stackoom
  简体   繁体   中英

Extract multiple X.509 certificates from PEM-formatted file in Java

 原文  2017-08-29 11:32:09       java/ ssl/ certificate/ bouncycastle/ x509

Question

I have a method which extracts a X.509 certificate from a given PEM-formatted file, using the bouncycastle library.

Imports: 

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;

Method: 

/**
 * Reads an X509 certificate from a PEM file.
 *
 * @param certificateFile The PEM file.
 * @return the X509 certificate, or null.
 * @throws IOException if reading the file fails
 * @throws CertificateException if parsing the certificate fails
 */
public static X509Certificate readCertificatePEMFile(File certificateFile) throws IOException, CertificateException {
    if (certificateFile.exists() && certificateFile.canRead()) {
        try (InputStream inStream = new FileInputStream(certificateFile)) {
            try (PEMParser pemParser = new PEMParser(new InputStreamReader(inStream))) {
                Object object = pemParser.readObject();
                if (object != null && object instanceof X509CertificateHolder) {
                    return new JcaX509CertificateConverter().getCertificate( (X509CertificateHolder)object );
                }
            }
        }
    }
    return null;
}

This works well for "normal" certificate files, eg a server certificate. If I have a CA chain certificate file, containing multiple certificates, how could I achieve extracting all certificates from this file (the method shown only extracts the first certificate in the file).

1 answers

solution1
 1  2018-02-09 14:30:00

Try this code, it handles multiple certificates and Private key entry im PEM file 

Security.addProvider(new BouncyCastleProvider());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
while((object = pemParser.readObject())!=null)
{
    if(object instanceof X509CertificateHolder)
    {
        X509Certificate x509Cert = (X509Certificate) new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
    }
    else if(object instanceof PEMEncryptedKeyPair)
    {
        if(password==null) throw new IllegalArgumentException("Password required for parsing RSA Private key");

        PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
        converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
    }
    else if(object instanceof PEMKeyPair)
    {
        converter.getKeyPair((PEMKeyPair) object);
    }     
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Convert a PEM-formatted String to a java.security.cert.X509Certificate Using OpenSSL through a Java program to issue X.509 certificates Write x509 certificate into PEM formatted string in java? Create X509Certificate from PKCS7 PEM formatted certificate using BouncyCastle in Java Extract raw X.509 Certificate from a signed APK or JAR How to generate JWK from a X.509 PEM certificate in jose4j? Extraction of sha1 from X.509 openssl certificate in Java How to generate Java keystore from X.509 Certificate Howto read extensions from X.509 in Java? How to make C++ client trust all X.509 certificates without any verification (like in Java)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM