAeWahKJCtt+cAZ2yD2W1zBmz0LuHeH8YRUb//gGICf+3AgMBAAGgMDAu
BgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBSUO5s19l5tiHYPcvBYnVG0ULEYCTAN
BgkqhkiG9w0BAQsFAAOCAQEAD0Kpt9/CBwODUyv4lpt7i0ge6Wf0s/Oqbhbvw9Ih
zJnEaFzOHDaVufB1iJ+m3c+Arx7heCRQTnJRTOZ8a9pl3vGyy9Ik+O4+mc5qpLOs
bENMbg5t4KCI08+SjU/7S3woaWwXDL6QIzsoyhMmx8BhnK04T0P46PsTf2h/PE1E
Z5qRW8/VFTI7K1/q+/tbvIo1TCfb9eUDi+9h1GAQLVhBCNjR459qxzybmyhIclpr
I51hwyhkAi3u7uIIGXgvdfjt/pRbH5XmBaoaK5DC6ppEM4btp12aRZh8QB3xoO7q
2Geas0gYqew6MfHflHvktOk8RpAC+cM/rnfRYIWY7C96LQ==
-----END NEW CERTIFICATE REQUEST-----
我这样发送请求:
Pkcs10Request request = new Pkcs10Request();
request.setArg0(certRqDto.getUsername());
request.setArg1(certRqDto.getPassword());
request.setArg2(certRqDto.getPkcs10());
request.setArg3(null);
request.setArg4("CERTIFICATE");
JAXBElement<Pkcs10Request> element = objectFactory.createPkcs10Request(request);
JAXBElement<Pkcs10RequestResponse> response = (JAXBElement<Pkcs10RequestResponse>) wsClient.getWebServiceTemplate().marshalSendAndReceive(element, new SoapActionCallback(EMPTY_ACTION_STRING));
但是我遇到了错误,在 EJBCA 的日志中我看到了这个错误:
2021-05-18 09:33:00,429 DEBUG [org.cesecore.certificates.certificate.request.RequestMessageUtils] (default task-2) Message not base64 encoded? Trying as binary: Error in input buffer, missing -----BEGIN NEW CERTIFICATE REQUEST----- boundary
2021-05-18 09:33:00,429 WARN [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-2) PKCS10 not initiated! unknown tag 13 encountered
...
2021-05-18 09:33:00,431 ERROR [org.jboss.as.ejb3.invocation] (default task-2) WFLYEJB0034: EJB Invocation failed on component CertificateCreateSessionBean for method public abstract org.cesecore.certificates.certificate.request.CertificateResponseMessage org.cesecore.certificates.certificate.CertificateCreateSessionLocal.createCertificate(...)
...
Caused by: java.lang.NullPointerException
at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:444)
at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:430)
如果我没记错的话,原因在pkcs10。但它包含子字符串“-----BEGIN NEW CERTIFICATE REQUEST-----”。我不明白,我必须以什么格式发送 pkcs#10。我是新手,请帮忙。