从Java中的PEM格式文件中提取多个X.509证书
我有一个方法,使用bouncycastle库从给定的PEM格式文件中提取X.509证书 进口:从Java中的PEM格式文件中提取多个X.509证书,java,ssl,certificate,bouncycastle,x509,Java,Ssl,Certificate,Bouncycastle,X509,我有一个方法,使用bouncycastle库从给定的PEM格式文件中提取X.509证书 进口: import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.security.cert.CertificateException; import java
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
方法:
/**
* Reads an X509 certificate from a PEM file.
*
* @param certificateFile The PEM file.
* @return the X509 certificate, or null.
* @throws IOException if reading the file fails
* @throws CertificateException if parsing the certificate fails
*/
public static X509Certificate readCertificatePEMFile(File certificateFile) throws IOException, CertificateException {
if (certificateFile.exists() && certificateFile.canRead()) {
try (InputStream inStream = new FileInputStream(certificateFile)) {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(inStream))) {
Object object = pemParser.readObject();
if (object != null && object instanceof X509CertificateHolder) {
return new JcaX509CertificateConverter().getCertificate( (X509CertificateHolder)object );
}
}
}
}
return null;
}
这适用于“普通”证书文件,例如服务器证书。
如果我有一个CA链证书文件,其中包含多个证书,我如何从该文件中提取所有证书(显示的方法仅提取文件中的第一个证书)。试试这段代码,它可以处理多个证书和私钥条目im PEM文件
Security.addProvider(new BouncyCastleProvider());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
while((object = pemParser.readObject())!=null)
{
if(object instanceof X509CertificateHolder)
{
X509Certificate x509Cert = (X509Certificate) new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
}
else if(object instanceof PEMEncryptedKeyPair)
{
if(password==null) throw new IllegalArgumentException("Password required for parsing RSA Private key");
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}
else if(object instanceof PEMKeyPair)
{
converter.getKeyPair((PEMKeyPair) object);
}
}
您是否尝试调用
pemParser.readObject()代码>多次,直到对象
为空?