我使用 https://certificatetools.com/newui/该工具生成了证书签名请求(CSR(,现在我想读取包括扩展名在内的所有字段。
例如,以工具中的 google.com 为例,它会生成以下 CSR:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = *.google.com, C = US, ST = California, L = Mountain View, O = Google LLC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e3:b5:a0:d8:........
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name:
DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, ...............
Signature Algorithm: sha256WithRSAEncryption
44:a0:41:41:88:66:......
目前,我正在通过以下方式阅读CSR:
FileReader fileReader = new FileReader("/..../cert.csr");
PemReader pemReader = new PemReader(fileReader);
PKCS10CertificationRequest csr =
new PKCS10CertificationRequest(pemReader.readPemObject().getContent());
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", csr.getEncoded()));
pemWriter.flush();
pemWriter.close();
String csrPEM = writer.toString();
System.out.println(csrPEM);
System.out.println("SUBJECT: " + csr.getSubject().toString());
如何读取其余字段(例如 X509v3 扩展密钥用法(?
谢谢。
目前,这是我在java程序中阅读CSR详细信息的方式,该程序运行良好。我正在阅读它以获取用户 uuid。
ByteArrayInputStream bais = new ByteArrayInputStream(csr);
CertificateRequest p10CertReq = new CertificateRequest(bais);
Name userDN = p10CertReq.getSubject();
String user = userDN.getRFC2253String();
iaik.pkcs.pkcs10.CertificateRequest对象公开可用于检索属性的getAttribute方法。