我在HTTP头中通过SSL_CLIENT_CERT varialbe从apache2发送一个PEM编码的客户端证书到jboss5,在我的应用程序中,我正在读取此头文件的值,我尝试在java中解码但是我得到了一个编码异常
java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Unsupported encoding
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
我的apache conf:
<VirtualHost *:443>
ServerName a.localhost
ProxyPass / http://b.localhost:8080/
ProxyPassReverse / http://b.localhost:8080/
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLOptions +ExportCertData +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCertificateFile C:\Users\user\ssh\4pm.si_wildcard.crt
SSLCertificateKeyFile C:\Users\user\ssh\4pm.si_wildcard.key
SSLCACertificateFile C:\Users\user\ssh\ca_cert_bundle.crt
RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
ErrorLog "C:/Apps/wamp/logs/4pm-error-ssl.log"
CustomLog "C:/Apps/wamp/logs/4pm-access-ssl.log" common
</VirtualHost>
我的java代码:
String certStr = certStr = JSFUtil.getRequest().getHeader("x-clientcert");
try {
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certStr.getBytes("UTF-8")));
} catch (CertificateException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
Tnx to owlstead的暗示,这促使我找到解决方案。
此问题的解决方案是:
你需要那些进口:
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.jboss.util.Base64;
public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException{
String certStr = _request.getHeader("x-clientcert");
//before decoding we need to get rid off the prefix and suffix
byte [] decoded = Base64.decode(certStr.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""));
return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
}