由使用Nimbus创建的Java PublicKey创建PEM证书

发布于 2025-01-24 02:03:48 字数 2154 浏览 2 评论 0 原文

我有一个集成，可以验证另一个服务创建的JSON。他们提供了公共终点，以获取公共证书以验证。

但是我正在为此设置测试，并希望与Nimbus创建相同的JWT，以使用我自己的私钥签名。所以我这样做（这是一个嵌套和加密的JWT）：

然后我想用一个模拟者模拟公共端点（ https://www.mock-server.com/ ）测试中的端点。问题是我尝试从senderjwk从senderjwk创建一个示例的pem证书：（

var encoded = senderJWK.toPublicKey().getEncoded();
var base64Encoded = Base64.getEncoder().encode(encoded);
return new String(base64Encoded, StandardCharsets.UTF_8);

还测试了 senderjwk.torsapublickey（）。

我使用真实证书不起作用。解析的代码看起来像：

private static RSAPublicKey readPublicKey(String publicKey) throws CertificateException {
    var bytes = Base64.getDecoder().decode(publicKey);
    var inStream = new ByteArrayInputStream(bytes);
    var certificateFactory = CertificateFactory.getInstance(X_509_CERTIFICATE_FACTORY);
    var certificate = (X509Certificate) certificateFactory.generateCertificate(inStream);
    return (RSAPublicKey) certificate.getPublicKey();
}

我遇到的错误是：

    java.io.IOException: Too short
        at java.base/sun.security.util.DerValue.<init>(DerValue.java:333)
        at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:109)
        at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1771)
        at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:183)
        ... 100 common frames omitted
    Wrapped by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Too short
        at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:186)
        at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:105)
        at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
        ... 95 common frames omitted

原文

I have an integration where I validate a JSON created by another service. They provide a public endpoint to fetch the public certificates to validate against.

But I am setting up a test for this and would like to create the same JWT with Nimbus to sign it with my own private key. So I do this like this (it's a nested and encrypted JWT):
https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt

Then I would like to simulate the public endpoint with a MockServer (https://www.mock-server.com/) endpoint in tests. The problem is that I try to create a PEM certificate from the public key from the senderJWK from the example like this:

var encoded = senderJWK.toPublicKey().getEncoded();
var base64Encoded = Base64.getEncoder().encode(encoded);
return new String(base64Encoded, StandardCharsets.UTF_8);

(I have also tested senderJWK.toRSAPublicKey().getEncoded().)

The code that works with the real certificate does not work to parse it. The code to parse it look like this:

private static RSAPublicKey readPublicKey(String publicKey) throws CertificateException {
    var bytes = Base64.getDecoder().decode(publicKey);
    var inStream = new ByteArrayInputStream(bytes);
    var certificateFactory = CertificateFactory.getInstance(X_509_CERTIFICATE_FACTORY);
    var certificate = (X509Certificate) certificateFactory.generateCertificate(inStream);
    return (RSAPublicKey) certificate.getPublicKey();
}

The error I am getting is:

    java.io.IOException: Too short
        at java.base/sun.security.util.DerValue.<init>(DerValue.java:333)
        at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:109)
        at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1771)
        at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:183)
        ... 100 common frames omitted
    Wrapped by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Too short
        at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:186)
        at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:105)
        at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
        ... 95 common frames omitted

分享到QQ

分享到微博