在使用证书进行身份验证时,我是新手。如果我的问题没有意义,请纠正我。
我在本地创建了2048位X.509证书。我有server.crt,server.key,server.key.org和mycert.pfx(mycert.pfx包含公钥和私钥,我在我的代码中使用该文件)。
现在我有一个带有以下代码的Java应用程序:
String tenant="f6377xxx-aeb2-4a8a-be8a-7xxxxa60be3";
String authority = "https://login.windows.net/"+tenant+"/oauth2/authorize";
ExecutorService service=null;
service= Executors.newFixedThreadPool(1);
try
{
AuthenticationContext authenticationContext =
new AuthenticationContext(authority,false,service);
String certFile="/projects/mycert.pfx";
InputStream pkcs12Cert= new SharedFileInputStream(certFile);
AsymmetricKeyCredential credential = AsymmetricKeyCredential.create(
"xxxx-e53c-45b7-432-7b91d93674b6", pkcs12Cert, "password");
Future<AuthenticationResult> future = authenticationContext.acquireToken(
"https://outlook.office365.com", credential, null);
System.out.println("Token Received"+future.get().getAccessToken());
String token=future.get().getAccessToken();
此代码正在尝试向Office 365 API进行身份验证。为此,我在Azure上创建了一个具有租户ID和其他信息的应用程序。现在上面的代码抛出了以下异常。
com.microsoft.aad.adal4j.AuthenticationException:{“error_description”:“AADSTS70002:验证凭据时出错.AADSTS50012:客户端断言包含无效签名。[原因 - 未找到密钥。,客户端使用的密钥指纹:'H6383KO9763C6E4KIE8363032D6',配置密钥:[]] \ r \ nTrace ID:76YT3GG-7b8b-JDU73-afeb-JDUEY7372 \ r \ n相关ID:7H3Y743-a5b7-KD98-88ba-HDUYE7663 \ r \ n时间戳:2016-08- 31 23:56:50Z“,”错误“:”invalid_client“}
原因是因为我没有在服务器端上载证书(即在Azure AD应用程序上)。我跟着this tutorial找到了一个解决方案,显示我必须下载Manifest文件,使用证书对其进行编辑,然后将其上传到Azure服务器。
问题是我不知道从证书中获取以下密钥的值的位置。能否帮助我找到customKeyIdentifier,keyId和value的哪个位置?
"keyCredentials": [
{
"customKeyIdentifier": "$base64Thumbprint_from_above",
"keyId": "$keyid_from_above",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": "$base64Value_from_above"
}
],
答案 0 :(得分:1)
我找到了以下源代码来生成我正在寻找的keyCredentials中的键/值。虽然您需要先生成证书。然后运行代码,keyCredentials内容应该在keycredentials.txt文件中。
@Test
public void testGenerateKeyCredentials(){
String certFile = "/etc/abc/server2.crt";
System.out.printf("Generating keyCredentials entry from %s\n", certFile);
try {
FileInputStream certFileIn = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(certFileIn);
// Generate base64-encoded version of the cert's data
// for the "value" property of the "keyCredentials" entry
byte[] certData = cert.getEncoded();
String certValue = Base64.getEncoder().encodeToString(certData);
System.out.println("Cert value: " + certValue);
// Generate the SHA1-hash of the cert for the "customKeyIdentifier"
// property of the "keyCredentials" entry
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(certData);
String certCustomKeyId = Base64.getEncoder().encodeToString(md.digest());
System.out.println("Cert custom key ID: " + certCustomKeyId);
FileWriter fw = new FileWriter("keycredentials.txt", false);
PrintWriter pw = new PrintWriter(fw);
pw.println("\"keyCredentials\": [");
pw.println(" {");
pw.println(" \"customKeyIdentifier\": \"" + certCustomKeyId + "\",");
pw.println(" \"keyId\": \"" + UUID.randomUUID().toString() + "\",");
pw.println(" \"type\": \"AsymmetricX509Cert\",");
pw.println(" \"usage\": \"Verify\",");
pw.println(" \"value\": \"" + certValue + "\"");
pw.println(" }");
pw.println("],");
pw.close();
System.out.println("Key credentials written to keycredentials.txt");
} catch (FileNotFoundException e) {
System.out.printf("ERROR: Cannot find %s\n", certFile);
} catch (CertificateException e) {
System.out.println("ERROR: Cannot instantiate X.509 certificate");
} catch (NoSuchAlgorithmException e) {
System.out.println("ERROR: Cannot instantiate SHA-1 algorithm");
} catch (IOException e) {
System.out.println("ERROR: Cannot write to keycredentials.txt");
}
}
答案 1 :(得分:0)
certCustomKeyId和certValue的短c#代码:
String certFile =“/ etc / abc / server2.crt”; X509Certificate cert = new X509Certificate();
cert.Import(certFile中);
String certValue = Convert.ToBase64String(cert.GetRawCertData());
Console.WriteLine(“Cert value:”+ certValue);
String certCustomKeyId = Convert.ToBase64String(cert.GetCertHash()); Console.WriteLine(“customKeyIdentifier:”+ certCustomKeyId);
Console.WriteLine(“keyId:”+ System.Guid.NewGuid());