2. 질의 응답
  3. PEM 형식 문자열을 java.security.cert.X509Certificate로 변환

PEM 형식 문자열을 java.security.cert.X509Certificate로 변환

2012-03-16 2 views
18

PEM 형식 문자열에서 java.security.cert.X509Certificate 인스턴스를 만드는 방법은 무엇입니까? PEM 형식의 문자열은 HTTP 요청 "SSL_CLIENT_CERT"헤더 값입니다.PEM 형식 문자열을 java.security.cert.X509Certificate로 변환

답변 : 이 mgaert의 답변에 따라, 여기에 내가 스칼라에 쓴 무엇 : 그것을 읽는 몇 가지의 InputStream으로, 이진

val cert = factory.generateCertificate(
    new ByteArrayInputStream(
     Base64.decodeBase64(
     cert.stripPrefix("-----BEGIN CERTIFICATE-----").stripSuffix("-----END CERTIFICATE-----") 
    ) 
    ).asInstanceOf[X509Certificate]

출처

2012-03-16 chunjef

+4

디코딩 할 필요가 없습니다. [이 답변] (http://stackoverflow.com/a/9739366/822870)에서와 같이 PEM base64로 인코딩 된 형식이 직접 지원됩니다. 다시 : CertificateFactory cFactory = CertificateFactory.getInstance ("X.509"); X509Certificate cert = (X509Certificate) cFactory.generateCertificate (getInputStream (of_the_original_unmodified_certificate_file))); –

+1

접두어/접미사도 제거 할 필요가없는 것 같습니다. – lznt

답변

27

디코딩 Base64로, 다음 시도

CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
Certificate cert = cf.generateCertificate(is);

출처

2012-03-16 14:44:09 mgaert

12

나는 비슷한 문제가있다. 나는 누군가가 신경을 쓰지 않았을 때 나를 위해 일했던 자바 코드도 붙이고있다.

import java.util.Base64; 

public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException { 
    String certStr = _request.getHeader("x-clientcert"); 
    //before decoding we need to get rod off the prefix and suffix 
    byte [] decoded = Base64.getDecoder().decode(certStr.replaceAll(X509Factory.BEGIN_CERT, "").replaceAll(X509Factory.END_CERT, "")); 

    return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded)); 
}

출처

2013-11-27 11:10:49 simonC

6

PEM 형식의 문자열 변환 단계는 방법 (x509 -> 문자열)의 반대입니다.

샘플 PEM 포맷 문자열 : 여기

-----BEGIN CERTIFICATE----- 
MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix 
EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD 
VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y 
aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy 
MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU 
MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy 
aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg 
THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu 
vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM 
ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb 
8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl 
kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb 
rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P 
OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB 
tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG 
A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg 
THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp 
b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD 
AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX 
xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr 
XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g 
BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y 
It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ 
7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX 
-----END CERTIFICATE-----

이 단계는 다음과 같습니다 위 할

1. Remove headers from PEM formatted String 
Headers are : ---- BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ------ 
2. Decode the rest of the part using Base64 to byte array 
3. Then you can use CertificateFactory to convert byte stream to x509Certificate object

샘플 코드 (PEM 작가와 함께) :

/** 
    * Converts a PEM formatted String to a {@link X509Certificate} instance. 
    * 
    * @param pem PEM formatted String 
    * @return a X509Certificate instance 
    * @throws CertificateException 
    * @throws IOException 
    */ 
    public X509Certificate convertToX509Certificate(String pem) throws CertificateException, IOException { 
     X509Certificate cert = null; 
     StringReader reader = new StringReader(pem); 
     PEMReader pr = new PEMReader(reader); 
     cert = (X509Certificate)pr.readObject(); 
     return cert; 
    }

출처

2015-01-13 19:44:46

+1

PEMReader는 Bouncy Castle Crypto API의 일부입니다 (https://www.bouncycastle.org/ 참조). @mgaert의 코드는 외부 라이브러리없이 작동합니다. –

1

또 다른 샘플,

public static X509Certificate convertToX509Cert(String certificateString) throws CertificateException { 
    X509Certificate certificate = null; 
    CertificateFactory cf = null; 
    try { 
     if (certificateString != null && !certificateString.trim().isEmpty()) { 
      certificateString = certificateString.replace("-----BEGIN CERTIFICATE-----\n", "") 
        .replace("-----END CERTIFICATE-----", ""); // NEED FOR PEM FORMAT CERT STRING 
      byte[] certificateData = Base64.getDecoder().decode(certificateString); 
      cf = CertificateFactory.getInstance("X509"); 
      certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateData)); 
     } 
    } catch (CertificateException e) { 
     throw new CertificateException(e); 
    } 
    return certificate; 
}

출처

2017-04-18 06:24:02 Zeigeist

관련 문제

 관련 문제