java解码p7b证书文件并导出证书Base64

在Java中处理P7B(PKCS#7 证书捆绑)(即.p7b)文件并导出其证书为Base64编码格式。

我有一个 .p7b 文件,我需要读取并提取各个公共(public)证书,即 .cer 文件

您可以使用 BouncyCaSTLe 从 PKCS#7 对象获取证书。这是一个快速代码示例:

请注意,一个 PKCS#7 可能包含多个证书。大多数情况下,它包括在最终用户证书和根 CA 之间构建证书链所需的中间证书颁发机构证书。

XML 复制代码
       <!--POM文件导入的依赖jar包-->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <optional>true</optional>
            <version>1.49</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <optional>true</optional>
            <version>1.49</version>
        </dependency>
java 复制代码
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509CertStoreSelector;
import org.bouncycastle.x509.X509Store;


public static List<String> outFind(String filePath) {
		ArrayList<String> certBase64List = new ArrayList<>();
		try {
			CMSSignedData cmsSignedData = new CMSSignedData(new FileInputStream(filePath));
			X509Store store = cmsSignedData.getCertificates("Collection", "BC");
//			Collection<X509CertificateHolder> certificates = store.getMatches(X509CertStoreSelector.getInstance(new X509CertSelector()));
//			for (X509CertificateHolder x509CertificateHolder : certificates) {
//				X509Certificate bc = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
//				bc.getEncoded()
//			}
			Collection<X509Certificate> certificates2 = store.getMatches(X509CertStoreSelector.getInstance(new X509CertSelector()));
			for (X509Certificate x509Certificate : certificates2) {
				byte[] encoded = x509Certificate.getEncoded();
				String encode = new BASE64Encoder().encode(encoded);
				String replace = encode.replace("\r\n", "");
				certBase64List.add(replace);
				System.out.println("导出的证书为:"+replace);
			}

		} catch (Exception e) {
			throw new RuntimeException(e);
		}
		return certBase64List;
	}

附上查询资料中的一个导入办法:

XML 复制代码
public String  getCertificates(String certInfo,String number) throws Exception
    {


        CMSSignedData sd = new CMSSignedData(Base64.decodeBase64(certInfo));
        Store<X509CertificateHolder> store = sd.getCertificates();

        Collection<X509CertificateHolder> certificates = store.getMatches(null);

        for (X509CertificateHolder x509:certificates) {

            X509Certificate bc = new JcaX509CertificateConverter().setProvider("BC")
                    .getCertificate(x509);
            BigInteger serialNumber = bc.getSerialNumber();

            logger.info(serialNumber+"============="+number);
            if(serialNumber.toString().equals(number)){

                String encode = new BASE64Encoder().encode(bc.getEncoded());
                logger.info("返回证书数据《《《"+encode);
                return encode;
            }

        }

        return null;
    }

-------------------------------------------分隔符-----------------------------------------------------------

需求:如何在Java中使用BouncyCastle库解析Base64格式,包括获取证书的版本、有效期、发行者、主题、序列号等关键信息

复制代码
<!--引入pom依赖-->
<dependency>
   <groupId>org.bouncycastle</groupId>
   <artifactId>bcpkix-jdk15on</artifactId>
   <version>1.70</version>
</dependency>
<dependency>
   <groupId>org.bouncycastle</groupId>
   <artifactId>bcprov-jdk15on</artifactId>
   <version>1.70</version>
</dependency>

编写工具类方法

java 复制代码
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.util.encoders.Hex;
import sun.misc.BASE64Decoder;
import java.io.*;
import java.security.cert.*;
import java.util.HashMap;


public class CertUtil {

    /**
     * x509证书解析
     *
     * @param
     * @return
     */
    public static void getCertInfo(byte[] Cert)  {
        InputStream inStream = new ByteArrayInputStream(Cert);
        ASN1Sequence seq;
        ASN1InputStream aIn;
        try{
            aIn = new ASN1InputStream(inStream);
            seq = (ASN1Sequence)aIn.readObject();
            X509CertificateStructure cert = new X509CertificateStructure(seq);

            String endDate = cert.getEndDate().getTime();
            String startDate = cert.getStartDate().getTime();
            System.out.println("endDate============="+endDate);
            System.out.println("startDate============="+startDate);
            int version = cert.getVersion();
            System.out.println("cert.getVersion()============="+cert.getVersion());
            X509Name issuer = cert.getIssuer();
            X509Name subject = cert.getSubject();
            System.out.println("issuer============="+issuer);
            System.out.println("subject============="+subject);
            String serialNumber = cert.getSerialNumber().getValue().toString(16);
            System.out.println("serialNumber============="+serialNumber);
            DERBitString signature = cert.getSignature();
            String sign = new String(Hex.encode(signature.getBytes()));
            System.out.println("sign============="+sign);
            SubjectPublicKeyInfo publicKeyInfo = cert.getSubjectPublicKeyInfo();
            String algId = publicKeyInfo.getAlgorithmId().getObjectId().getId();
            System.out.println("algId============="+algId);
           byte[]  byPuk = publicKeyInfo.getPublicKeyData().getBytes();
           String publicKey = new String(Hex.encode(byPuk));
            System.out.println("publicKey============="+publicKey);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * x509证书解析 重载
     *
     * @param cert
     * @return
     */
    public static HashMap<String, Object> getCert(String cert) {
        cert = cert.replaceAll("\r\n", "");
        cert = cert.replace("-----BEGIN CERTIFICATE-----", "");
        cert = cert.replace("-----END CERTIFICATE-----", "");

        BASE64Decoder decoder = new BASE64Decoder();
        try {
            return getCertInfo(decoder.decodeBuffer(cert));
        } catch (IOException e) {
            e.printStackTrace();
        }

        return null;
    }
}

从证书链中读取证书获取证书信息,导出证书Base64参考最上面

java 复制代码
<!--POM依赖,版本根据实际来-->
<dependency>
   <groupId>org.bouncycastle</groupId>
   <artifactId>bcprov-jdk15on</artifactId>
   <version>1.61</version>
</dependency>
<dependency>
   <groupId>org.bouncycastle</groupId>
   <artifactId>bcprov-jdk15on</artifactId>
   <version>1.67</version>
</dependency>
java 复制代码
public static HashMap<String, Object>  getCertCate(String certPath) {
        HashMap<String, Object> certinfo = new HashMap<>();
        try{
            // 引入BC库
            Security.addProvider(new BouncyCastleProvider());
            // 使用BC解析X.509证书
            CertificateFactory CF = CertificateFactory.getInstance("X.509", "BC"); // 从证书工厂中获取X.509的单例类
            InputStream fileIn = new FileInputStream(certPath); // 将本地证书读入文件流
            Certificate C = CF.generateCertificate(fileIn);  // 将文件流的证书转化为证书类
            String  certificateStr = C.toString();
            System.out.println("使用[自带库函数]读入证书结果如下:");
            System.out.print(certificateStr);
            System.out.println("--------------------------------------\n证书主要字段:");
            X509Certificate cer = (X509Certificate)C;
            System.out.println("版本号:" + cer.getVersion());
            System.out.println("序列号:" + cer.getSerialNumber().toString());
            System.out.println("颁发者:" + cer.getSubjectDN());     // System.out.println("颁发者唯一标识符: " + cer.getSubjectUniqueID().toString());
            System.out.println("使用者:" + cer.getIssuerDN());
            //  System.out.println("使用者唯一标识符: " + cer.getIssuerUniqueID().toString());
            System.out.println("有效期:from:" + cer.getNotBefore() + "  to: " + cer.getNotAfter());
            System.out.println("签发算法" + cer.getSigAlgName());
            System.out.println("签发算法ID:" + cer.getSigAlgOID());
            System.out.println("证书签名:" + cer.getSignature().toString());
            byte [] sig = cer.getSigAlgParams();
            PublicKey publicKey = cer.getPublicKey();
            byte [] pkenc = publicKey.getEncoded();
            System.out.println("解析出的公钥:" + Base64.getEncoder().encodeToString(pkenc));
            System.out.println("公钥:");
            for(int i = 0; i < pkenc.length; i++){
                System.out.print(pkenc[i]);
            }
        } catch(Exception e){
            e.printStackTrace();
        }
    }

参考资料:

1、java解析p7b格式证书_p7b文件在线解析-CSDN博客

2、java之从java中的.p7b文件中提取个人.cer证书_编程语言_编程符号网

3、Java解析证书内容_java 解析证书-CSDN博客