![](/img/trans.png)
[英]How do you convert a .CSR / p10 / PKCS#10 file to .DER format in java?
[英]Format for pkcs#10 request, EJBCA
我試圖通過 SOAP web 服務將 pkcs10Request 發送到 EJBCA。 方法簽名是(來自文檔)
CertificateResponse pkcs10Request(java.lang.String username,
java.lang.String password,
java.lang.String pkcs10,
java.lang.String hardTokenSN,
java.lang.String responseType)
where
pkcs10 - the base64 encoded PKCS10 (only the public key is used.)
username - the unique username
password - the password sent with editUser call
hardTokenSN - Hard Token support was dropped since 7.1.0. Use null as this parameter
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
目標是為用戶生成證書。 PKCS#10 是用 java keytoll 制作的,看起來像這樣:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC7jCCAdYCAQAweTELMAkGA1UEBhMCUlUxEjAQBgNVBAgTCVRhdGFyc3RhbjEO
MAwGA1UEBxMFS2F6YW4xGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxFTATBgNV
BAsTDE9yZ2FuaXphdGlvbjEUMBIGA1UEAxMLdGVzdHVzZXIucnUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSDWv0Pt1cBDiqWAYLfQs2Dl0jDWmTK9/k
A46/SMg7GP3VY/KKFiMf0LbaYGHQclIy4wlkUA9408NEOoY6Ynuyh3rRHBnBGkpc
LflcTKfV74V5CbTXyIjFsFFN+WNVvfk+BPh6TVMhJ9NiDrcR4C80l0/MhT4OjG1T
2s5sShrYpdkmplFxIBXQd29aTTNVdgm11Vvs08OBXu8a9x3ND+ZxduXUgTxVmoOu
AA0PrE5lXTxD5zcTDuJi+Y2RTPS2SVeu4ghSbE64941W6PA3fzHz90n9uoeeJdUM
9jfWP/7LAeWahKJCtt+cAZ2yD2W1zBmz0LuHeH8YRUb//gGICf+3AgMBAAGgMDAu
BgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBSUO5s19l5tiHYPcvBYnVG0ULEYCTAN
BgkqhkiG9w0BAQsFAAOCAQEAD0Kpt9/CBwODUyv4lpt7i0ge6Wf0s/Oqbhbvw9Ih
zJnEaFzOHDaVufB1iJ+m3c+Arx7heCRQTnJRTOZ8a9pl3vGyy9Ik+O4+mc5qpLOs
bENMbg5t4KCI08+SjU/7S3woaWwXDL6QIzsoyhMmx8BhnK04T0P46PsTf2h/PE1E
Z5qRW8/VFTI7K1/q+/tbvIo1TCfb9eUDi+9h1GAQLVhBCNjR459qxzybmyhIclpr
I51hwyhkAi3u7uIIGXgvdfjt/pRbH5XmBaoaK5DC6ppEM4btp12aRZh8QB3xoO7q
2Geas0gYqew6MfHflHvktOk8RpAC+cM/rnfRYIWY7C96LQ==
-----END NEW CERTIFICATE REQUEST-----
我這樣發送請求:
Pkcs10Request request = new Pkcs10Request();
request.setArg0(certRqDto.getUsername());
request.setArg1(certRqDto.getPassword());
request.setArg2(certRqDto.getPkcs10());
request.setArg3(null);
request.setArg4("CERTIFICATE");
JAXBElement<Pkcs10Request> element = objectFactory.createPkcs10Request(request);
JAXBElement<Pkcs10RequestResponse> response = (JAXBElement<Pkcs10RequestResponse>) wsClient.getWebServiceTemplate().marshalSendAndReceive(element, new SoapActionCallback(EMPTY_ACTION_STRING));
但是我遇到了錯誤,在 EJBCA 的日志中我看到了這個錯誤:
2021-05-18 09:33:00,429 DEBUG [org.cesecore.certificates.certificate.request.RequestMessageUtils] (default task-2) Message not base64 encoded? Trying as binary: Error in input buffer, missing -----BEGIN NEW CERTIFICATE REQUEST----- boundary
2021-05-18 09:33:00,429 WARN [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-2) PKCS10 not initiated! unknown tag 13 encountered
...
2021-05-18 09:33:00,431 ERROR [org.jboss.as.ejb3.invocation] (default task-2) WFLYEJB0034: EJB Invocation failed on component CertificateCreateSessionBean for method public abstract org.cesecore.certificates.certificate.request.CertificateResponseMessage org.cesecore.certificates.certificate.CertificateCreateSessionLocal.createCertificate(...)
...
Caused by: java.lang.NullPointerException
at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:444)
at org.cesecore.certificates.certificate.request.PKCS10RequestMessage.verify(PKCS10RequestMessage.java:430)
如果我沒記錯的話,原因在pkcs10。 但它包含 substring “-----BEGIN NEW CERTIFICATE REQUEST-----”。 我不明白,我必須以什么格式發送 pkcs#10。 我是新手,請幫忙。
發送沒有 header 的請求-----開始新的證書請求-----和頁腳幫助了我。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.