1. 首頁
  2. 問答
  3. 如何解碼從java中的apache發送的PEM編碼的SSL_CLIENT_CERT標頭值

如何解碼從java中的apache發送的PEM編碼的SSL_CLIENT_CERT標頭值

2013-11-27 44 views
0

我正在通過SSL_CLIENT_CERT varialbe從apache2發送一個PEM編碼的客戶端證書到jboss5以及在我的應用程序中我正在讀取這個值頭和我嘗試它在Java中進行解碼,但我得到一個unsuported編碼例外如何解碼從java中的apache發送的PEM編碼的SSL_CLIENT_CERT標頭值

java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Unsupported encoding 
    at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)

我的Apache的conf:

<VirtualHost *:443> 

ServerName a.localhost 
ProxyPass/http://b.localhost:8080/ 
ProxyPassReverse/http://b.localhost:8080/ 

SSLEngine on 
SSLProxyEngine on 
SSLProtocol all -SSLv2 
SSLOptions +ExportCertData +StdEnvVars 
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW 

SSLVerifyClient optional 
SSLVerifyDepth 1 
SSLCertificateFile C:\Users\user\ssh\4pm.si_wildcard.crt 
SSLCertificateKeyFile C:\Users\user\ssh\4pm.si_wildcard.key 
SSLCACertificateFile C:\Users\user\ssh\ca_cert_bundle.crt 
RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s 

ErrorLog "C:/Apps/wamp/logs/4pm-error-ssl.log" 
CustomLog "C:/Apps/wamp/logs/4pm-access-ssl.log" common 


</VirtualHost>

我的Java代碼:

String certStr = certStr = JSFUtil.getRequest().getHeader("x-clientcert"); 

try { 
     Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certStr.getBytes("UTF-8"))); 
    } catch (CertificateException e1) { 
     // TODO Auto-generated catch block 
     e1.printStackTrace(); 
    } catch (UnsupportedEncodingException e1) { 
     // TODO Auto-generated catch block 
       e1.printStackTrace(); 
      }

Tnx以貓頭鷹的提示,這驅使我的解決方案。

針對此問題的解決方法是:

需要這些進口:

import java.io.ByteArrayInputStream; 
import java.security.cert.CertificateException; 
import java.security.cert.CertificateFactory; 
import java.security.cert.X509Certificate; 
import javax.servlet.http.HttpServletRequest; 
import org.jboss.util.Base64; 

public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException{ 

    String certStr = _request.getHeader("x-clientcert"); 
    //before decoding we need to get rid off the prefix and suffix 
    byte [] decoded = Base64.decode(certStr.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "")); 

    return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded)); 
}

來源

2013-11-27 simonC

回答

1

PEM是基64編碼用的頁眉和頁腳線。您不能只使用UTF-8在文本上執行字符編碼。你需要decode the PEM itself

來源

2013-11-27 10:17:14

+0

Tnx的提示我試圖解碼它與一些Adobe Base的lib,但它不工作,然後我swtched到org.jboss.util.Base64,它的工作...我會更新我的問題與解決方案和標記您的答案正確 – simonC

+0

請注意,接收證書鏈*可能*(我不確定)是否屬於可能性的一部分(即客戶端證書和一個或多箇中間CA證書) –

相關問題

 相關問題