0
我正在通過SSL_CLIENT_CERT varialbe從apache2發送一個PEM編碼的客戶端證書到jboss5以及在我的應用程序中我正在讀取這個值頭和我嘗試它在Java中進行解碼,但我得到一個unsuported編碼例外如何解碼從java中的apache發送的PEM編碼的SSL_CLIENT_CERT標頭值
java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Unsupported encoding
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
我的Apache的conf:
<VirtualHost *:443>
ServerName a.localhost
ProxyPass/http://b.localhost:8080/
ProxyPassReverse/http://b.localhost:8080/
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLOptions +ExportCertData +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCertificateFile C:\Users\user\ssh\4pm.si_wildcard.crt
SSLCertificateKeyFile C:\Users\user\ssh\4pm.si_wildcard.key
SSLCACertificateFile C:\Users\user\ssh\ca_cert_bundle.crt
RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
ErrorLog "C:/Apps/wamp/logs/4pm-error-ssl.log"
CustomLog "C:/Apps/wamp/logs/4pm-access-ssl.log" common
</VirtualHost>
我的Java代碼:
String certStr = certStr = JSFUtil.getRequest().getHeader("x-clientcert");
try {
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certStr.getBytes("UTF-8")));
} catch (CertificateException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
Tnx以貓頭鷹的提示,這驅使我的解決方案。
針對此問題的解決方法是:
需要這些進口:
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.jboss.util.Base64;
public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException{
String certStr = _request.getHeader("x-clientcert");
//before decoding we need to get rid off the prefix and suffix
byte [] decoded = Base64.decode(certStr.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""));
return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
}
Tnx的提示我試圖解碼它與一些Adobe Base的lib,但它不工作,然後我swtched到org.jboss.util.Base64,它的工作...我會更新我的問題與解決方案和標記您的答案正確 – simonC
請注意,接收證書鏈*可能*(我不確定)是否屬於可能性的一部分(即客戶端證書和一個或多箇中間CA證書) –