从Java中的PEM格式文件中提取多个X.509证书
问题描述:
我有一种方法,它使用bouncycastle库从给定的PEM格式文件中提取X.509证书。从Java中的PEM格式文件中提取多个X.509证书
进口:
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
方法:
/**
* Reads an X509 certificate from a PEM file.
*
* @param certificateFile The PEM file.
* @return the X509 certificate, or null.
* @throws IOException if reading the file fails
* @throws CertificateException if parsing the certificate fails
*/
public static X509Certificate readCertificatePEMFile(File certificateFile) throws IOException, CertificateException {
if (certificateFile.exists() && certificateFile.canRead()) {
try (InputStream inStream = new FileInputStream(certificateFile)) {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(inStream))) {
Object object = pemParser.readObject();
if (object != null && object instanceof X509CertificateHolder) {
return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder)object);
}
}
}
}
return null;
}
这非常适用于 “正常” 的证书文件,例如一个服务器证书。 如果我有一个包含多个证书的CA链证书文件,我如何实现从该文件中提取所有证书(所显示的方法仅提取文件中的第一个证书)。
答
试试这个代码,它可以处理多个证书和私钥进入IM PEM文件
Security.addProvider(new BouncyCastleProvider());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
while((object = pemParser.readObject())!=null)
{
if(object instanceof X509CertificateHolder)
{
X509Certificate x509Cert = (X509Certificate) new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
}
else if(object instanceof PEMEncryptedKeyPair)
{
if(password==null) throw new IllegalArgumentException("Password required for parsing RSA Private key");
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}
else if(object instanceof PEMKeyPair)
{
converter.getKeyPair((PEMKeyPair) object);
}
}
你尝试调用'pemParser.readObject();'多次,直到'object'为空? – pedrofb