Java 在哪里可以找到我在本地创建的X.509证书的详细信息?
当涉及到使用证书进行身份验证时,我是个新手。如果我的问题没有道理,请纠正我 我在本地创建了2048位X.509证书。我有server.crt、server.key、server.key.org和mycert.pfx(mycert.pfx包含公钥和私钥,我在代码中使用该文件) 现在我有一个Java应用程序,代码如下:Java 在哪里可以找到我在本地创建的X.509证书的详细信息?,java,ssl-certificate,office365,azure-active-directory,Java,Ssl Certificate,Office365,Azure Active Directory,当涉及到使用证书进行身份验证时,我是个新手。如果我的问题没有道理,请纠正我 我在本地创建了2048位X.509证书。我有server.crt、server.key、server.key.org和mycert.pfx(mycert.pfx包含公钥和私钥,我在代码中使用该文件) 现在我有一个Java应用程序,代码如下: String tenant="f6377xxx-aeb2-4a8a-be8a-7xxxxa60be3"; String authority = "https://login.wind
String tenant="f6377xxx-aeb2-4a8a-be8a-7xxxxa60be3";
String authority = "https://login.windows.net/"+tenant+"/oauth2/authorize";
ExecutorService service=null;
service= Executors.newFixedThreadPool(1);
try
{
AuthenticationContext authenticationContext =
new AuthenticationContext(authority,false,service);
String certFile="/projects/mycert.pfx";
InputStream pkcs12Cert= new SharedFileInputStream(certFile);
AsymmetricKeyCredential credential = AsymmetricKeyCredential.create(
"xxxx-e53c-45b7-432-7b91d93674b6", pkcs12Cert, "password");
Future<AuthenticationResult> future = authenticationContext.acquireToken(
"https://outlook.office365.com", credential, null);
System.out.println("Token Received"+future.get().getAccessToken());
String token=future.get().getAccessToken();
我已经找到了以下源代码来生成我正在寻找的keyCredentials中的键/值。尽管您需要先生成证书。然后运行代码,您的keyCredentials内容应该位于keyCredentials.txt文件中
@Test
public void testGenerateKeyCredentials(){
String certFile = "/etc/abc/server2.crt";
System.out.printf("Generating keyCredentials entry from %s\n", certFile);
try {
FileInputStream certFileIn = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(certFileIn);
// Generate base64-encoded version of the cert's data
// for the "value" property of the "keyCredentials" entry
byte[] certData = cert.getEncoded();
String certValue = Base64.getEncoder().encodeToString(certData);
System.out.println("Cert value: " + certValue);
// Generate the SHA1-hash of the cert for the "customKeyIdentifier"
// property of the "keyCredentials" entry
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(certData);
String certCustomKeyId = Base64.getEncoder().encodeToString(md.digest());
System.out.println("Cert custom key ID: " + certCustomKeyId);
FileWriter fw = new FileWriter("keycredentials.txt", false);
PrintWriter pw = new PrintWriter(fw);
pw.println("\"keyCredentials\": [");
pw.println(" {");
pw.println(" \"customKeyIdentifier\": \"" + certCustomKeyId + "\",");
pw.println(" \"keyId\": \"" + UUID.randomUUID().toString() + "\",");
pw.println(" \"type\": \"AsymmetricX509Cert\",");
pw.println(" \"usage\": \"Verify\",");
pw.println(" \"value\": \"" + certValue + "\"");
pw.println(" }");
pw.println("],");
pw.close();
System.out.println("Key credentials written to keycredentials.txt");
} catch (FileNotFoundException e) {
System.out.printf("ERROR: Cannot find %s\n", certFile);
} catch (CertificateException e) {
System.out.println("ERROR: Cannot instantiate X.509 certificate");
} catch (NoSuchAlgorithmException e) {
System.out.println("ERROR: Cannot instantiate SHA-1 algorithm");
} catch (IOException e) {
System.out.println("ERROR: Cannot write to keycredentials.txt");
}
}
certCustomKeyId和certValue的较短c#代码:
字符串certFile=“/etc/abc/server2.crt”;
X509Certificate cert=新的X509Certificate()
cert.Import(certFile)
String certValue=Convert.ToBase64String(cert.GetRawCertData())
Console.WriteLine(“证书值:+certValue”)
字符串certCustomKeyId=Convert.ToBase64String(cert.GetCertHash());
Console.WriteLine(“customKeyIdentifier:+certCustomKeyId”)
Console.WriteLine(“keyId:+System.Guid.NewGuid()) 我出现此错误(未找到无效签名…密钥)的原因是我在执行以下操作时使用了错误的客户端/应用程序ID:
var adal = require('adal-node');
var authorityURL = '...';
var context = new adal.AuthenticationContext(authorityURL);
context.acquireTokenAsync(resourceURL, clientId, key, thumbprint);
在遵循(从步骤1.1开始)之后,其他一切都正常。您在什么平台上开发(我假设它不是Windows,因为您链接的说明向您展示了如何使用PowerShell获取这些值)。定义“本地创建”。@PhilippeSignoret我正在构建一个Java批处理作业,该作业将调用O365 API。我正在Mac上开发,但批处理将在一台Unix服务器上运行。在EJP中,我使用Openssl在本地开发机器上创建了证书,它是自签名的。这仅用于开发目的。因此,当您使用OpenSSL工具时,您指定了文件名。这就是证书所在的位置。不清楚你们在问什么谢谢你们。我已经在下面发布了解决方案。您可以(也应该)将自己的答案标记为答案。:)
var adal = require('adal-node');
var authorityURL = '...';
var context = new adal.AuthenticationContext(authorityURL);
context.acquireTokenAsync(resourceURL, clientId, key, thumbprint);