2
我正在使用代码生成一个CSR(证书签名请求),但没有相应信息的问题。我需要指出如何使用Java和/或BouncyCastle来阅读CSR内容。使用Java或BouncyCastle解码/读取CSR(证书签名请求)
任何指针或想法表示赞赏。
A
回答
2
想通了:
- 转换的CSR PEM到PKCS10CertificationRequest
- 通过从PKCS10CertificationRequest实例访问getSubject()方法
- 迭代的RDN []阵列上获取X500Name实例和获得您希望使用ASN1ObjectIdentifier之一的特定字段(例如COUNTRY为2.5.4.6)
这里是代码:
public class EncryptDecrypt {
private Logger LOG = LoggerFactory.getLogger(EncryptDecrypt.class);
private final String COUNTRY = "2.5.4.6";
private final String STATE = "2.5.4.8";
private final String LOCALE = "2.5.4.7";
private final String ORGANIZATION = "2.5.4.10";
private final String ORGANIZATION_UNIT = "2.5.4.11";
private final String COMMON_NAME = "2.5.4.3";
@Test
public void testReadCertificateSigningRequest() {
String csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n" +
"MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEzAR\n" +
"BgNVBAcTCkJvY2EgUmF0b24xGzAZBgNVBAoTEkxvb25leSBUb29ucywgSW5jLjEU\n" +
"MBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjAN\n" +
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJCj31d1Rp+aKz/GTkedaiS/VSCc\n" +
"PRARYgXukobjgBHx46HjldAcfg/DoANn5lEQaFxaIZJLbZ/AdLUyw/hUbU0CjWXv\n" +
"pN3Ep3o9XgRTPkIFoI22VOI/O2ZLjBq/E4DWyVmv+vG6BK0LRh7hykzPCw6KIRR9\n" +
"NCmUMJMQX5d5P/r1lR5H399pnLcLsrHoWDwBSEDgkGWyxnvEB0+/bIz42T3qnlFt\n" +
"7avarxlHG2p5DoRTf8GJ+6imY88ZeBW/Nk18aDINsAHWLv383JICIAsZ3VuMk8m/\n" +
"Z/Z5b21zIuZECDJjZjvAAjr/shVLB+Pck5+HJy6tqj79MJOQu+jKIrK8VwIDAQAB\n" +
"oAAwDQYJKoZIhvcNAQEFBQADggEBAGtuAAHG4OC9jSRjGWSqfMXTDMz9tgekDREA\n" +
"SYv5QIrOXsMzwbgDw8LxRJZEskl4JJOnjwEvUXWUF1M6XmG2h358nOnrkOlsumHw\n" +
"Tx5gGSr6S6aJO/HG46erctE8aWpnFZYMfuEkul4ApsIufL7Bxqs3NHZWcrWBlLIP\n" +
"aVCKx1FPRMC36Tj3EslbuUB/iTRt90Nfq1IxHMIKiwCiSNJSqfRVLANhI8MUbOjB\n" +
"CBly1wcH68WWNkyvHVvbcF/B9AfYG9AqWjZjygKpyf81VZWctXhDc8UtomqrblXN\n" +
"mvz4RKpIhZQLuuxlBrdzJkPm2sOdtdZghebCRRVWdjsig4sylgQ=\n" +
"-----END CERTIFICATE REQUEST-----";
PKCS10CertificationRequest csr = convertPemToPKCS10CertificationRequest(csrPEM);
X500Name x500Name = csr.getSubject();
System.out.println("x500Name is: " + x500Name + "\n");
// country is 2.5.4.6
System.out.println("COUNTRY: " + getX500Field(COUNTRY, x500Name));
// state is 2.5.4.8
System.out.println("STATE: " + getX500Field(STATE, x500Name));
// locale is 2.5.4.7
System.out.println("LOCALE: " + getX500Field(LOCALE, x500Name));
}
private String getX500Field(String asn1ObjectIdentifier, X500Name x500Name) {
RDN[] rdnArray = x500Name.getRDNs(new ASN1ObjectIdentifier(asn1ObjectIdentifier));
String retVal = null;
for (RDN item : rdnArray) {
retVal = item.getFirst().getValue().toString();
}
return retVal;
}
private PKCS10CertificationRequest convertPemToPKCS10CertificationRequest(String pem) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
PKCS10CertificationRequest csr = null;
ByteArrayInputStream pemStream = null;
try {
pemStream = new ByteArrayInputStream(pem.getBytes("UTF-8"));
} catch (UnsupportedEncodingException ex) {
LOG.error("UnsupportedEncodingException, convertPemToPublicKey", ex);
}
Reader pemReader = new BufferedReader(new InputStreamReader(pemStream));
PEMParser pemParser = new PEMParser(pemReader);
try {
Object parsedObj = pemParser.readObject();
System.out.println("PemParser returned: " + parsedObj);
if (parsedObj instanceof PKCS10CertificationRequest) {
csr = (PKCS10CertificationRequest) parsedObj;
}
} catch (IOException ex) {
LOG.error("IOException, convertPemToPublicKey", ex);
}
return csr;
}
private String toPEM(Object key) {
StringWriter sw = new StringWriter();
PEMWriter pem = new PEMWriter(sw);
try {
pem.writeObject(key);
pem.close();
} catch (IOException e) {
System.out.printf("IOException: %s%n", e);
}
return sw.toString();
}
}
+0
值得注意的是'ASN1ObjectIdentifier's存储在'BCStyle'静态类如'public static final ASN1ObjectIdentifier's,所以像'COUNTRY'这样的东西不需要从零重新创建。但是,它不是'enum'。 – EpicPandaForce
相关问题
- 1. BouncyCastle或OpenSSL仅用公钥生成证书签名请求(CSR)
- 2. 使用的证书签名请求(CSR)
- 3. 用c读取证书签名请求#
- 4. 使用Go创建证书签名请求(CSR)
- 5. 在客户端使用javascript创建CSR(证书签名请求)
- 6. 证书签名请求(CSR) - 公司名称
- 7. 无法创建新的证书签名请求(CSR)?
- 8. 如何获取证书签名请求
- 9. 签名X509数码证书W/BouncyCastle的 - 数字签名无效
- 10. 从Android/BouncyCastle中签名的X509证书(CSR响应)中提取证书链信息
- 11. 如何使用Perl解析证书签名请求?
- 12. 如何使用本机Java创建证书签名请求
- 13. 代码签名证书Java
- 14. 用bouncycastle解析证书
- 15. 使用Javascript解码Facebook签名请求
- 16. 如何在Linux Ubuntu 13中创建CSR(证书签名请求)文件?
- 17. 在C#中生成X.509证书密钥对和签名请求(CSR)
- 18. 无法找到苹果推送通知服务的证书签名请求(CSR)
- 19. 创建证书签名请求
- 20. 苹果证书签名请求
- 21. 将属性添加到证书请求,java + bouncycastle 1.48
- 22. 使用java或BouncyCastle而不使用私钥的CSR一代
- 23. 使用证书签署Soap请求
- 24. EV代码签名证书或代码签名证书为Microsoft验证
- 25. 使用BouncyCastle创建基于自签名根证书颁发的证书
- 26. 使用BouncyCastle API生成CSR
- 27. 证书签名请求 - CN用于代码签名的相关性
- 28. SOAP请求和“错误:证书链中的自签名证书”
- 29. 苹果推送证书 - 无效证书签名请求
- 30. 使用bouncycastle创建证书
可能是有用的:http://stackoverflow.com/questions/7230330/sign-csr-using-bouncy-castle –