在Java中处理P7B(PKCS#7 证书捆绑)(即.p7b)文件并导出其证书为Base64编码格式。
我有一个 .p7b 文件,我需要读取并提取各个公共(public)证书,即 .cer 文件
您可以使用 BouncyCaSTLe 从 PKCS#7 对象获取证书。这是一个快速代码示例:
请注意,一个 PKCS#7 可能包含多个证书。大多数情况下,它包括在最终用户证书和根 CA 之间构建证书链所需的中间证书颁发机构证书。
XML
<!--POM文件导入的依赖jar包-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<optional>true</optional>
<version>1.49</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<optional>true</optional>
<version>1.49</version>
</dependency>
java
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509CertStoreSelector;
import org.bouncycastle.x509.X509Store;
public static List<String> outFind(String filePath) {
ArrayList<String> certBase64List = new ArrayList<>();
try {
CMSSignedData cmsSignedData = new CMSSignedData(new FileInputStream(filePath));
X509Store store = cmsSignedData.getCertificates("Collection", "BC");
// Collection<X509CertificateHolder> certificates = store.getMatches(X509CertStoreSelector.getInstance(new X509CertSelector()));
// for (X509CertificateHolder x509CertificateHolder : certificates) {
// X509Certificate bc = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
// bc.getEncoded()
// }
Collection<X509Certificate> certificates2 = store.getMatches(X509CertStoreSelector.getInstance(new X509CertSelector()));
for (X509Certificate x509Certificate : certificates2) {
byte[] encoded = x509Certificate.getEncoded();
String encode = new BASE64Encoder().encode(encoded);
String replace = encode.replace("\r\n", "");
certBase64List.add(replace);
System.out.println("导出的证书为:"+replace);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return certBase64List;
}附上查询资料中的一个导入办法:
XML
public String getCertificates(String certInfo,String number) throws Exception
{
CMSSignedData sd = new CMSSignedData(Base64.decodeBase64(certInfo));
Store<X509CertificateHolder> store = sd.getCertificates();
Collection<X509CertificateHolder> certificates = store.getMatches(null);
for (X509CertificateHolder x509:certificates) {
X509Certificate bc = new JcaX509CertificateConverter().setProvider("BC")
.getCertificate(x509);
BigInteger serialNumber = bc.getSerialNumber();
logger.info(serialNumber+"============="+number);
if(serialNumber.toString().equals(number)){
String encode = new BASE64Encoder().encode(bc.getEncoded());
logger.info("返回证书数据《《《"+encode);
return encode;
}
}
return null;
}-------------------------------------------分隔符-----------------------------------------------------------
需求:如何在Java中使用BouncyCastle库解析Base64格式,包括获取证书的版本、有效期、发行者、主题、序列号等关键信息
<!--引入pom依赖-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>编写工具类方法
java
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.util.encoders.Hex;
import sun.misc.BASE64Decoder;
import java.io.*;
import java.security.cert.*;
import java.util.HashMap;
public class CertUtil {
/**
* x509证书解析
*
* @param
* @return
*/
public static void getCertInfo(byte[] Cert) {
InputStream inStream = new ByteArrayInputStream(Cert);
ASN1Sequence seq;
ASN1InputStream aIn;
try{
aIn = new ASN1InputStream(inStream);
seq = (ASN1Sequence)aIn.readObject();
X509CertificateStructure cert = new X509CertificateStructure(seq);
String endDate = cert.getEndDate().getTime();
String startDate = cert.getStartDate().getTime();
System.out.println("endDate============="+endDate);
System.out.println("startDate============="+startDate);
int version = cert.getVersion();
System.out.println("cert.getVersion()============="+cert.getVersion());
X509Name issuer = cert.getIssuer();
X509Name subject = cert.getSubject();
System.out.println("issuer============="+issuer);
System.out.println("subject============="+subject);
String serialNumber = cert.getSerialNumber().getValue().toString(16);
System.out.println("serialNumber============="+serialNumber);
DERBitString signature = cert.getSignature();
String sign = new String(Hex.encode(signature.getBytes()));
System.out.println("sign============="+sign);
SubjectPublicKeyInfo publicKeyInfo = cert.getSubjectPublicKeyInfo();
String algId = publicKeyInfo.getAlgorithmId().getObjectId().getId();
System.out.println("algId============="+algId);
byte[] byPuk = publicKeyInfo.getPublicKeyData().getBytes();
String publicKey = new String(Hex.encode(byPuk));
System.out.println("publicKey============="+publicKey);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* x509证书解析 重载
*
* @param cert
* @return
*/
public static HashMap<String, Object> getCert(String cert) {
cert = cert.replaceAll("\r\n", "");
cert = cert.replace("-----BEGIN CERTIFICATE-----", "");
cert = cert.replace("-----END CERTIFICATE-----", "");
BASE64Decoder decoder = new BASE64Decoder();
try {
return getCertInfo(decoder.decodeBuffer(cert));
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
}从证书链中读取证书获取证书信息,导出证书Base64参考最上面
java
<!--POM依赖,版本根据实际来-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.67</version>
</dependency>
java
public static HashMap<String, Object> getCertCate(String certPath) {
HashMap<String, Object> certinfo = new HashMap<>();
try{
// 引入BC库
Security.addProvider(new BouncyCastleProvider());
// 使用BC解析X.509证书
CertificateFactory CF = CertificateFactory.getInstance("X.509", "BC"); // 从证书工厂中获取X.509的单例类
InputStream fileIn = new FileInputStream(certPath); // 将本地证书读入文件流
Certificate C = CF.generateCertificate(fileIn); // 将文件流的证书转化为证书类
String certificateStr = C.toString();
System.out.println("使用[自带库函数]读入证书结果如下:");
System.out.print(certificateStr);
System.out.println("--------------------------------------\n证书主要字段:");
X509Certificate cer = (X509Certificate)C;
System.out.println("版本号:" + cer.getVersion());
System.out.println("序列号:" + cer.getSerialNumber().toString());
System.out.println("颁发者:" + cer.getSubjectDN()); // System.out.println("颁发者唯一标识符: " + cer.getSubjectUniqueID().toString());
System.out.println("使用者:" + cer.getIssuerDN());
// System.out.println("使用者唯一标识符: " + cer.getIssuerUniqueID().toString());
System.out.println("有效期:from:" + cer.getNotBefore() + " to: " + cer.getNotAfter());
System.out.println("签发算法" + cer.getSigAlgName());
System.out.println("签发算法ID:" + cer.getSigAlgOID());
System.out.println("证书签名:" + cer.getSignature().toString());
byte [] sig = cer.getSigAlgParams();
PublicKey publicKey = cer.getPublicKey();
byte [] pkenc = publicKey.getEncoded();
System.out.println("解析出的公钥:" + Base64.getEncoder().encodeToString(pkenc));
System.out.println("公钥:");
for(int i = 0; i < pkenc.length; i++){
System.out.print(pkenc[i]);
}
} catch(Exception e){
e.printStackTrace();
}
}参考资料:
1、java解析p7b格式证书_p7b文件在线解析-CSDN博客