read generate example java ssl x509certificate

generate - Convertir una cadena con formato PEM en un java.security.cert.X509Certificate



read x509 certificate java (4)

¿Cómo se crea una instancia java.security.cert.X509Certificate desde una cadena con formato PEM? La cadena con formato PEM es un valor de encabezado "SSL_CLIENT_CERT" de solicitud HTTP.

RESPUESTA : Basado en la respuesta de mgaert, esto es lo que escribí en Scala :

val cert = factory.generateCertificate( new ByteArrayInputStream( Base64.decodeBase64( cert.stripPrefix("-----BEGIN CERTIFICATE-----").stripSuffix("-----END CERTIFICATE-----") ) ).asInstanceOf[X509Certificate]

Decodifica la Base64 a binario, con algunos InputStream leyendo, luego intenta

CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate cert = cf.generateCertificate(is);

Los pasos en la conversión de la cadena con formato PEM son opuestos a cómo se llevó a cabo (x509 -> Cadena).

Muestra de cadena formateada PEM:

-----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb 8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX -----END CERTIFICATE-----

Aquí están los pasos:

1. Remove headers from PEM formatted String Headers are : ---- BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ------ 2. Decode the rest of the part using Base64 to byte array 3. Then you can use CertificateFactory to convert byte stream to x509Certificate object

Código de muestra para hacer arriba (con PEM Writer):

/** * Converts a PEM formatted String to a {@link X509Certificate} instance. * * @param pem PEM formatted String * @return a X509Certificate instance * @throws CertificateException * @throws IOException */ public X509Certificate convertToX509Certificate(String pem) throws CertificateException, IOException { X509Certificate cert = null; StringReader reader = new StringReader(pem); PEMReader pr = new PEMReader(reader); cert = (X509Certificate)pr.readObject(); return cert; }

Otra muestra,

public static X509Certificate convertToX509Cert(String certificateString) throws CertificateException { X509Certificate certificate = null; CertificateFactory cf = null; try { if (certificateString != null && !certificateString.trim().isEmpty()) { certificateString = certificateString.replace("-----BEGIN CERTIFICATE-----/n", "") .replace("-----END CERTIFICATE-----", ""); // NEED FOR PEM FORMAT CERT STRING byte[] certificateData = Base64.getDecoder().decode(certificateString); cf = CertificateFactory.getInstance("X509"); certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateData)); } } catch (CertificateException e) { throw new CertificateException(e); } return certificate; }

Tengo un problema similar, también estoy pegando aquí el código java que funcionó para mí en caso de que alguien lo haya leído:

import java.util.Base64; public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException { String certStr = _request.getHeader("x-clientcert"); //before decoding we need to get rod off the prefix and suffix byte [] decoded = Base64.getDecoder().decode(certStr.replaceAll(X509Factory.BEGIN_CERT, "").replaceAll(X509Factory.END_CERT, "")); return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded)); }