在CFML中创建用于SAML的凭据

时间:2018-08-24 13:09:08

标签: certificate saml x509

我正在尝试使用OpenSAML在CFML(Railo)中创建SAML身份验证请求,并且陷入了创建证书对象以设置公钥的问题。

我发现适用于私钥的soem代码无法使用,但将相似的代码与公钥证书一起使用是行不通的。在调用keyFactory.generatePublic()时失败,显示为:“ java.security.InvalidKeyException:IOException:错误解析错误,而不是序列”。

这是否意味着我的公钥需要其他格式,或者我对keySpec的设置有误?我曾尝试使用PKCS8EncodedKeySpec和RSAPublicKeySpec,但这些都不起作用。我使用的证书是使用OpenSSL utils制作的自签名证书,并以.crt格式创建。

我的代码:

                 

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

凯文,谢谢你

1 个答案:

答案 0 :(得分:0)

以防其他任何人必须解决此问题。以下内容似乎可以满足我的需求:

    <cfset local.certBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.certStream   = createObject("java", "java.io.ByteArrayInputStream").init(local.certBytes)>
    <cfset local.certFactory  = createObject("java", "java.security.cert.CertificateFactory").getInstance("X.509")>
    <cfset local.certificate = local.certFactory.generateCertificate(local.certStream)>
相关问题
最新问题