Certificate 在CFML中创建用于SAML的凭据
我试图用OpenSAML在CFML(Railo)中创建SAML身份验证请求,但在创建证书对象以设置公钥时遇到了困难Certificate 在CFML中创建用于SAML的凭据,certificate,saml,x509,Certificate,Saml,X509,我试图用OpenSAML在CFML(Railo)中创建SAML身份验证请求,但在创建证书对象以设置公钥时遇到了困难 <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )> <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
我发现soem代码可以很好地使用私钥,但使用类似的代码和公钥证书不起作用。调用keyFactory.generatePublic()时失败,并显示:“java.security.InvalidKeyException:IOException:algid parse error,不是序列”
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
这是否意味着我的公钥需要不同的格式,或者我的密钥设置错误?我尝试过使用PKCS8EncodedKeySpec和RSAPublicKeySpec,但它们都不起作用。我使用的证书是一个使用OpenSSL UTIL生成的自签名证书,它是以.crt格式创建的
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
我的代码:
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
提前感谢Kevin,以防其他人必须解决此问题。以下内容似乎满足了我的需要:
<cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
<cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
<cfset local.rawKey = trim(local.rawKey)>
<cfset local.keyBytes = binaryDecode(local.rawKey, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>
<cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
<cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
<cfset local.rawCert = trim(local.rawCert)>
<cfset local.keyBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
<cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
<cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>
<cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>
<cfset local.credential.setPrivateKey( local.privateKey )>
<cfset local.credential.setEntityCertificate( local.certificate )>
<cfreturn credential>
</cffunction>
<cfset local.certBytes = binaryDecode(local.rawCert, "base64")>
<cfset local.certStream = createObject("java", "java.io.ByteArrayInputStream").init(local.certBytes)>
<cfset local.certFactory = createObject("java", "java.security.cert.CertificateFactory").getInstance("X.509")>
<cfset local.certificate = local.certFactory.generateCertificate(local.certStream)>
以防其他人必须解决此问题。以下内容似乎满足了我的需要: