Certificate 在CFML中创建用于SAML的凭据

我试图用OpenSAML在CFML（Railo）中创建SAML身份验证请求，但在创建证书对象以设置公钥时遇到了困难

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

我发现soem代码可以很好地使用私钥，但使用类似的代码和公钥证书不起作用。调用keyFactory.generatePublic（）时失败，并显示：“java.security.InvalidKeyException:IOException:algid parse error，不是序列”

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

这是否意味着我的公钥需要不同的格式，或者我的密钥设置错误？我尝试过使用PKCS8EncodedKeySpec和RSAPublicKeySpec，但它们都不起作用。我使用的证书是一个使用OpenSSL UTIL生成的自签名证书，它是以.crt格式创建的

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

我的代码：

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

---

提前感谢Kevin，以防其他人必须解决此问题。以下内容似乎满足了我的需要：

    <cfset local.rawKey = replace( arguments.privateKey, "-----BEGIN PRIVATE KEY-----", "" )>
    <cfset local.rawKey = replace( local.rawKey, "-----END PRIVATE KEY-----", "" )>
    <cfset local.rawKey = trim(local.rawKey)>

    <cfset local.keyBytes   = binaryDecode(local.rawKey, "base64")>
    <cfset local.keySpec    = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.privateKey = keyFactory.generatePrivate(local.keySpec.init(local.keyBytes))>

    <cfset local.rawCert = replace( arguments.certificate, "-----BEGIN CERTIFICATE-----", "" )>
    <cfset local.rawCert = replace( local.rawCert, "-----END CERTIFICATE-----", "" )>
    <cfset local.rawCert = trim(local.rawCert)>

    <cfset local.keyBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.keySpec     = createObject("java", "java.security.spec.PKCS8EncodedKeySpec")>
    <cfset local.keyFactory  = createObject("java", "java.security.KeyFactory").getInstance("RSA")>
    <cfset local.certificate = keyFactory.generatePublic(local.keySpec.init(local.keyBytes))>

    <cfset local.credential = _create( "org.opensaml.xml.security.x509.BasicX509Credential" )>

    <cfset local.credential.setPrivateKey( local.privateKey )>
    <cfset local.credential.setEntityCertificate( local.certificate )>

    <cfreturn credential>
</cffunction>

    <cfset local.certBytes    = binaryDecode(local.rawCert, "base64")>
    <cfset local.certStream   = createObject("java", "java.io.ByteArrayInputStream").init(local.certBytes)>
    <cfset local.certFactory  = createObject("java", "java.security.cert.CertificateFactory").getInstance("X.509")>
    <cfset local.certificate = local.certFactory.generateCertificate(local.certStream)>

---

以防其他人必须解决此问题。以下内容似乎满足了我的需要：