logo标签列表

如何在Java中解码.csr文件以提取其内容

javax509csrder
4

我有三种需要解码的文件,分别是.csr、.der和.key文件。我可以使用以下Java代码解码.der文件:

public class Base64Decoder {


public static void main(String[] args) throws FileNotFoundException, IOException {
    Certificate cert=null;
try{

 FileInputStream fis = new FileInputStream("C:/Users/patillat/Downloads/device-ee/csr/00db1234567890A5-ka.der");
 BufferedInputStream bis = new BufferedInputStream(fis);

 CertificateFactory cf = CertificateFactory.getInstance("X.509");

 while (bis.available() > 0) {
    cert = cf.generateCertificate(bis);
    try {
        System.out.println("-----BEGIN CERTIFICATE-----");
        System.out.println(DatatypeConverter.printBase64Binary(cert.getEncoded()));
        System.out.println("-----END CERTIFICATE-----");
        //System.out.println("key:"+cert.getPublicKey());
    } catch (CertificateEncodingException e) {
        e.printStackTrace();
    }
    System.out.println(cert.toString());
 }
}
catch(Exception e)
{
    e.printStackTrace();
}

}

我能够生成.der证书的详细信息。

同样地,我无法解码我的.csr文件。 是否有其他方法可以解码.csr文件?

请参阅 https://dev59.com/pnzaa4cB1Zd3GeqPT7wj#54993557 以获取有关在Android上验证CSR内容的更多信息。 - darkknightsds
3个回答
3

使用BouncyCastle,您可以轻松地将二进制格式的CSR解码。

JcaPKCS10CertificationRequest p10Object = new JcaPKCS10CertificationRequest(byte[] csrBytes);

此外,还有用于将PEM格式(base64编码)进行解码/编码的辅助类。

我无法使用(byte [] csrBytes)创建JcaPKCS10CertificationRequest对象,它需要“CertificationRequest”对象。 - LathaPatil
你使用的BC版本是什么?我想我在BC版本1.52中有这个。 - primetomas
1
这是我用来解码 .csr 文件的代码。
public class CSRInfoDecoder {

private static Logger LOG = Logger.getLogger(CSRInfoDecoder.class.getName());

private static final String COUNTRY = "2.5.4.6";
private static final String STATE = "2.5.4.8";
private static final String LOCALE = "2.5.4.7";
private static final String ORGANIZATION = "2.5.4.10";
private static final String ORGANIZATION_UNIT = "2.5.4.11";
private static final String COMMON_NAME = "2.5.4.3";
private static final String EMAIL = "2.5.4.9";

private static final String csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n"
        + "MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw\n"
        + "DgYDVQQHDAdDaGljYWdvMQ4wDAYDVQQKDAVDb2RhbDELMAkGA1UECwwCTkExDjAM\n"
        + "BgNVBAMMBUNvZGFsMR4wHAYJKoZIhvcNAQkBFg9rYmF4aUBjb2RhbC5jb20wggEi\n"
        + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSrEF27VvbGi5x7LnPk4hRigAW\n"
        + "1feGeKOmRpHd4j/kUcJZLh59NHJHg5FMF7u9YdZgnMdULawFVezJMLSJYJcCAdRR\n"
        + "hSN+skrQlB6f5wgdkbl6ZfNaMZn5NO1Ve76JppP4gl0rXHs2UkRJeb8lguOpJv9c\n"
        + "tw+Sn6B13j8jF/m/OhIYI8fWhpBYvDXukgADTloCjOIsAvRonkIpWS4d014deKEe\n"
        + "5rhYX67m3H7GtZ/KVtBKhg44ntvuT2fR/wB1FlDws+0gp4edlkDlDml1HXsf4FeC\n"
        + "ogijo6+C9ewC2anpqp9o0CSXM6BT2I0h41PcQPZ4EtAc4ctKSlzTwaH0H9MbAgMB\n"
        + "AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAqfQbrxc6AtjymI3TjN2upSFJS57FqPSe\n"
        + "h1YqvtC8pThm7MeufQmK9Zd+Lk2qnW1RyBxpvWe647bv5HiQaOkGZH+oYNxs1XvM\n"
        + "y5huq+uFPT5StbxsAC9YPtvD28bTH7iXR1b/02AK2rEYT8a9/tCBCcTfaxMh5+fr\n"
        + "maJtj+YPHisjxKW55cqGbotI19cuwRogJBf+ZVE/4hJ5w/xzvfdKjNxTcNr1EyBE\n"
        + "8ueJil2Utd1EnVrWbmHQqnlAznLzC5CKCr1WfmnrDw0GjGg1U6YpjKBTc4MDBQ0T\n"
        + "56ZL2yaton18kgeoWQVgcbK4MXp1kySvdWq0Bc3pmeWSM9lr/ZNwNQ==\n"
        + "-----END CERTIFICATE REQUEST-----\n";

public static void main(String[] args) {
    InputStream stream = new ByteArrayInputStream(csrPEM.getBytes(StandardCharsets.UTF_8));

    CSRInfoDecoder m = new CSRInfoDecoder();
    m.readCertificateSigningRequest(stream);
}

public String readCertificateSigningRequest(InputStream csrStream) {

    PKCS10CertificationRequest csr = convertPemToPKCS10CertificationRequest(csrStream);
    String compname = null;

    if (csr == null) {
        LOG.warn("FAIL! conversion of Pem To PKCS10 Certification Request");
    } else {
       X500Name x500Name = csr.getSubject();

       System.out.println("x500Name is: " + x500Name + "\n");

       RDN cn = x500Name.getRDNs(BCStyle.EmailAddress)[0];
       System.out.println(cn.getFirst().getValue().toString());
       System.out.println(x500Name.getRDNs(BCStyle.EmailAddress)[0]);
       System.out.println("COUNTRY: " + getX500Field(COUNTRY, x500Name));
       System.out.println("STATE: " + getX500Field(STATE, x500Name));
       System.out.println("LOCALE: " + getX500Field(LOCALE, x500Name));
       System.out.println("ORGANIZATION: " + getX500Field(ORGANIZATION, x500Name));
       System.out.println("ORGANIZATION_UNIT: " + getX500Field(ORGANIZATION_UNIT, x500Name));
       System.out.println("COMMON_NAME: " + getX500Field(COMMON_NAME, x500Name));
       System.out.println("EMAIL: " + getX500Field(EMAIL, x500Name));
    }
    return compname;
}


private String getX500Field(String asn1ObjectIdentifier, X500Name x500Name) {
    RDN[] rdnArray = x500Name.getRDNs(new ASN1ObjectIdentifier(asn1ObjectIdentifier));

    String retVal = null;
    for (RDN item : rdnArray) {
        retVal = item.getFirst().getValue().toString();
    }
    return retVal;
}

private PKCS10CertificationRequest convertPemToPKCS10CertificationRequest(InputStream pem) {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    PKCS10CertificationRequest csr = null;
    ByteArrayInputStream pemStream = null;

    pemStream = (ByteArrayInputStream) pem;

    Reader pemReader = new BufferedReader(new InputStreamReader(pemStream));
    PEMParser pemParser = null;
    try {
        pemParser = new PEMParser(pemReader);
        Object parsedObj = pemParser.readObject();
        System.out.println("PemParser returned: " + parsedObj);
        if (parsedObj instanceof PKCS10CertificationRequest) {
            csr = (PKCS10CertificationRequest) parsedObj;
        }
    } catch (IOException ex) {
        LOG.error("IOException, convertPemToPublicKey", ex);
    } finally {
        if (pemParser != null) {
            IOUtils.closeQuietly(pemParser);
        }
    }
    return csr;
}

}

在上面的代码中,我已经将`csrPem`字符串转换为输入流以进行自己的测试目的,因此您可以省略该步骤并直接使用`ByteArrayInputStream`。
0

可以使用Bouncycastle来实现这一点。请参见下面的代码片段,以将字符串解析为PKCS10CertificationRequest。当然,您可以将ByteArrayInputStream替换为任意输入流。

try (final ByteArrayInputStream bais = new ByteArrayInputStream(csrAsString.getBytes());
     final InputStreamReader isr = new InputStreamReader(bais, StandardCharsets.UTF_8);
     final PEMParser pem = new PEMParser(isr))
{
     PKCS10CertificationRequest csr = (PKCS10CertificationRequest) pem.readObject();
     // Do your verification here
}
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接