pkcs#10 请求的格式，EJBCA

Question

我试图通过 SOAP web 服务将 pkcs10Request 发送到 EJBCA。 方法签名是（来自文档）

CertificateResponse pkcs10Request(java.lang.String username,
                                  java.lang.String password,
                                  java.lang.String pkcs10,
                                  java.lang.String hardTokenSN,
                                  java.lang.String responseType)
where
    pkcs10 - the base64 encoded PKCS10 (only the public key is used.)
    username - the unique username
    password - the password sent with editUser call    
    hardTokenSN - Hard Token support was dropped since 7.1.0. Use null as this parameter
    responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.

目标是为用户生成证书。 PKCS#10 是用 java keytoll 制作的，看起来像这样：

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC7jCCAdYCAQAweTELMAkGA1UEBhMCUlUxEjAQBgNVBAgTCVRhdGFyc3RhbjEO
MAwGA1UEBxMFS2F6YW4xGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxFTATBgNV
BAsTDE9yZ2FuaXphdGlvbjEUMBIGA1UEAxMLdGVzdHVzZXIucnUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSDWv0Pt1cBDiqWAYLfQs2Dl0jDWmTK9/k
A46/SMg7GP3VY/KKFiMf0LbaYGHQclIy4wlkUA9408NEOoY6Ynuyh3rRHBnBGkpc
LflcTKfV74V5CbTXyIjFsFFN+WNVvfk+BPh6TVMhJ9NiDrcR4C80l0/MhT4OjG1T
2s5sShrYpdkmplFxIBXQd29aTTNVdgm11Vvs08OBXu8a9x3ND+ZxduXUgTxVmoOu
AA0PrE5lXTxD5zcTDuJi+Y2RTPS2SVeu4ghSbE64941W6PA3fzHz90n9uoeeJdUM
9jfWP/7LAeWahKJCtt+cAZ2yD2W1zBmz0LuHeH8YRUb//gGICf+3AgMBAAGgMDAu
BgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBSUO5s19l5tiHYPcvBYnVG0ULEYCTAN
BgkqhkiG9w0BAQsFAAOCAQEAD0Kpt9/CBwODUyv4lpt7i0ge6Wf0s/Oqbhbvw9Ih
zJnEaFzOHDaVufB1iJ+m3c+Arx7heCRQTnJRTOZ8a9pl3vGyy9Ik+O4+mc5qpLOs
bENMbg5t4KCI08+SjU/7S3woaWwXDL6QIzsoyhMmx8BhnK04T0P46PsTf2h/PE1E
Z5qRW8/VFTI7K1/q+/tbvIo1TCfb9eUDi+9h1GAQLVhBCNjR459qxzybmyhIclpr
I51hwyhkAi3u7uIIGXgvdfjt/pRbH5XmBaoaK5DC6ppEM4btp12aRZh8QB3xoO7q
2Geas0gYqew6MfHflHvktOk8RpAC+cM/rnfRYIWY7C96LQ==
-----END NEW CERTIFICATE REQUEST-----

我这样发送请求：

Pkcs10Request request = new Pkcs10Request();
        request.setArg0(certRqDto.getUsername());
        request.setArg1(certRqDto.getPassword());
        request.setArg2(certRqDto.getPkcs10());
        request.setArg3(null);
        request.setArg4("CERTIFICATE");

        JAXBElement<Pkcs10Request> element = objectFactory.createPkcs10Request(request);
        JAXBElement<Pkcs10RequestResponse> response = (JAXBElement<Pkcs10RequestResponse>) wsClient.getWebServiceTemplate().marshalSendAndReceive(element, new SoapActionCallback(EMPTY_ACTION_STRING));

但是我遇到了错误，在 EJBCA 的日志中我看到了这个错误：

2021-05-18 09:33:00,429 DEBUG [org.cesecore.certificates.certificate.request.RequestMessageUtils] (default task-2) Message not base64 encoded? Trying as binary: Error in input buffer, missing -----BEGIN NEW CERTIFICATE REQUEST----- boundary
2021-05-18 09:33:00,429 WARN  [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-2) PKCS10 not initiated! unknown tag 13 encountered
...
2021-05-18 09:33:00,431 ERROR [org.jboss.as.ejb3.invocation] (default task-2) WFLYEJB0034: EJB Invocation failed on component CertificateCreateSessionBean for method public abstract org.cesecore.certificates.certificate.request.CertificateResponseMessage org.cesecore.certificates.certificate.CertificateCreateSessionLocal.createCertificate(...)
...
Caused by: java.lang.NullPointerException
    at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:444)
    at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:430)

如果我没记错的话，原因在pkcs10。 但它包含 substring “-----BEGIN NEW CERTIFICATE REQUEST-----”。 我不明白，我必须以什么格式发送 pkcs#10。 我是新手，请帮忙。

Answer 1

发送没有 header 的请求-----开始新的证书请求-----和页脚帮助了我。

pkcs#10 请求的格式，EJBCA

问题描述

1 个解决方案

解决方案1
0 2021-05-18 11:21:49

pkcs#10 请求的格式，EJBCA

问题描述

1 个解决方案

解决方案1 0 2021-05-18 11:21:49

解决方案1
0 2021-05-18 11:21:49