将证书文件加载到证书对象中 [英] Load certificate file into Certificate Object
本文介绍了将证书文件加载到证书对象中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试将证书文件加载到证书对象中,但我得到以下异常。
java.security。 cert.CertificateParsingException:无效的DER编码证书数据
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1701)
at sun.security.x509.X509CertImpl。< init>(X509CertImpl .java:303)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:532)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:417)
在java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:427)
以下是代码我用来读取证书文件,
final CertificateFactory certFactory = CertificateFactory.getInstance(X.509);
最终收藏<?扩展证书> certs =
(集合<?extends Certificate>)certFactory.generateCertificates(new ByteArrayInputStream(FileUtils.readFileToByteArray(serverCertFile)));
以下是证书文件的内容,
证书:
数据:
版本:3(0x2)
序列号:
c1:cb:80:07:27: ce:4b:62
签名算法:sha1WithRSAEncryption
发行人:C = qw,ST = ewe,L = rew,O = rwerwe,OU = rwer,CN = rew / emailAddress = rewrew
有效期
之前:1月28日06:17:34 GMT
之后:2月27日06:17:34 GMT
主题:C = qw,ST = ewe,L = rew ,O = rwerwe,OU = rwer,CN = rew / emailAddress = rewrew
主题公钥信息:
公钥算法:rsaEncryption
RSA公钥:(1024位)
模数(1024位):
00:b6:d5:fd:01:2b:6d:ab:e2:da:a9:b4:a9:67:48:
ce:72:d9: 15:de:66:22:8e:68:a8:7b:7e:55:06:97:
56:d2:bd:6a:2e:04:89:df:6a:36:9e: 3d:ba:fc:32:
b2:8b:f0:69:5d:54:54:b6:3e:b5:55:38:89:1f:1c:
d0:4b:21:de:76:b3:be:fc:41:b5:62:b8:b8:3b:dc:
ad:6d:e1:fc:1c:56:6d:90: 1a:b3:6c:57:7e:66:a0:
07:b9:16:99:cc:d4:c9:ee:05:7c:9d:1c:fb:6b:8f:
a3:4b:d6:1c:a9:aa:51:e1:41:0d:10:a9:fe:b6:1b:
f0:33:0c:ea:52:b9:9b: 8e:5d
指数:65537(0x10001)
X509v3分机:
X509v3主题密钥标识符:
FF:24:75:B1:32:C2:74:6D:B4 :CB:22:A9:92:CF:F4:B6:4A:5F:0B:56
X509v3授权密钥标识符:
keyid:FF:24:75:B1:32:C2:74 :6D:B4:CB:22:A9:92:CF:F4:B6:4A:5F:0B:56
DirName:/ C = qw / ST = ewe / L = rew / O = rwerwe / OU = rwer / CN = rew / emailAddress = rewrew
serial:C1:CB:80:07:27:CE:4B:62
X509v3基本约束:
CA:TRUE
签名算法:sha1WithRSAEncryption
46:14:65:27:c2:cd:55:ba:b4:0f:92:ac:8c:e4:bd:e5:e5:8d:
e3:3b:59:52:9b:40:6a:dc:e3:cf:2c:03:49:e4:56:33:88: f6:
94:10:de:64:00:2e:c6:2a:13:98:d0:16:71:25:8a:ea:04:3f:
14:af: bf:8d:e1:7f:aa:54:78:68:32:86:67:9d:1d:42:fc:cb:
1d:f2:7c:0b:1d:24:2f: e5:3f:bd:01:bd:d7:2d:74:4a:e9:7b:
2f:25:97:64:7e:10:ba:bf:dd:49:6d:8a: 91:e4:50:d8:a3:04:
cc:37:8c:45:bd:13:b7:88:72:ef:24:20:b1:aa:05:6c:37: 36:
05:6
----- BEGIN CERTIFICATE -----
MIIDLjCCApegAwIBAgIJAMHLgAcnzktiMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNV
BAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3JldzEPMA0GA1UEChMGcndl
cndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcxFTATBgkqhkiG9w0BCQEW
BnJld3JldzAeFw0xMzAxMjgwNjE3MzRaFw0xMzAyMjcwNjE3MzRaMG4xCzAJBgNV
BAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3JldzEPMA0GA1UEChMGcndl
cndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcxFTATBgkqhkiG9w0BCQEW
BnJld3JldzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAttX9ASttq + LaqbSp
Z0jOctkV3mYijmioe35VBpdW0r1qLgSJ32o2nj26 / DKyi / BpXVRUtj61VTiJHxzQ
SyHedrO + / EG1Yri4O9ytbeH 8HFZtkBqzbFd + ZqAHuRaZzNTJ7gV8nRz7a4 + jS9Yc
qapR4UENEKn + thvwMwzqUrmbjl0CAwEAAaOB0zCB0DAdBgNVHQ4EFgQU / yR1sTLC
dG20yyKpks / 0tkpfC1YwgaAGA1UdIwSBmDCBlYAU / yR1sTLCdG20yyKpks / 0tkpf
C1ahcqRwMG4xCzAJBgNVBAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3Jl
dzEPMA0GA1UEChMGcndlcndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcx
FTATBgkqhkiG9w0BCQEWBnJld3Jld4IJAMHLgAcnzktiMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQEFBQADgYEARhRlJ8LNVbq0D5KsjOS95eWN4ztZUptAatzjzywD
SeRWM4j2lBDeZAAuxioTmNAWcSWK6gQ / FK + / jeF / qlR4aDKGZ50dQvzLHfJ8Cx0k
L + U / vQG91y10Sul7LyWXZH4Qur / dSW2KkeRQ2KMEzDeMRb0Tt4hy7yQgsaoFbDc2
BcY =
----- END CERTIFICATE -----
如果我使用相同的代码从顶部删除证书文件中的内容直到BEGIN CERTIFICATE,它的工作正常。但我的要求是证书文件会有这些内容。有没有人遇到过这个错误?任何帮助都将非常感激。
解决方案
问题是 CertificateFactory 如果证书以 ----- BEGIN CERTIFICATE ----- 立即开始,则仅以PEM格式读取证书。有些工具首先添加额外信息(此处为 openssl x509 -text 的结果),但证书工厂不会忽略它并将其视为格式错误的证书。 / p>
相反,使用 BuffedReader 和 readLine() 来读取你的文件,在你到达 ----- BEGIN CERTIFICATE ----- 之前忽略任何一行。然后,将所有行直到 ----- END CERTIFICATE ----- 添加到临时字符串变量(或类似的,例如 StringBuilder )。将此传递给 CertificateFactory 。
I am trying to load certificate file into certificate object, but I am getting the below exception.
java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1701)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:303)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:532)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:417)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:427)
Below is the code I am using to read the certificate file,
final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
final Collection<? extends Certificate> certs =
(Collection<? extends Certificate>) certFactory.generateCertificates(new ByteArrayInputStream(FileUtils.readFileToByteArray(serverCertFile)));
Below is the contents of certificate file,
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c1:cb:80:07:27:ce:4b:62
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=qw, ST=ewe, L=rew, O=rwerwe, OU=rwer, CN=rew/emailAddress=rewrew
Validity
Not Before: Jan 28 06:17:34 2013 GMT
Not After : Feb 27 06:17:34 2013 GMT
Subject: C=qw, ST=ewe, L=rew, O=rwerwe, OU=rwer, CN=rew/emailAddress=rewrew
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b6:d5:fd:01:2b:6d:ab:e2:da:a9:b4:a9:67:48:
ce:72:d9:15:de:66:22:8e:68:a8:7b:7e:55:06:97:
56:d2:bd:6a:2e:04:89:df:6a:36:9e:3d:ba:fc:32:
b2:8b:f0:69:5d:54:54:b6:3e:b5:55:38:89:1f:1c:
d0:4b:21:de:76:b3:be:fc:41:b5:62:b8:b8:3b:dc:
ad:6d:e1:fc:1c:56:6d:90:1a:b3:6c:57:7e:66:a0:
07:b9:16:99:cc:d4:c9:ee:05:7c:9d:1c:fb:6b:8f:
a3:4b:d6:1c:a9:aa:51:e1:41:0d:10:a9:fe:b6:1b:
f0:33:0c:ea:52:b9:9b:8e:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:24:75:B1:32:C2:74:6D:B4:CB:22:A9:92:CF:F4:B6:4A:5F:0B:56
X509v3 Authority Key Identifier:
keyid:FF:24:75:B1:32:C2:74:6D:B4:CB:22:A9:92:CF:F4:B6:4A:5F:0B:56
DirName:/C=qw/ST=ewe/L=rew/O=rwerwe/OU=rwer/CN=rew/emailAddress=rewrew
serial:C1:CB:80:07:27:CE:4B:62
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
46:14:65:27:c2:cd:55:ba:b4:0f:92:ac:8c:e4:bd:e5:e5:8d:
e3:3b:59:52:9b:40:6a:dc:e3:cf:2c:03:49:e4:56:33:88:f6:
94:10:de:64:00:2e:c6:2a:13:98:d0:16:71:25:8a:ea:04:3f:
14:af:bf:8d:e1:7f:aa:54:78:68:32:86:67:9d:1d:42:fc:cb:
1d:f2:7c:0b:1d:24:2f:e5:3f:bd:01:bd:d7:2d:74:4a:e9:7b:
2f:25:97:64:7e:10:ba:bf:dd:49:6d:8a:91:e4:50:d8:a3:04:
cc:37:8c:45:bd:13:b7:88:72:ef:24:20:b1:aa:05:6c:37:36:
05:c6
-----BEGIN CERTIFICATE-----
MIIDLjCCApegAwIBAgIJAMHLgAcnzktiMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNV
BAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3JldzEPMA0GA1UEChMGcndl
cndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcxFTATBgkqhkiG9w0BCQEW
BnJld3JldzAeFw0xMzAxMjgwNjE3MzRaFw0xMzAyMjcwNjE3MzRaMG4xCzAJBgNV
BAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3JldzEPMA0GA1UEChMGcndl
cndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcxFTATBgkqhkiG9w0BCQEW
BnJld3JldzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAttX9ASttq+LaqbSp
Z0jOctkV3mYijmioe35VBpdW0r1qLgSJ32o2nj26/DKyi/BpXVRUtj61VTiJHxzQ
SyHedrO+/EG1Yri4O9ytbeH8HFZtkBqzbFd+ZqAHuRaZzNTJ7gV8nRz7a4+jS9Yc
qapR4UENEKn+thvwMwzqUrmbjl0CAwEAAaOB0zCB0DAdBgNVHQ4EFgQU/yR1sTLC
dG20yyKpks/0tkpfC1YwgaAGA1UdIwSBmDCBlYAU/yR1sTLCdG20yyKpks/0tkpf
C1ahcqRwMG4xCzAJBgNVBAYTAnF3MQwwCgYDVQQIEwNld2UxDDAKBgNVBAcTA3Jl
dzEPMA0GA1UEChMGcndlcndlMQ0wCwYDVQQLEwRyd2VyMQwwCgYDVQQDEwNyZXcx
FTATBgkqhkiG9w0BCQEWBnJld3Jld4IJAMHLgAcnzktiMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQEFBQADgYEARhRlJ8LNVbq0D5KsjOS95eWN4ztZUptAatzjzywD
SeRWM4j2lBDeZAAuxioTmNAWcSWK6gQ/FK+/jeF/qlR4aDKGZ50dQvzLHfJ8Cx0k
L+U/vQG91y10Sul7LyWXZH4Qur/dSW2KkeRQ2KMEzDeMRb0Tt4hy7yQgsaoFbDc2
BcY=
-----END CERTIFICATE-----
If I use the same code with removing the contents in certificate file from top till BEGIN CERTIFICATE, its working fine. But my requirement is certificate file will have those contents. Have anyone faced this error ? Any help will be really appreciated.
解决方案
The problem is that the CertificateFactory only reads a certificate in PEM format if it starts with -----BEGIN CERTIFICATE----- straight away. Some tools add extra information (here, the result of openssl x509 -text) first, but the certificate factory doesn't ignore it and treat it as a badly formed certificate.
Instead, use a BuffedReader and readLine() to read your file, ignoring any line until you get to -----BEGIN CERTIFICATE-----. Then, add all the lines until -----END CERTIFICATE----- to a temporary string variable (or similar, e.g. StringBuilder). Pass this to the CertificateFactory.
这篇关于将证书文件加载到证书对象中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
