我是新的证书,我有一个场景,需要阅读SSL证书,解压缩并验证证书中指定的电子邮件。因为我写了下面的代码,但我得到java.lang.IllegalArgumentException。
public GenericFormResponse execute(WebRequest wreq, String epName, String ipAddr, boolean useDefault, MultipartFile certFile)throws Exception {
.......//some code
byte[] certBytes = certFile.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certBytes));
NameAdapter subject = CertificateVerifier.getSubject(cert);
if(StringUtils.equalsIgnoreCase(subject.getEmailAddress(), email)){
ep.setCertData(cert.getSignature());
}else{
LOGGER.debug("invalid certificates found.");
response.setSuccess(false);
response.setGlobalErrorCode("sa_endpoint_invalid_cert");
return response;
}
......//some code.
}
CertificateVerifier.getSubject(cert);是在另一个场景中正常运行的自定义代码。
异常堆栈跟踪:
Caused by: java.lang.IllegalArgumentException: Bad sequence size: 6
at org.bouncycastle.asn1.x509.AlgorithmIdentifier.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.asn1.x509.TBSCertificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.asn1.x509.TBSCertificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.asn1.x509.Certificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.asn1.x509.Certificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readPEMCertificate(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
... 43 common frames omitted
请帮助任何人,如何阅读.csr文件。证书文件格式低于。
-----BEGIN CERTIFICATE-----
MIIC+zCCAeMCAQAwgYUxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcT
CUJlbmdhbHVydTESMBAGA1UEChMJQ29ubkluZGlhMRYwFAYDVQQLEw1Db25uZWN0IEluZGlhMSIw
IAYDVQQDExl3d3cudGVzdC5jb25uZWN0aW5kaWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA7it/pHtJCLuc4BohScXvruMPY+QI8Y60gsp6Hm9tcWm1c4RHs0suGZ0jptHZEHsF
AJZm9fmjQsF2Oni0Ty1yGymIWcLh3NcXn7tthwpDH1k48fYWsluB1kWbxyTqv9vVDjXBcVoCUIUc
1jXIoaYxzb4VVgQvHkRwtPCIVygMfB6vBChPltdX0w0pQa8oFaL44w1afGukEjrrDuq1L9aejAI1
roPAZ3cYeMjzURrXP2sybdB9pcPvRqMkGhth17fzJOkOTHKiLObXp+euU8FwC/MIj1p0HiSd+XsZ
GKcqzLJ/6u2keOJIn83B4gUCo8Q23zqblPmcNRIdL5qMhtu9DQIDAQABoDAwLgYJKoZIhvcNAQkO
MSEwHzAdBgNVHQ4EFgQUrW69RwCRyWpbF9p4wP/sA//M6IIwDQYJKoZIhvcNAQELBQADggEBAJmC
RJpUZyzW1reLYtd6Iw7rzya3Fg3EKVksHIXxmtRxOMG+kbLdc2+p/SjTIGSWjs7EoCItJ+UsrPQM
uk8dEi4G3R9qIfGXycMX1tST9N4yy4nGALEYQ7MQlikCdsvzGh0u7G75nAMaObgf9hra513SsrqD
ta1jjZBlF6sp0VfRoqpvT09lqEkKmWQhYAtkIPIfgnRxCpC+IqxS2fk/x14pLnaRWtjHQOqOeKEo
KMG7dWtp15MKeKtNt8O5lahHH5yjtutwkGDHIQD6oksqxzBPvdLpQPJ90pxCdegwczRyDq/puzAb
DVwakU/8b0JLco4Mm/Bo3OxGjPmFdkO7P7g=
-----END CERTIFICATE-----
提前致谢。
答案 0 :(得分:0)
X509缺少点使用 X.509
CertificateFactory cf = CertificateFactory.getInstance("X.509")
答案 1 :(得分:0)
首先,我很困惑。你说你需要阅读SSL证书。但是您正在读取包含“证书签名请求”的.csr文件。这不是证书。从这个请求中,可以读取公钥,有效期,密钥用法并使用所有这些来创建证书。为此,请按照步骤进行操作。
javax.xml.bind.DatatypeConverter.parseBase64Binary( “...”)
PKCS10CertificationRequest pkcs10CertificationRequest = new PKCS10CertificationRequest(csrData);