我正在使用 Spring Boot 来处理证书和客户端postman以与服务交互,假设privatekey,publickey并且certificate已经处理decrypted,然后使用CertificateHelper getCertificate()函数来parseX509Certificate
private List<Certificate> getCA(X509Certificate cert, Date tsp) {
Security.addProvider(new BouncyCastleProvider());
try {
String cnIssuer = X500Name.asX500Name(cert.getIssuerX500Principal()).getCommonName();
int xTry = 0;
while ((resultCA == null || resultCA_C5 == null || resultCA_C3 == null || resultCA_v1 == null) && xTry <= 3) {
LOGGER.info(LogSystem.getLog("TRY :" + xTry, tsp, "LOG"));
try {
loadCAinit();
} catch (KeyManagementException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
xTry++;
}
if (xTry > 3) {
return null;
}
for (int i = 0; i < 4; i++) {
List<Certificate> CACheck;
if (i == 0) {
CACheck = resultCA;
} else if (i == 1) {
CACheck = resultCA_C3;
} else if (i == 2) {
CACheck = resultCA_C5;
} else {
CACheck = resultCA_v1;
}
LOGGER.info(LogSystem.getLog("CA CHECK : " + CACheck.get(0).toString(), tsp, "LOG"));
X509Certificate certCA;
try {
LogSystem.info("Process getcertificate on certificate helper");
certCA = (X509Certificate) CertificateHelper.getCertificate(CACheck.get(0).getCertificateData());
LogSystem.info("End process getcertificate on certificate helper");
String cnIssuerCheck = X500Name.asX500Name(certCA.getSubjectX500Principal()).getCommonName();
System.out.println(" CA CN: " + cnIssuerCheck);
System.out.println("User Issuer CN: " + cnIssuer);
if (cnIssuer.equals(cnIssuerCheck)) {
LOGGER.info(LogSystem.getLog("DN CA:" + certCA.getSubjectDN().toString() + ", SN: " + certCA.getSerialNumber().toString(16).toUpperCase(), tsp, "LOG"));
LOGGER.info(LogSystem.getLog("DN User:" + cert.getSubjectDN().toString() + ", SN: " + cert.getSerialNumber().toString(16).toUpperCase(), tsp, "LOG"));
return CACheck;
}
} catch (CertificateException e) {
// TODO Auto-generated catch block
LOGGER.info(LogSystem.getLog(" CATCH 1", tsp,"LOG"));
e.getCause();
e.printStackTrace();
System.out.println("asas");
}
}
LOGGER.info(LogSystem.getLog("Issuer " + cnIssuer + " not found : " + cert.getIssuerDN(), tsp, "LOG"));
System.out.println("asas");
} catch (IOException e) {
// TODO Auto-generated catch block
LOGGER.info(LogSystem.getLog(" CATCH 2", tsp,"LOG"));
e.printStackTrace();
System.out.println("asas");
}
LOGGER.info(LogSystem.getLog(" RETURN NULL", tsp,"LOG"));
System.out.println("asas");
return null;
}
getCertificate()课堂上的功能CertificateHelper
package org.ejbca.core.protocol.ws.common;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
public class CertificateHelper {
public static final String RESPONSETYPE_CERTIFICATE = "CERTIFICATE";
public static final String RESPONSETYPE_PKCS7 = "PKCS7";
public static final String RESPONSETYPE_PKCS7WITHCHAIN = "PKCS7WITHCHAIN";
public static final int CERT_REQ_TYPE_PKCS10 = 0;
public static final int CERT_REQ_TYPE_CRMF = 1;
public static final int CERT_REQ_TYPE_SPKAC = 2;
public static final int CERT_REQ_TYPE_PUBLICKEY = 3;
public CertificateHelper() {
}
public static Certificate getCertificate(byte[] certificateData) throws CertificateException {
Certificate retval = CertTools.getCertfromByteArray(Base64.decode(certificateData), Certificate.class);
return retval;
}
public static byte[] getPKCS7(byte[] pkcs7Data) {
return Base64.decode(pkcs7Data);
}
}
ongetCertificate()函数调用另一个类CertTools函数getCertfromByteArray()
public static <T extends Certificate> T getCertfromByteArray(byte[] cert, Class<T> returnType) throws CertificateParsingException {
return getCertfromByteArray(cert, "BC", returnType);
}
和详细功能getCertfromByteArray()
public static <T extends Certificate> T getCertfromByteArray(byte[] cert, String provider, Class<T> returnType) throws CertificateParsingException {
T ret = null;
String prov = provider;
if (provider == null) {
prov = "BC";
}
if (returnType.equals(X509Certificate.class)) {
ret = parseX509Certificate(prov, cert);
} else if (returnType.equals(CardVerifiableCertificate.class)) {
ret = parseCardVerifiableCertificate(prov, cert);
} else {
try {
ret = parseX509Certificate(prov, cert);
} catch (CertificateParsingException var8) {
try {
ret = parseCardVerifiableCertificate(prov, cert);
} catch (CertificateParsingException var7) {
throw new CertificateParsingException("No certificate could be parsed from byte array. See debug logs for details.");
}
}
}
return (Certificate)ret;
}
- 在第 779 行处理获取日志打印
- 第 780 行的进程无法执行,然后客户端得到返回的响应
http code 200 - 第 781 行的散文没有执行,因为第 780 行
任何建议为什么从第 780 行以空正文和 http 代码成功 200 回复我的邮递员?
*注意类CertificateHelper,CertTools是来自官方https://mvnrepository.com/artifact/org.ejbca的库