我有p12个文件,我应该获得X.509证书。为了使用此文件,我使用forge库:
var forge = require('node-forge');
var fs = require('fs');
var keyFile = fs.readFileSync("/path/to/p12/file.p12", 'binary');
var p12Asn1 = forge.asn1.fromDer(keyFile);
var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, 'password');
var bags = p12.getBags({bagType: forge.pki.oids.certBag});
var cert = bags[forge.pki.oids.certBag][0];
console.log(cert);
控制台向我输出这种信息:
{ type: '1.2.840.113549.1.12.10.1.3',
attributes:
{ localKeyId: [ 'aoa ??xx\u0015-?]%m§ §\f,\u0013' ],
friendlyName: [ 'e56fe5a0899f787815adaf5d256da7a0a70c2c13' ] },
cert: null,
asn1:
{ tagClass: 0,
type: 16,
constructed: true,
composed: true,
value: [ [Object], [Object], [Object] ] } }
此结果表示我有一个名为e56fe5a0899f787815adaf5d256da7a0a70c2c13的别名,但为什么cert为null?
有Java的安全api,它可以通过它的别名从这个p12文件中提取X.509证书。
X509Certificate x509Certificate = (X509Certificate) ks.getCertificate(alias);
如何使用p12从forge文件中提取X.509证书?
节点版本5.4.1
Forge Version 0.6.45
在那里,您可以下载我的测试p12文件:link
密码为123456
答案 0 :(得分:2)
根据[https://github.com/digitalbazaar/forge/issues/237#issuecomment-93555599]:
如果forge无法识别密钥格式,则它将返回null 密钥包中的key属性,并使用raw设置asn1属性 ASN.1表示密钥。
所以,你需要convert to ASN.1, then DER, then PEM-encode:
var forge = require('node-forge');
var fs = require('fs');
var keyFile = fs.readFileSync("./gost.p12", 'binary');
var p12Asn1 = forge.asn1.fromDer(keyFile);
var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, '123456');
var bags = p12.getBags({bagType: forge.pki.oids.certBag});
var bag = bags[forge.pki.oids.certBag][0];
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'CERTIFICATE',
body: forge.asn1.toDer(bag.asn1).getBytes()
};
var pem = forge.pem.encode(msg);
console.log(pem);