从使用 Nimbus 创建的 Java PublicKey 创建 PEM 证书
[英]Create PEM certificate from Java PublicKey created with Nimbus
问题描述
I have an integration where I validate a JSON created by another service.
我有一个集成,我在其中验证由另一个服务创建的 JSON。 They provide a public endpoint to fetch the public certificates to validate against.它们提供了一个公共端点来获取公共证书以进行验证。
But I am setting up a test for this and would like to create the same JWT with Nimbus to sign it with my own private key.但是我正在为此设置一个测试,并希望使用 Nimbus 创建相同的 JWT 以使用我自己的私钥对其进行签名。 So I do this like this (it's a nested and encrypted JWT): https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt所以我这样做(它是一个嵌套和加密的 JWT): https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt
Then I would like to simulate the public endpoint with a MockServer ( https://www.mock-server.com/ ) endpoint in tests.然后我想在测试中使用 MockServer ( https://www.mock-server.com/ ) 端点来模拟公共端点。 The problem is that I try to create a PEM certificate from the public key from the senderJWK from the example like this:问题是我尝试从如下示例中的 senderJWK 的公钥创建 PEM 证书:
var encoded = senderJWK.toPublicKey().getEncoded();
var base64Encoded = Base64.getEncoder().encode(encoded);
return new String(base64Encoded, StandardCharsets.UTF_8);
(I have also tested senderJWK.toRSAPublicKey().getEncoded() .) (我还测试senderJWK.toRSAPublicKey().getEncoded() 。)
The code that works with the real certificate does not work to parse it.与真实证书一起使用的代码无法解析它。 The code to parse it look like this:解析它的代码如下所示:
private static RSAPublicKey readPublicKey(String publicKey) throws CertificateException {
var bytes = Base64.getDecoder().decode(publicKey);
var inStream = new ByteArrayInputStream(bytes);
var certificateFactory = CertificateFactory.getInstance(X_509_CERTIFICATE_FACTORY);
var certificate = (X509Certificate) certificateFactory.generateCertificate(inStream);
return (RSAPublicKey) certificate.getPublicKey();
}
The error I am getting is:我得到的错误是:
java.io.IOException: Too short
at java.base/sun.security.util.DerValue.<init>(DerValue.java:333)
at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:109)
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1771)
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:183)
... 100 common frames omitted
Wrapped by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Too short
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:186)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:105)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
... 95 common frames omitted
1 个解决方案
解决方案1
0 已采纳 2022-04-25 16:30:02
Ok, I think what I need to do is create a X509 certificate from java, and then use the private and public keys from that in the signing and verification.好的,我想我需要做的是从 java 创建一个 X509 证书,然后在签名和验证中使用其中的私钥和公钥。
Found these resources on how to use bouncy castle to do that: Self signed X509 Certificate with Bouncy Castle in Java How to create a X509 certificate using Java?找到了有关如何使用充气城堡来做到这一点的这些资源: Java 中使用 Bouncy Castle 的自签名 X509 证书如何使用 Java 创建 X509 证书?
Edit: I got it working fine with that.编辑:我让它工作得很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.