如何将 X509Certificate 转换为 Java 中的 PEM 字符串?
How do I convert X509Certificiate to a PEM string in Java?
安全对象有多种格式。有时您需要 X509Certificate,有时您需要它作为 PEM 编码字符串。如何从 X509Certificate 格式转换为 PEM?
制作这个(X509证书):
[0] Version: 3
SerialNumber: 95573
IssuerDN: C=US,ST=California,OU=PDX,O=Example Inc.,CN=Example Cust Issuing CA 1
Start Date: Wed Jan 13 14:21:12 PST 2016
Final Date: Sat Jan 14 14:21:12 PST 2017
SubjectDN: C=US,ST=California,OU=TEST,O=Example,CN=vm1452810069963
Public Key: RSA Public Key
modulus: 9c2b98b154cbd2bdaed82271e2324e73589356cab9a762b8ba7248fab236347eb44d19322696109e
[...]
c0868c88e5e7bc09baadb48cf85c631d
public exponent: 10001
Signature Algorithm: SHA256WITHRSA
Signature: 2197491b50f69c317c7b930634d487744f4502cc
[...]
dfcb0a75ba67f94b958d2edc2c6cea9a
Extensions:
critical(false) 2.5.29.35 value = Sequence
Tagged [0] IMPLICIT
DER Octet String[32]
Tagged [1]
Tagged [4]
DER Sequence
DER Set
DER Sequence
ObjectIdentifier(2.5.4.6)
PrintableString(US)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.8)
PrintableString(California)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.11)
PrintableString(PDX)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.10)
PrintableString(Example Inc.)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.3)
PrintableString(Example Cust Policy CA 1)
Tagged [2] IMPLICIT
DER Octet String[3]
critical(false) 2.5.29.14 value = DER Octet String[32]
critical(true) BasicConstraints: isCa(false)
critical(true) KeyUsage: 0x80
critical(false) 1.3.6.1.5.5.7.1.1 value = Sequence
Sequence
ObjectIdentifier(1.3.6.1.5.5.7.48.1)
Tagged [6] IMPLICIT
DER Octet String[26]
进入此(PEM 格式):
-----BEGIN CERTIFICATE-----
MIIEcDCCA1igAwIBAgIDAXVVMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNVBAYTAlVT
[...]
Ksl1vpZ3T96C6UnU3I9c4arhsSbfywp1umf5S5WNLtwsbOqa
-----END CERTIFICATE-----
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
public static String x509CertificateToPem(final X509Certificate cert) throws IOException {
final StringWriter writer = new StringWriter();
final JcaPEMWriter pemWriter = new JcaPEMWriter(writer);
pemWriter.writeObject(cert);
pemWriter.flush();
pemWriter.close();
return writer.toString();
}
据我所知,JcaPEMWriter 可以接受不同的格式并将它们写入 PEM 字符串。例如:
public static String convertCertToPem(final PKCS10CertificationRequest certRequest) throws IOException {
final StringWriter writer = new StringWriter();
final JcaPEMWriter pemWriter = new JcaPEMWriter(writer);
pemWriter.writeObject(certRequest);
pemWriter.flush();
pemWriter.close();
return writer.toString();
}
除了输入的是 PCKS10CertificateRequest 而不是 X509Certificate 之外,代码与上面相同。
安全对象有多种格式。有时您需要 X509Certificate,有时您需要它作为 PEM 编码字符串。如何从 X509Certificate 格式转换为 PEM?
制作这个(X509证书):
[0] Version: 3
SerialNumber: 95573
IssuerDN: C=US,ST=California,OU=PDX,O=Example Inc.,CN=Example Cust Issuing CA 1
Start Date: Wed Jan 13 14:21:12 PST 2016
Final Date: Sat Jan 14 14:21:12 PST 2017
SubjectDN: C=US,ST=California,OU=TEST,O=Example,CN=vm1452810069963
Public Key: RSA Public Key
modulus: 9c2b98b154cbd2bdaed82271e2324e73589356cab9a762b8ba7248fab236347eb44d19322696109e
[...]
c0868c88e5e7bc09baadb48cf85c631d
public exponent: 10001
Signature Algorithm: SHA256WITHRSA
Signature: 2197491b50f69c317c7b930634d487744f4502cc
[...]
dfcb0a75ba67f94b958d2edc2c6cea9a
Extensions:
critical(false) 2.5.29.35 value = Sequence
Tagged [0] IMPLICIT
DER Octet String[32]
Tagged [1]
Tagged [4]
DER Sequence
DER Set
DER Sequence
ObjectIdentifier(2.5.4.6)
PrintableString(US)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.8)
PrintableString(California)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.11)
PrintableString(PDX)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.10)
PrintableString(Example Inc.)
DER Set
DER Sequence
ObjectIdentifier(2.5.4.3)
PrintableString(Example Cust Policy CA 1)
Tagged [2] IMPLICIT
DER Octet String[3]
critical(false) 2.5.29.14 value = DER Octet String[32]
critical(true) BasicConstraints: isCa(false)
critical(true) KeyUsage: 0x80
critical(false) 1.3.6.1.5.5.7.1.1 value = Sequence
Sequence
ObjectIdentifier(1.3.6.1.5.5.7.48.1)
Tagged [6] IMPLICIT
DER Octet String[26]
进入此(PEM 格式):
-----BEGIN CERTIFICATE-----
MIIEcDCCA1igAwIBAgIDAXVVMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNVBAYTAlVT
[...]
Ksl1vpZ3T96C6UnU3I9c4arhsSbfywp1umf5S5WNLtwsbOqa
-----END CERTIFICATE-----
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
public static String x509CertificateToPem(final X509Certificate cert) throws IOException {
final StringWriter writer = new StringWriter();
final JcaPEMWriter pemWriter = new JcaPEMWriter(writer);
pemWriter.writeObject(cert);
pemWriter.flush();
pemWriter.close();
return writer.toString();
}
据我所知,JcaPEMWriter 可以接受不同的格式并将它们写入 PEM 字符串。例如:
public static String convertCertToPem(final PKCS10CertificationRequest certRequest) throws IOException {
final StringWriter writer = new StringWriter();
final JcaPEMWriter pemWriter = new JcaPEMWriter(writer);
pemWriter.writeObject(certRequest);
pemWriter.flush();
pemWriter.close();
return writer.toString();
}
除了输入的是 PCKS10CertificateRequest 而不是 X509Certificate 之外,代码与上面相同。