从Java中的.p7b文件提取单个.cer证书 [英] Extracting individual .cer certificate from a .p7b file in java

问题描述

我是密码学的新手，所以如果您认为这是一个基本问题，请原谅

I am new to Cryptography and so please excuse me if you think this is a basic question

我有一个.p7b文件，我需要读取并提取各个公共证书，即.cer文件，并将其存储在密钥存储区中.我不必担心持久存储在密钥存储中，因为已经有一个服务将.cer文件作为 byte [] 并保存.

I have a .p7b file which I need to read and extract the individual public certificates i.e the .cer files and store it in the key store. I need not worry about persisting in the key store as there is already a service which takes in the .cer file as byte[] and saves that.

我想知道的是，如何阅读.p7b并提取单个.cer文件?我知道可以通过openSSL命令来完成，但是我需要在java中做同样的事情.我还需要阅读颁发者名称，因为该名称将用作保留证书的唯一密钥.

What i want to know is , how do i read the .p7b and extract the individual .cer file? I know that can be done via the openSSL commands, but i need to do the same in java. I need to also read the Issued By name as that will be used as a unique key to persist the certificate.

预先感谢

推荐答案

我成功地从p7b文件中读取了各个.X509证书.这是步骤

I was successfully able to read the individual .X509 certificates from the p7b files. Here are the steps

• 第一步包括从java.io.File获取一个byte [].这些步骤包括从文件中删除----- BEGIN PKCS7 -----和----- END PKCS7 -----，并解码其余以base64编码的String.

• First step includes, getting a byte[] from the java.io.File. The steps include to remove the -----BEGIN PKCS7----- and -----END PKCS7----- from the file, and decode the remaining base64 encoded String.

BufferedReader reader = new BufferedReader(new FileReader(file));
StringBuilder cerfile = new StringBuilder();
String line = null;
while(( line = reader.readLine())!=null){
  if(!line.contains("PKCS7")){
    cerfile.append(line);
  }
}
byte[] fileBytes = Base64.decode(cerfile.toString().getBytes());

下一步是使用BouncyCastle api解析文件

The next step is to use the BouncyCastle api to parse the file

CMSSignedData  dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());

CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()),contentInfo);
SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());

CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString)encapMetaData.getEncapContentInfo().getContent()).getOctets());
CertificateFactory ucf = CertificateFactory.getInstance("X.509");

CMSSignedData  unsignedParser = new CMSSignedData(cin.getInputStream());
ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
Enumeration certificates = metaData.getCertificates().getObjects();

// Build certificate path

while (certificates.hasMoreElements()) {
   DERObject certObj = (DERObject) certificates.nextElement();
   InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
   X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
 X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
}

上面的步骤工作正常，但是我敢肯定还有其他解决方案可以用更少的代码来实现这一目标.我正在使用bcjdk16罐子.

The above steps are working fine, but i am sure there are other solutions with less lines of code to achieve this. I am using bcjdk16 jars.

这篇关于从Java中的.p7b文件提取单个.cer证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！