本文介紹了CMP證書請(qǐng)求的處理方法,對(duì)大家解決問題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!
問題描述
我正在使用以下代碼向終結(jié)點(diǎn)發(fā)送CMP證書請(qǐng)求:
public static void main(String[] args) {
try
{
System.out.println("In...");
final BigInteger certReqId = BigInteger.valueOf(1);
final byte[] senderNonce = "12345".getBytes();
final byte[] transactionId = "23456".getBytes();
KeyPairGenerator kpi = KeyPairGenerator.getInstance("RSA");
kpi.initialize(2048);
KeyPair keyPair = kpi.generateKeyPair();
// Now on to the CMP
CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(certReqId);
X500Name issuerDN = new X500Name("CN=ManagementCA");
X500Name subjectDN = new X500Name("CN=user");
msgbuilder.setIssuer(issuerDN);
msgbuilder.setSubject(subjectDN);
final byte[] bytes = keyPair.getPublic().getEncoded();
final ByteArrayInputStream bIn = new ByteArrayInputStream(bytes);
final ASN1InputStream dIn = new ASN1InputStream(bIn);
final SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
dIn.close();
msgbuilder.setPublicKey(keyInfo);
GeneralName sender = new GeneralName(subjectDN);
msgbuilder.setAuthInfoSender(sender);
// RAVerified POP
msgbuilder.setProofOfPossessionRaVerified();
CertificateRequestMessage msg = msgbuilder.build();
org.bouncycastle.asn1.crmf.CertReqMessages msgs = new org.bouncycastle.asn1.crmf.CertReqMessages(msg.toASN1Structure());
org.bouncycastle.asn1.cmp.PKIBody pkibody = new org.bouncycastle.asn1.cmp.PKIBody(org.bouncycastle.asn1.cmp.PKIBody.TYPE_INIT_REQ, msgs);
// Message protection and final message
GeneralName recipient = new GeneralName(issuerDN);
ProtectedPKIMessageBuilder pbuilder = new ProtectedPKIMessageBuilder(sender, recipient);
pbuilder.setMessageTime(new Date());
// senderNonce
pbuilder.setSenderNonce(senderNonce);
// TransactionId
pbuilder.setTransactionID(transactionId);
// Key Id used (required) by the recipient to do a lot of stuff
pbuilder.setSenderKID("KeyID".getBytes());
pbuilder.setBody(pkibody);
JcePKMACValuesCalculator jcePkmacCalc = new JcePKMACValuesCalculator();
final AlgorithmIdentifier digAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")); // SHA1
final AlgorithmIdentifier macAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.7")); // HMAC/SHA1
jcePkmacCalc.setup(digAlg, macAlg);
PKMACBuilder macbuilder = new PKMACBuilder(jcePkmacCalc);
MacCalculator macCalculator = macbuilder.build("47GKM7h06sfl".toCharArray());
ProtectedPKIMessage message = pbuilder.build(macCalculator);
PKIMessage pkiMessage = message.toASN1Structure();
byte[] new_bytes = sendCmpHttp(pkiMessage.getEncoded());
} catch (Exception e) {
e.printStackTrace();
}
}
private static byte[] sendCmpHttp(byte[] message ) throws IOException {
// POST the CMP request
final String urlString = "endpoint";
// final String urlString = "http://localhost/ejbca/publicweb/cmp";
URL url = new URL(urlString);
final HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setDoOutput(true);
con.setRequestMethod("POST");
con.setRequestProperty("Content-type", "application/pkixcmp");
con.connect();
// POST it
OutputStream os = con.getOutputStream();
os.write(message);
os.close();
System.out.println("httpRespCode: " + con.getResponseCode());
System.out.println("Content Type: " + con.getContentType());
System.out.println("CacheControl:" + con.getHeaderField("Cache-Control"));
System.out.println("Pragma:" + con.getHeaderField("Pragma"));
System.out.println("Pragma:" + con.getResponseMessage());
// Now read in the bytes
ByteArrayOutputStream baos = new ByteArrayOutputStream();
// This works for small requests, and CMP requests are small enough
InputStream in = con.getInputStream();
int b = in.read();
while (b != -1) {
baos.write(b);
b = in.read();
}
baos.flush();
in.close();
byte[] respBytes = baos.toByteArray();
System.out.println(baos.toString());
// is Null respBytes);
// respBytes.length > 0
return respBytes;
}
當(dāng)我將字節(jié)響應(yīng)轉(zhuǎn)換為字符串時(shí),我得到一些不可讀的字符+POPO驗(yàn)證失敗。
推薦答案
您得到的響應(yīng)不是字符串,而是PKIMessage對(duì)象。您可以通過以下方式將二進(jìn)制數(shù)據(jù)轉(zhuǎn)換為對(duì)象:
ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(new_bytes));
PKIMessage pkiMessage = PKIMessage.getInstance(is.readObject());
GeneralPKIMessage generalPKIMessage = new GeneralPKIMessage(pkiMessage.getEncoded());
System.out.println(generalPKIMessage);
對(duì)于失敗和成功的cmp操作,您都會(huì)獲得一個(gè)PKIMessage對(duì)象。您可以在該對(duì)象中找到錯(cuò)誤消息或用戶證書(取決于您正在執(zhí)行的CMP操作)。
這篇關(guān)于CMP證書請(qǐng)求的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,
