stackoom
  简体   繁体   中英

ADD certificate in HTTP Header

 原文  2020-01-13 13:58:40       java/ spring-boot

Question

I want to add a Certificate in http header. My questions are :

  1. Do we have to send it as byte Array? or as a String?
  2. If yes , the toString method of java.securit.PublicKey does it build a good string representation?
  3. Isn't it too long to be inserted in an http header or not? Thanks

Code :

public byte []   getCertificate() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
    if (Configuration.getSignaturekeyStoreLocation()==null || ewalletConfiguration.getSignaturekeyStoreLocation().isEmpty()) {
            throw new IllegalArgumentException("Keystore url must not be null");
        }
        FileInputStream is = new FileInputStream(Configuration.getSignaturekeyStoreLocation());
        char[] keyPassword = ewalletConfiguration.getSignaturekeyStorePassword().toCharArray();
        KeyStore keystore = KeyStore.getInstance("JKS");
        //keyStore Password
        keystore.load(is, keyPassword);
        //
        final Certificate cert = (Certificate) keystore.getCertificate(Configuration.getSignatureCertificateAlias());

        return  cert.getEncoded();
}``

`

1 answers

solution1
 0  2020-01-15 09:29:07

There are different purposes why there would be a certificate in the header, so it would be simpler if you'd explain the use case.

Do we have to send it as byte Array? or as a String?

HTTP headers are always a string, I'd assume you will need to use base64 encoding.

If yes , the toString method of java.securit.PublicKey does it build a good string representation?

No, the public key is only a public key, not the whole certificate (a certificate contains the public key). The simplest way to get a (x509) certificate representation is using getEncoded method

Isn't it too long to be inserted in an http header or not? Thanks

It may. Usually http servers are having certain header buffer (eg apache tomat has/had default 8kB buffer, IIS 16kB) so if the returned encoded response would be larger, the server may return an error response. Even I know some clients / browsers are having different limits.

I'd be curious what you want to achieve, maybe there is a more robust way, such as sending necessary certificate in a payload or send the certificate signature only

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Add HTTP header to RenderResponse Add HEADER in HTTP Request in Java weblogic - mutual authentication - read certificate from HTTP header Add HTTP header into response for index.html Add HTTP header to response in java socket server IBM Websphere 7 set/add http header value add parameter to an http header using java webservice How to add Location header to the http response? how to add a http header to a soaprequest in java HTTP: What header to add in order to set the charset?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM