文章/答案/技术大牛

发布

社区首页 >问答首页 >从x509Certificate获取ExtensionValue

问从x509Certificate获取ExtensionValue
EN

Stack Overflow用户

提问于 2016-06-14 11:05:25

回答 1查看 1.2K关注 0票数 0

我在Java中使用bouncycastle

CertificateFactory.getInstance("X509", "BC")
certFactory.generateCertificate(in)

来生成证书。它工作得很好。但是当我使用

x509Certificate.getExtensionValue("1.2.3.4.5.6.7")

返回值与成员one的返回值不匹配。我错过了什么吗？

certificate

hyperledger

回答 1

Stack Overflow用户

发布于 2016-06-15 14:24:16

使用bouncycastle，您可以执行此操作来提取扩展的ASN1结构

public ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
    byte[] bytes = certificate.getExtensionValue(oid);
    if (bytes == null) {
        return null;
    }
    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
    ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
    aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
    return aIn.readObject();
}

ASN1是一个复杂的对象，你需要对它进行解析才能得到想要的字段。例如，返回在给定X509证书中找到的CA URI元数据。

public String getIssuerURL(final X509Certificate certificate) throws Exception {

    final ASN1ObjectIdentifier ocspAccessMethod = X509ObjectIdentifiers.id_ad_caIssuers;
    final byte[] authInfoAccessExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (null == authInfoAccessExtensionValue) {
        return null;
    }

    ASN1InputStream ais1 = null;
    ASN1InputStream ais2 = null;
    try {

        final ByteArrayInputStream bais = new ByteArrayInputStream(authInfoAccessExtensionValue);
        ais1 = new ASN1InputStream(bais);
        final DEROctetString oct = (DEROctetString) (ais1.readObject());
        ais2 = new ASN1InputStream(oct.getOctets());
        final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(ais2.readObject());

        final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
        for (AccessDescription accessDescription : accessDescriptions) {

            final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(ocspAccessMethod);
            if (!correctAccessMethod) {

                continue;
            }
            final GeneralName gn = accessDescription.getAccessLocation();
            if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) {

                continue;
            }
            final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject();
            final String accessLocation = str.getString();
            return accessLocation;
        }
        return null;
    } catch (IOException e) {
        throw new Exception(e);
    } finally {
        IOUtils.closeQuietly(ais1);
        IOUtils.closeQuietly(ais2);
    }
}

从ASN1Primitive返回人类可读的字符串

public String getStringFromGeneralName(ASN1Primitive names) throws IOException {
    ASN1TaggedObject taggedObject = (ASN1TaggedObject) names ;
    return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
}

票数 0

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/37802282

复制

相似问题

问从x509Certificate获取ExtensionValue
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问从x509Certificate获取ExtensionValueEN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问从x509Certificate获取ExtensionValue
EN