java.security.KeyStore 仅显示 p12 文件中两个证书之一

发布于 2024-10-29 18:55:46 字数 420 浏览 4 评论 0原文

好的,我通过执行以下操作导出了浏览器中的所有证书:工具、选项...、高级、加密、查看证书、您的证书、全部备份...(这是在 Firefox 中)。

证书列表中有 4 个证书,其中两个证书位于一个名称下并具有不同的序列号,另外两个证书位于不同的名称下并具有另外两个不同的序列号。因此,总的来说,有四个证书,其中两对具有相同的名称但不同的序列号。

如果我将此 p12 文件导入到另一台计算机上的另一个浏览器中,我将获得所有四个证书(如预期)。

-- 但是 --

当我使用 java.security.* 包打开 p12 文件并查看 size() 时,它仅显示 p12 文件中的两个证书。当我循环浏览别名时,我只看到两个证书。 KeyStore 对象中是否有某些内容允许我访问所有四个证书?这很困难,因为两对的别名相同,只是序列号不同。预先感谢您可以提供的任何帮助。

Ok, I exported all the certs in my browser by doing this: Tools, Options..., Advanced, Encryption, View Certificates, Your Certificates, Backup All... (this is in Firefox).

There are 4 certs in the list of Certificates, two are under one Name and have distinct serial numbers, and the other two are under a different name and have two other distinct serial numbers. So, in summary, there are four certs, two pair have the same name but distinct serial numbers.

If I were to import this p12 file into another browser on another machine I get all four certs (as expected).

-- BUT --

When I open the p12 file with the java.security.* package and look at the size(), it shows only two certs in the p12 file. When I loop through the aliases I see only two certs. Is there something in the KeyStore object that allows me access to all four certs? It's tough because the aliases are the same for the two pairs, only the serial numbers are different. Thanks in advance for any help you can provide.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

为你拒绝所有暧昧 2024-11-05 18:55:46

好吧,回答我自己的古老问题...我了解到 Java 不太擅长读取 p12 文件。它使用每个证书的别名作为密钥创建一个哈希图,因此如果有两个具有相同别名的证书,Java 将用具有相同别名(密钥)的第二个证书破坏第一个证书,从而导致每个别名只有一个证书。

将证书导入浏览器时,浏览器会获取 p12 文件中的所有条目(不关心别名)。

我解决这个问题的方法是使用 Java 运行时执行功能来调用 openssl 并将每个证书的输出通过管道传输到字符串中,并使用该字符串创建 X509Certificate。这是一些示例代码(我无法复制和粘贴,因为我的开发盒未连接互联网):

private ArrayList<X509Certificate> parseCerts( String fileName, String pwd ) {
   ArrayList certsFromP12File = new ArrayList();
   String cmdLine = "/usr/bin/openssl pkcs12 -info -in " + fileName + " -clcerts -nokeys -passin pass:" + pwd;

   String line;

   Process p = Runtime.getRuntime().exec( cmdLine );

   BufferedReader input = new BufferedReader( new InputStreamReader( p.getInputStream() ) );

   boolean readingCert = false;
   boolean gotCertToProcess = false;
   String certString;

   while ((line=input.readLine()) != null ) {
      if ( line.contains("-----BEGIN CERTIFICATE-----") ) {
         readingCert = true;
      }
      if ( readingCert ) {
         certString += line + System.getProperty("line.separator");
      }
      if ( line.contains("-----END CERTIFICATE-----") ) {
         readingCert = false;
         getCertToProcess = true;
      }
      if ( gotCertToProcess ) {
         X509Certificate cert = null;
         byte[] cert_bytes = certString.getBytes();
         ByteArrayInputStream certInputStream = new ByteArrayInputStream(cert_bytes);
         cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate( certInputStream );
         certsFromP12File.add( cert );
         gotCertToProcess = false;
         certString = "";
      }
   }
   input.close();

   return certsfromP12File;
}

希望对其他人有帮助。 :)

Ok, to answer my own ancient question... I learned that Java is not that good at reading p12 files. It creates a hashmap using the alias of each certificate as the key so if there are two certs with the same alias, Java will clobber the first cert with the second cert with the same alias (key), rsulting in only one cert per alias.

When importing the certs into a browser, the browser takes all the entries in the p12 file (not caring about the aliases).

The way I worked around this was to use Java runtime exec functionality to call openssl and pipe the output of each cert into a String and using that string to create an X509Certificate. Here's some sample code (I cannot copy and paste as my dev box is not internet connected):

private ArrayList<X509Certificate> parseCerts( String fileName, String pwd ) {
   ArrayList certsFromP12File = new ArrayList();
   String cmdLine = "/usr/bin/openssl pkcs12 -info -in " + fileName + " -clcerts -nokeys -passin pass:" + pwd;

   String line;

   Process p = Runtime.getRuntime().exec( cmdLine );

   BufferedReader input = new BufferedReader( new InputStreamReader( p.getInputStream() ) );

   boolean readingCert = false;
   boolean gotCertToProcess = false;
   String certString;

   while ((line=input.readLine()) != null ) {
      if ( line.contains("-----BEGIN CERTIFICATE-----") ) {
         readingCert = true;
      }
      if ( readingCert ) {
         certString += line + System.getProperty("line.separator");
      }
      if ( line.contains("-----END CERTIFICATE-----") ) {
         readingCert = false;
         getCertToProcess = true;
      }
      if ( gotCertToProcess ) {
         X509Certificate cert = null;
         byte[] cert_bytes = certString.getBytes();
         ByteArrayInputStream certInputStream = new ByteArrayInputStream(cert_bytes);
         cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate( certInputStream );
         certsFromP12File.add( cert );
         gotCertToProcess = false;
         certString = "";
      }
   }
   input.close();

   return certsfromP12File;
}

Hope that helps others. :)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文