logo标签列表

在Java中检索X.509证书的主题备用名称

javax509certificateasn.1
8
我尝试使用此链接中提供的解决方案。当我尝试读取X.509证书的主题备用名称时,出现以下错误:

java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1InputStream.readObject()Lorg/bouncycastle/asn1/DERObject;

下面的代码行引起了错误:

ASN1InputStream decoder = new ASN1InputStream((byte[]) item.toArray());

DEREncodable encoded = decoder.readObject();

使用.der文件创建证书如下。
X509Certificate cert=null;
fis = new FileInputStream(file.getAbsoluteFile());     //.der file
bis = new BufferedInputStream(fis);

CertificateFactory cf = CertificateFactory.getInstance("X.509");
while (bis.available() > 0) {
                    try{
                    cert = cf.generateCertificate(bis);
                    }
                     catch (CertificateException e) {
                      e.printStackTrace();
                  }
 List list=getSubjectAlternativeNames((X509Certificate) cert);

以下是我从上面提到的链接中得到的解决方案。
   public static List<String> getSubjectAlternativeNames(X509Certificate certificate) {
    List<String> identities = new ArrayList<String>();
    try {
        Collection<List<?>> altNames = certificate.getSubjectAlternativeNames();
        // Check that the certificate includes the SubjectAltName extension
        if (altNames == null)
            return Collections.emptyList();
        // Use the type OtherName to search for the certified server name
        for (List item : altNames) {
            Integer type = (Integer) item.get(0);
            if (type == 0)
                // Type OtherName found so return the associated value
                try {
                    // Value is encoded using ASN.1 so decode it to get the server's identity
                    ASN1InputStream decoder = new ASN1InputStream((byte[]) item.toArray()[1]);
                    DEREncodable encoded = decoder.readObject();
                    encoded = ((DERSequence) encoded).getObjectAt(1);
                    encoded = ((DERTaggedObject) encoded).getObject();
                    encoded = ((DERTaggedObject) encoded).getObject();
                    String identity = ((DERUTF8String) encoded).getString();
                    // Add the decoded server name to the list of identities
                    identities.add(identity);
                }
            catch (UnsupportedEncodingException e) {
                e.printStackTrace();
               // log.error("Error decoding subjectAltName" + e.getLocalizedMessage(),e);
            }
            catch (Exception e) {
               // log.error("Error decoding subjectAltName" + e.getLocalizedMessage(),e);
                e.printStackTrace();
            }
            // Other types are not good for XMPP so ignore them
            //log.warn("SubjectAltName of invalid type found: " + certificate);
        }
    }
    catch (CertificateParsingException e) {
        e.printStackTrace();
       // log.error("Error parsing SubjectAltName in certificate: " + certificate + "\r\nerror:" + e.getLocalizedMessage(),e);
    }
    return identities;
}

我是否没有使用正确的 .jar 文件?

我所使用的 .jar 文件是 --> bcprov-jdk16-1.45.jar

请指出我哪里做错了。

3个回答
6

我试过你的代码,对我来说可以运行,我使用从Internet Explorer导出的证书进行测试

Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Untrusted Publishers -> www.google.com

我将其导出为“.cer”格式,并对您的代码进行了一些更改。
public static List<String> getSubjectAlternativeNames(X509Certificate certificate) {
        List<String> identities = new ArrayList<String>();
        try {
            Collection<List<?>> altNames = certificate.getSubjectAlternativeNames();
            if (altNames == null)
                return Collections.emptyList();
            for (List item : altNames) {
                Integer type = (Integer) item.get(0);
                if (type == 0 || type == 2){
                    try {
                        ASN1InputStream decoder=null;
                        if(item.toArray()[1] instanceof byte[])
                            decoder = new ASN1InputStream((byte[]) item.toArray()[1]);
                        else if(item.toArray()[1] instanceof String)
                            identities.add( (String) item.toArray()[1] );
                        if(decoder==null) continue;
                        DEREncodable encoded = decoder.readObject();
                        encoded = ((DERSequence) encoded).getObjectAt(1);
                        encoded = ((DERTaggedObject) encoded).getObject();
                        encoded = ((DERTaggedObject) encoded).getObject();
                        String identity = ((DERUTF8String) encoded).getString();
                        identities.add(identity);
                    }
                    catch (UnsupportedEncodingException e) {
                        log.error("Error decoding subjectAltName" + e.getLocalizedMessage(),e);
                    }
                    catch (Exception e) {
                        log.error("Error decoding subjectAltName" + e.getLocalizedMessage(),e);
                    }
                }else{
                    log.warn("SubjectAltName of invalid type found: " + certificate);
                }
            }
        }
        catch (CertificateParsingException e) {
            log.error("Error parsing SubjectAltName in certificate: " + certificate + "\r\nerror:" + e.getLocalizedMessage(),e);
        }
        return identities;
    }

我将文件保存到 c:\aa1.cer

X509Certificate cert=null;
        FileInputStream fis = new FileInputStream("c:\\aa1.cer");
        BufferedInputStream bis = new BufferedInputStream(fis);

        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        if (bis.available() > 0)
            try{
               cert = (X509Certificate)cf.generateCertificate(bis);
            }
            catch (CertificateException e) {
                e.printStackTrace();
            }
        System.out.println(CertificateInfo.getSubjectAlternativeNames(cert));

我的输出为 [www.google.com, google.com]

请检查您的证书,我认为问题在于您的证书。

谢谢你的解决方案。是的,它在我从IE中获取的.cer文件上运行正常。我还需要它适用于.der文件。 - LathaPatil
问题只出在我的证书上。 - LathaPatil
1
许多示例使用硬编码整数。为了可读性,我更喜欢使用:
  • GeneralName.dNSName = 2
  • GeneralName.iPAddress = 7
  • ...等等
代码:
public static String[] parseHostNames(X509Certificate cert) {
    List<String> hostNameList = new ArrayList<>();
    try {
        Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
        if (altNames != null) {
            for(List<?> altName : altNames) {
                if(altName.size()< 2) continue;
                switch((Integer)altName.get(0)) {
                    case GeneralName.dNSName:
                    case GeneralName.iPAddress:
                        Object data = altName.get(1);
                        if (data instanceof String) {
                            hostNameList.add(((String)data));
                        }
                        break;
                    default:
                }
            }
        }
        System.out.println("Parsed hostNames: " + String.join(", ", hostNameList));
    } catch(CertificateParsingException | IOException e) {
        System.err.println("Can't parse hostNames from this cert.");
        e.printStackTrace();
    }
    return hostNameList.toArray(new String[hostNameList.size()]);
}

注意: 接受的答案检查了byte[],但在我的系统上无法编译。我找到了一些其他使用byte[]的示例,通过调用new ASN1InputStream((byte[])data).readObject();,但我没有证书来测试它,所以我从我的示例中删除了它。

0
对我来说,这种方法很有效。 而我发现运行良好的库版本是这个:

bcprov-jdk15-1.46.jar

private String getOtherNameValue(X509Certificate certificate) {
        final String method = "[getOtherNameValue] - ";
        System.out.println(method + "START");
        Collection<List<?>> altNames = null;
        try {
            altNames = certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
        if (altNames == null)
            return "";
        for (List item : altNames) {
            Integer type = (Integer) item.get(0);
            if (type == 0) {
                try {
                    ASN1InputStream decoder = null;
                    if (item.toArray()[1] instanceof byte[])
                        decoder = new ASN1InputStream((byte[]) item.toArray()[1]);
                    if (decoder == null)
                        continue;
                    DEREncodable encoded = decoder.readObject();
                    encoded = ((DERSequence) encoded).getObjectAt(1);
                    encoded = ((DERTaggedObject) encoded).getObject();
                    encoded = ((DERTaggedObject) encoded).getObject();
                    String principalName = ((DERUTF8String) encoded).getString();
                    System.out.println(method + "END with principalName: " + principalName);
                    return principalName;
                } catch (Exception e) {
                    System.out.println(method + "Exception decoding subjectAltName" + e.getLocalizedMessage());
                    e.printStackTrace();
                }
            }
        }
        System.out.println(method + "END");
        return "";
    }
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接