从Java中的PEM格式文件中提取多个X.509证书

时间:2017-08-29 11:32:09

标签: java ssl certificate bouncycastle x509

我有一个方法,使用bouncycastle库从给定的PEM格式文件中提取X.509证书。

进口:

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;

方法:

/**
 * Reads an X509 certificate from a PEM file.
 *
 * @param certificateFile The PEM file.
 * @return the X509 certificate, or null.
 * @throws IOException if reading the file fails
 * @throws CertificateException if parsing the certificate fails
 */
public static X509Certificate readCertificatePEMFile(File certificateFile) throws IOException, CertificateException {
    if (certificateFile.exists() && certificateFile.canRead()) {
        try (InputStream inStream = new FileInputStream(certificateFile)) {
            try (PEMParser pemParser = new PEMParser(new InputStreamReader(inStream))) {
                Object object = pemParser.readObject();
                if (object != null && object instanceof X509CertificateHolder) {
                    return new JcaX509CertificateConverter().getCertificate( (X509CertificateHolder)object );
                }
            }
        }
    }
    return null;
}

这适用于" normal"证书文件,例如服务器证书。 如果我有一个包含多个证书的CA链证书文件,我怎样才能从该文件中提取所有证书(显示的方法只提取文件中的第一个证书)。

1 个答案:

答案 0 :(得分:0)

尝试此代码,它处理多个证书和私钥输入im PEM文件

Security.addProvider(new BouncyCastleProvider());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
while((object = pemParser.readObject())!=null)
{
    if(object instanceof X509CertificateHolder)
    {
        X509Certificate x509Cert = (X509Certificate) new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
    }
    else if(object instanceof PEMEncryptedKeyPair)
    {
        if(password==null) throw new IllegalArgumentException("Password required for parsing RSA Private key");

        PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
        converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
    }
    else if(object instanceof PEMKeyPair)
    {
        converter.getKeyPair((PEMKeyPair) object);
    }     
}
相关问题
最新问题