[英]Decode/Read a CSR (Certificate Signing Request) Using Java or BouncyCastle
我正在使用代碼生成CSR(證書簽名請求)而沒有相應信息的問題。 我需要指針來弄清楚如何使用Java和/或BouncyCastle讀取CSR內容。
任何指針或想法都表示贊賞。
弄清楚了:
這是代碼:
public class EncryptDecrypt {
private Logger LOG = LoggerFactory.getLogger(EncryptDecrypt.class);
private final String COUNTRY = "2.5.4.6";
private final String STATE = "2.5.4.8";
private final String LOCALE = "2.5.4.7";
private final String ORGANIZATION = "2.5.4.10";
private final String ORGANIZATION_UNIT = "2.5.4.11";
private final String COMMON_NAME = "2.5.4.3";
@Test
public void testReadCertificateSigningRequest() {
String csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n" +
"MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEzAR\n" +
"BgNVBAcTCkJvY2EgUmF0b24xGzAZBgNVBAoTEkxvb25leSBUb29ucywgSW5jLjEU\n" +
"MBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjAN\n" +
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJCj31d1Rp+aKz/GTkedaiS/VSCc\n" +
"PRARYgXukobjgBHx46HjldAcfg/DoANn5lEQaFxaIZJLbZ/AdLUyw/hUbU0CjWXv\n" +
"pN3Ep3o9XgRTPkIFoI22VOI/O2ZLjBq/E4DWyVmv+vG6BK0LRh7hykzPCw6KIRR9\n" +
"NCmUMJMQX5d5P/r1lR5H399pnLcLsrHoWDwBSEDgkGWyxnvEB0+/bIz42T3qnlFt\n" +
"7avarxlHG2p5DoRTf8GJ+6imY88ZeBW/Nk18aDINsAHWLv383JICIAsZ3VuMk8m/\n" +
"Z/Z5b21zIuZECDJjZjvAAjr/shVLB+Pck5+HJy6tqj79MJOQu+jKIrK8VwIDAQAB\n" +
"oAAwDQYJKoZIhvcNAQEFBQADggEBAGtuAAHG4OC9jSRjGWSqfMXTDMz9tgekDREA\n" +
"SYv5QIrOXsMzwbgDw8LxRJZEskl4JJOnjwEvUXWUF1M6XmG2h358nOnrkOlsumHw\n" +
"Tx5gGSr6S6aJO/HG46erctE8aWpnFZYMfuEkul4ApsIufL7Bxqs3NHZWcrWBlLIP\n" +
"aVCKx1FPRMC36Tj3EslbuUB/iTRt90Nfq1IxHMIKiwCiSNJSqfRVLANhI8MUbOjB\n" +
"CBly1wcH68WWNkyvHVvbcF/B9AfYG9AqWjZjygKpyf81VZWctXhDc8UtomqrblXN\n" +
"mvz4RKpIhZQLuuxlBrdzJkPm2sOdtdZghebCRRVWdjsig4sylgQ=\n" +
"-----END CERTIFICATE REQUEST-----";
PKCS10CertificationRequest csr = convertPemToPKCS10CertificationRequest(csrPEM);
X500Name x500Name = csr.getSubject();
System.out.println("x500Name is: " + x500Name + "\n");
// country is 2.5.4.6
System.out.println("COUNTRY: " + getX500Field(COUNTRY, x500Name));
// state is 2.5.4.8
System.out.println("STATE: " + getX500Field(STATE, x500Name));
// locale is 2.5.4.7
System.out.println("LOCALE: " + getX500Field(LOCALE, x500Name));
}
private String getX500Field(String asn1ObjectIdentifier, X500Name x500Name) {
RDN[] rdnArray = x500Name.getRDNs(new ASN1ObjectIdentifier(asn1ObjectIdentifier));
String retVal = null;
for (RDN item : rdnArray) {
retVal = item.getFirst().getValue().toString();
}
return retVal;
}
private PKCS10CertificationRequest convertPemToPKCS10CertificationRequest(String pem) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
PKCS10CertificationRequest csr = null;
ByteArrayInputStream pemStream = null;
try {
pemStream = new ByteArrayInputStream(pem.getBytes("UTF-8"));
} catch (UnsupportedEncodingException ex) {
LOG.error("UnsupportedEncodingException, convertPemToPublicKey", ex);
}
Reader pemReader = new BufferedReader(new InputStreamReader(pemStream));
PEMParser pemParser = new PEMParser(pemReader);
try {
Object parsedObj = pemParser.readObject();
System.out.println("PemParser returned: " + parsedObj);
if (parsedObj instanceof PKCS10CertificationRequest) {
csr = (PKCS10CertificationRequest) parsedObj;
}
} catch (IOException ex) {
LOG.error("IOException, convertPemToPublicKey", ex);
}
return csr;
}
private String toPEM(Object key) {
StringWriter sw = new StringWriter();
PEMWriter pem = new PEMWriter(sw);
try {
pem.writeObject(key);
pem.close();
} catch (IOException e) {
System.out.printf("IOException: %s%n", e);
}
return sw.toString();
}
}
我建立在David的答案上,以驗證在Android上的Kotlin中進行單元測試的CSR內容。 它假設您以字符串格式開始使用CSR。 CSR是使用SpongyCastle JcaPKCS10CertificationRequestBuilder生成的。
class yourCsrTestClass {
...
private lateinit var csrContent: PKCS10CertificationRequest
...
@Test
fun yourCsrTest() {
//This creates a CSR with SpongyCastle which we will test
val csr = yourCSRService.generateRequest()
//Convert our CSR string in modified code from David
convertCsrString(csr)
//Get x500Name subject
val x500Name = csrContent.subject
//Assert test as true if content matches as intended
//This can be applied to any CSR attribute
assertTrue(getX500Field(BCStrictStyle.O.toString(), x500Name) == "Your intender organization name")
}
...
private fun convertCsrString(pemCsr: String) {
val stream = ByteArrayInputStream(pemCsr.toByteArray())
val pemReader = BufferedReader(InputStreamReader(stream))
var pemParser: PEMParser? = null
try {
pemParser = PEMParser(pemReader)
val parsedObj = pemParser.readObject()
println("PemParser returned: $parsedObj")
if (parsedObj is PKCS10CertificationRequest) {
csrContent = parsedObj
}
} catch (ex: IOException) {
Log.d("IOException, convertPemToPublicKey", ex.toString())
} finally {
if (pemParser != null) {
IOUtils.closeQuietly(pemParser)
}
}
}
...
private fun getX500Field(asn1ObjectIdentifier: String, x500Name: X500Name): String {
val rdnArray = x500Name.getRDNs(ASN1ObjectIdentifier(asn1ObjectIdentifier))
return rdnArray[0].first.value.toString()
}
}
我建議這個“簡單”的解決方案來讀取csr
您必須添加依賴項
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
<version>1.62</version>
</dependency>
創建新對象CSRObject
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import java.io.*;
public class CSRObject {
private final X500Name x500Name;
public CSRObject(final String csr) throws IOException {
final Reader pemReader = new StringReader(csr);
final PEMParser pemParser = new PEMParser(pemReader);
x500Name = ((PKCS10CertificationRequest) pemParser.readObject()).getSubject();
}
public String get(final CSRObjectEnum field) {
RDN[] rdnArray = x500Name.getRDNs(new ASN1ObjectIdentifier(field.code));
String retVal = null;
for (RDN item : rdnArray) {
retVal = item.getFirst().getValue().toString();
}
return retVal;
}
public enum CSRObjectEnum {
COUNTRY("2.5.4.6"),
STATE("2.5.4.8"),
LOCALE("2.5.4.7"),
ORGANIZATION("2.5.4.10"),
ORGANIZATION_UNIT("2.5.4.11"),
COMMON_NAME("2.5.4.3"),//
;
private final String code;
CSRObjectEnum(final String sCode) {
code = sCode;
}
}
}
你可以用這種方法測試:
@Test
public void test() throws IOException {
final CSRObject csr = new CSRObject(TEST_CERTIF);
for (final CSRObject.CSRObjectEnum field : CSRObject.CSRObjectEnum.values()){
LOGGER.info("{}:{}", field.name(), csr.get(field));
}
}
TEST_CERTIF是String
private static final String TEST_CERTIF = "-----BEGIN CERTIFICATE REQUEST-----\n" +
"...\n" +
"-----END CERTIFICATE REQUEST-----\n";
BouncyCastle:從證書簽名請求中提取公鑰信息
[英]BouncyCastle: Extract public key informationfrom Certificate Signing Request
添加屬性到證書請求,java + bouncycastle 1.48
[英]Adding attributes to certificate request, java + bouncycastle 1.48
使用Java或BouncyCastle而不使用私鑰生成CSR
[英]CSR generation using java or BouncyCastle without using Private key
創建密鑰對證書並使用BouncyCastle與外部CA簽名
[英]Creating a Key Pair Certificate and Signing It with External CA using BouncyCastle
Android 上的讀/寫證書簽名請求 (spongycastle)
[英]Read/Write Certificate Signing Request on Android (spongycastle)
如何使用BouncyCastle通過Java中的PEMParser讀取沒有BEGIN和END的PEM證書
[英]How to read a PEM certificate without BEGIN and END via PEMParser in Java using BouncyCastle
使用BouncyCastle進行Java簽名文件-使用秘密密鑰環創建文件簽名
[英]Java signing files with BouncyCastle - Create signature of a file using secret keyring
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.