在 Android 上创建 PKCS10CertificationRequest

发布于 2024-09-07 02:59:30 字数 2118 浏览 9 评论 0原文

我对 android 和 java 都很陌生,所以希望我错过了 这里有一些简单的事情。我想做的就是创建一个简单的 PKCS10 证书签名请求。我有一些代码可以编译并 在我的 ubuntu 机器(java-6-openjdk)上运行,但抛出空指针 android模拟器中的异常:

        KeyPair myKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        X500Principal subject = new X500Principal("CN=Test V3 Certificate");
        PKCS10CertificationRequest csr = new PKCS10CertificationRequest
                        ( "SHA1withRSA",
                           subject,
                           myKeyPair.getPublic(),
                           null,
                           myKeyPair.getPrivate()
                );

        byte[] outBytes = csr.getEncoded();
        return new String(outBytes);

在调试器中我可以看到我显然构建了一个 PKCS10CertificationRequest,但我无法用它做任何事情(比如 getEncoded() 甚至 toString()) 没有错误。当我调用 getEncoded() 时,它失败了 安卓模拟器;这是堆栈跟踪:

06-22 04:41:06.143: WARN/System.err(337): java.lang.NullPointerException: obj == null
06-22 04:41:06.213: WARN/System.err(337):     at org.bouncycastle.asn1.ASN1Collection.addObject(ASN1Collection.java:95)
06-22 04:41:06.353: WARN/System.err(337):     at org.bouncycastle.asn1.DERSequence.<init>(DERSequence.java:34)
06-22 04:41:06.433: WARN/System.err(337):     at org.bouncycastle.asn1.x509.AlgorithmIdentifier.toASN1Object(AlgorithmIdentifier.java:
124)
06-22 04:41:06.453: WARN/System.err(337):     at org.bouncycastle.asn1.ASN1Encodable.getDERObject(ASN1Encodable.java:
77)
06-22 04:41:06.483: WARN/System.err(337):     at org.bouncycastle.asn1.DEROutputStream.writeObject(DEROutputStream.java:
74)
06-22 04:41:06.523: WARN/System.err(337):     at org.bouncycastle.asn1.DERSequence.encode(DERSequence.java:70)
06-22 04:41:06.544: WARN/System.err(337):     at org.bouncycastle.asn1.DEROutputStream.writeObject(DEROutputStream.java:
74)
06-22 04:41:06.593: WARN/System.err(337):     at org.bouncycastle.jce.PKCS10CertificationRequest.getEncoded(PKCS10CertificationRequest.java:
443)

我已经在 API 级别 7 和 8 上尝试过此操作。我知道有一个 我可以发布有关各种版本的大量其他详细信息 我的系统的组件。就像我说的,我对此很陌生,所以现在 我更多的是寻找一个前进的方向,而不是最终的结局 回答。

非常感谢,

亚当·麦克勒

I'm very new to android and java both, so hopefully I'm missing
something easy here. All I want to do is create a simple PKCS10
certificate signing request. I have some code that will compile and
run on my ubuntu box (java-6-openjdk), but throws a null pointer
exception in the android emulator:

        KeyPair myKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        X500Principal subject = new X500Principal("CN=Test V3 Certificate");
        PKCS10CertificationRequest csr = new PKCS10CertificationRequest
                        ( "SHA1withRSA",
                           subject,
                           myKeyPair.getPublic(),
                           null,
                           myKeyPair.getPrivate()
                );

        byte[] outBytes = csr.getEncoded();
        return new String(outBytes);

In the debugger I can see I have apparently constructed a
PKCS10CertificationRequest, but I can't do anything with it (like
getEncoded() or even toString()) without error. When I call getEncoded() it fails on the
android emulator; this is the stack trace:

06-22 04:41:06.143: WARN/System.err(337): java.lang.NullPointerException: obj == null
06-22 04:41:06.213: WARN/System.err(337):     at org.bouncycastle.asn1.ASN1Collection.addObject(ASN1Collection.java:95)
06-22 04:41:06.353: WARN/System.err(337):     at org.bouncycastle.asn1.DERSequence.<init>(DERSequence.java:34)
06-22 04:41:06.433: WARN/System.err(337):     at org.bouncycastle.asn1.x509.AlgorithmIdentifier.toASN1Object(AlgorithmIdentifier.java:
124)
06-22 04:41:06.453: WARN/System.err(337):     at org.bouncycastle.asn1.ASN1Encodable.getDERObject(ASN1Encodable.java:
77)
06-22 04:41:06.483: WARN/System.err(337):     at org.bouncycastle.asn1.DEROutputStream.writeObject(DEROutputStream.java:
74)
06-22 04:41:06.523: WARN/System.err(337):     at org.bouncycastle.asn1.DERSequence.encode(DERSequence.java:70)
06-22 04:41:06.544: WARN/System.err(337):     at org.bouncycastle.asn1.DEROutputStream.writeObject(DEROutputStream.java:
74)
06-22 04:41:06.593: WARN/System.err(337):     at org.bouncycastle.jce.PKCS10CertificationRequest.getEncoded(PKCS10CertificationRequest.java:
443)

I've tried this with both the API levels 7 and 8. I know there's a
ton of other details I could post about the versions of various
components of my system. Like I said, I'm new to this, so right now
I'm more looking for a direction to go in than necessarily a final
answer.

Thanks very much,

Adam Mackler

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

天气好吗我好吗 2024-09-14 02:59:30

您遇到了 BouncyCastle 错误。我不确定它是否已修复。我最终使用了自己的 PKCS10CertificateRequest。您只需要在构造函数中更改这一行

   this.sigAlgId = new AlgorithmIdentifier(sigOID, null);

即可

   this.sigAlgId = new AlgorithmIdentifier(sigOID);

You ran into a BouncyCastle bug. I am not sure it's fixed. I ended up using my own PKCS10CertificateRequest. You just need to change this one line in the constructor,

   this.sigAlgId = new AlgorithmIdentifier(sigOID, null);

to

   this.sigAlgId = new AlgorithmIdentifier(sigOID);
淡写薰衣草的香 2024-09-14 02:59:30

我知道旧帖子,但刚刚遇到了同样的问题并通过这篇文章解决了它。看来这个“bug”仍然存在。针对 2.3 Android。

通过使用反射解决了这个问题,所以只想在这里分享。只需注入“正确”构造的 AlgorithmIdentifier。

PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", subjectName, publicKey, null, privateKey, "BC");


//FIX ANDROID BUG BY REFLECTION
// 1.2.840.113549.1.1.5 == SHA1WithRSA (lookup identifier for your use)
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.5"));

Field field = CertificationRequest.class.getDeclaredField("sigAlgId");
field.setAccessible(true);
field.set(pkcs10, algorithmIdentifier);

//After this you can access the pkcs10 object.

Old post I know, but just ran into the same problem and solved it thanks to this post. Seems like this 'bug' is still around. Targeting a 2.3 Android.

Solved it by using reflection, so just wanted to share that here. Just injecting the 'correct' contructed AlgorithmIdentifier.

PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", subjectName, publicKey, null, privateKey, "BC");


//FIX ANDROID BUG BY REFLECTION
// 1.2.840.113549.1.1.5 == SHA1WithRSA (lookup identifier for your use)
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.5"));

Field field = CertificationRequest.class.getDeclaredField("sigAlgId");
field.setAccessible(true);
field.set(pkcs10, algorithmIdentifier);

//After this you can access the pkcs10 object.
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文