从Java中的.p7b文件提取单个.cer证书 [英] Extracting individual .cer certificate from a .p7b file in java
问题描述
我是密码学的新手,所以如果您认为这是一个基本问题,请原谅
I am new to Cryptography and so please excuse me if you think this is a basic question
我有一个.p7b文件,我需要读取并提取各个公共证书,即.cer文件,并将其存储在密钥存储区中.我不必担心持久存储在密钥存储中,因为已经有一个服务将.cer文件作为 byte [] 并保存.
I have a .p7b file which I need to read and extract the individual public certificates i.e the .cer files and store it in the key store. I need not worry about persisting in the key store as there is already a service which takes in the .cer file as byte[] and saves that.
我想知道的是,如何阅读.p7b并提取单个.cer文件?我知道可以通过openSSL命令来完成,但是我需要在java中做同样的事情.我还需要阅读颁发者名称,因为该名称将用作保留证书的唯一密钥.
What i want to know is , how do i read the .p7b and extract the individual .cer file? I know that can be done via the openSSL commands, but i need to do the same in java. I need to also read the Issued By name as that will be used as a unique key to persist the certificate.
预先感谢
推荐答案
我成功地从p7b文件中读取了各个.X509证书.这是步骤
I was successfully able to read the individual .X509 certificates from the p7b files. Here are the steps
-
第一步包括从java.io.File获取一个byte [].这些步骤包括从文件中删除----- BEGIN PKCS7 -----和----- END PKCS7 -----,并解码其余以base64编码的String.
First step includes, getting a byte[] from the java.io.File. The steps include to remove the -----BEGIN PKCS7----- and -----END PKCS7----- from the file, and decode the remaining base64 encoded String.
BufferedReader reader = new BufferedReader(new FileReader(file));
StringBuilder cerfile = new StringBuilder();
String line = null;
while(( line = reader.readLine())!=null){
if(!line.contains("PKCS7")){
cerfile.append(line);
}
}
byte[] fileBytes = Base64.decode(cerfile.toString().getBytes());
下一步是使用BouncyCastle api解析文件
The next step is to use the BouncyCastle api to parse the file
CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()),contentInfo);
SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString)encapMetaData.getEncapContentInfo().getContent()).getOctets());
CertificateFactory ucf = CertificateFactory.getInstance("X.509");
CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
Enumeration certificates = metaData.getCertificates().getObjects();
// Build certificate path
while (certificates.hasMoreElements()) {
DERObject certObj = (DERObject) certificates.nextElement();
InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
}
上面的步骤工作正常,但是我敢肯定还有其他解决方案可以用更少的代码来实现这一目标.我正在使用bcjdk16罐子.
The above steps are working fine, but i am sure there are other solutions with less lines of code to achieve this. I am using bcjdk16 jars.
这篇关于从Java中的.p7b文件提取单个.cer证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!