基于BouncyCastle,PKCS12添加CrlBag支持

2018-06-18 03:38:36来源:未知 阅读 ()

新老客户大回馈,云服务器低至5折

BouncyCastle的KeyStore(PKCS12KeyStorespi)默认支持KeyBag、PKCS8ShroudedKeyBag、CertBag。现阶段还没有任何一个p12生成工具支持添加CrlBag的。

直接对PKCS12KeyStorespi.java进行修改:

首先是engineLoad方法,直接在certbag的判断后添加对crlbag的判断:

else if (b.getBagId().equals(crlBag)) {
                            org.bouncycastle.asn1.pkcs.CRLBag crlB =
                                    org.bouncycastle.asn1.pkcs.CRLBag.getInstance(b.getBagValue());
                            // TODO set the attributes on the key
                            X509CRL crlx509 = null;
                            try {
                                InputStream crlIn = new ByteArrayInputStream(
                                        ((ASN1OctetString) crlB.getCrlValue()).getOctets());
                                crlx509 = (X509CRL) certFact.generateCRL(crlIn);
                            } catch (Exception e) {
                                // TODO: handle exception
                                new Exception(e.toString());
                            }

                            //
                            // set the attributes
                            //
                            ASN1OctetString localId = null;
                            String alias = null;

                            if (b.getBagAttributes() != null) {
                                Enumeration e = b.getBagAttributes().getObjects();
                                while (e.hasMoreElements()) {
                                    ASN1Sequence sq = (ASN1Sequence) e.nextElement();
                                    ASN1ObjectIdentifier aOid =
                                            (ASN1ObjectIdentifier) sq.getObjectAt(0);
                                    ASN1Set attrSet = (ASN1Set) sq.getObjectAt(1);

                                    if (attrSet.size() > 0) {
                                        ASN1Primitive attr = (ASN1Primitive) attrSet.getObjectAt(0);

                                        if (crlx509 instanceof PKCS12BagAttributeCarrier) {
                                            PKCS12BagAttributeCarrier bagAttr =
                                                    (PKCS12BagAttributeCarrier) crlx509;
                                            ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
                                            if (existing != null) {
                                                // OK, but the value has to be the same
                                                if (!existing.toASN1Primitive().equals(attr)) {
                                                    throw new IOException(
                                                            "attempt to add existing attribute with different value");
                                                }
                                            } else {
                                                bagAttr.setBagAttribute(aOid, attr);
                                            }
                                        }
                                        if (aOid.equals(pkcs_9_at_friendlyName)) {
                                            alias = ((DERBMPString) attr).getString();
                                            crls.put(alias, crlx509);
                                        } else if (aOid.equals(pkcs_9_at_localKeyId)) {
                                            localId = (ASN1OctetString) attr;
                                        }
                                    }
                                }
                            }

                            if (localId != null) {
                                String name = new String(Hex.encode(localId.getOctets()));

                                if (alias == null) {
                                    crls.put(name, crlx509);
                                } else {
                                    localIds.put(alias, name);
                                }
                            } else {
                                unmarkedCrl = true;
                                crls.put("unmarked", crlx509);
                            }
                        }
                    }
                } 

在engineLoad中,还需要对unmarkedCrl判断,虽说p9扩展是可添加也可不添加,但是对pfx处理的时候,还是需要localId作为Key存储在HashTable中。

if (unmarkedKey) {
  if (keyCerts.isEmpty()) {
        String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier()));
        keyCerts.put(name, cert);
        keys.put(name, keys.remove("unmarked"));
        }
    } else if (unmarkedCrl) {
         String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier()));
         crls.put(name, crls.remove("unmarked"));
        }

 

在外部生成pfx时,我们读取一个crl文件,直接转换为X509CRL文件格式存储在Pfx文件中,然后通过engineLoad方法解析pfx中包含的所有内容。解析后,存储在HashTable和IgnoresCaseHashtable中。以备doStore方法使用。

在doStore中,处理CRL:

        //
        // handle the crl
        //
        ASN1EncodableVector crlSeq = new ASN1EncodableVector();
        Enumeration crlbs = crls.keys();

        while (crlbs.hasMoreElements()) {
            byte[] crlSalt = new byte[SALT_SIZE];

            random.nextBytes(crlSalt);

            String name = (String) crlbs.nextElement();
            X509CRL x509crl = (X509CRL) crls.get(name);
            PKCS12PBEParams crlParams = new PKCS12PBEParams(crlSalt, MIN_ITERATIONS);
            AlgorithmIdentifier crlAlgId =
                    new AlgorithmIdentifier(keyAlgorithm, crlParams.toASN1Primitive());
            org.bouncycastle.asn1.pkcs.CRLBag crlbagInfo = null;
            try {
                crlbagInfo = new org.bouncycastle.asn1.pkcs.CRLBag(crlBag,
                        new DEROctetString(x509crl.getEncoded()));
            } catch (CRLException e) {
                new CRLException(e.toString());
            }
            boolean crlattrSet = false;
            ASN1EncodableVector crlName = new ASN1EncodableVector();

            if (x509crl instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) x509crl;
                //
                // make sure we are using the local alias on store
                //
                DERBMPString nm = (DERBMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
                if (nm == null || !nm.getString().equals(name)) {
                    bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
                }

                //
                // make sure we have a local key-id
                //
                if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
                    Certificate ct = engineGetCertificate(name);
                    bagAttrs.setBagAttribute(pkcs_9_at_localKeyId,
                            createSubjectKeyId(ct.getPublicKey()));
                }

                Enumeration e = bagAttrs.getBagAttributeKeys();

                while (e.hasMoreElements()) {
                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                    ASN1EncodableVector crlS = new ASN1EncodableVector();

                    crlS.add(oid);
                    crlS.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    crlName.add(new DERSequence(crlS));

                    crlattrSet = true;

                }
            }

            if (!crlattrSet) {
                //
                // set a default friendly name (from the key id) and local id
                //
                ASN1EncodableVector crlS = new ASN1EncodableVector();
                Certificate ct = engineGetCertificate(name);

                crlS.add(pkcs_9_at_localKeyId);
                crlS.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));

                crlName.add(new DERSequence(crlS));

                crlS = new ASN1EncodableVector();

                crlS.add(pkcs_9_at_friendlyName);
                crlS.add(new DERSet(new DERBMPString(name)));

                crlName.add(new DERSequence(crlS));
            }

            SafeBag crlsBag =
                    new SafeBag(crlBag, crlbagInfo.toASN1Primitive(), new DERSet(crlName));
            crlSeq.add(crlsBag);
        }

        byte[] CrlEncoded = new DERSequence(crlSeq).getEncoded(ASN1Encoding.DER);
        BEROctetString CrlString = new BEROctetString(CrlEncoded);

至此,CRL基本处理完成,添加到ContentInfo中即可:

 // safebag 按顺序放入contentinfo
 // keyBag | pkcs8ShroudedKeyBag | certBag | crlBag | secretBag | safeContentsBag
 ContentInfo[] info = new ContentInfo[] {new ContentInfo(data, keyString), 
                        new ContentInfo(encryptedData, cInfo.toASN1Primitive()),
                        new ContentInfo(data, CrlString)};

编写测试类,输出一个pfx:

package cn.com.infosec.PKCS12;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX500NameUtil;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;

public class PKCS12 {
    private static KeyPair keyPair;
    private static KeyPair CAkeyPair;
    private static String BC = "BC";
    private static char[] passwd = {'1', '2', '3', '4', '5', '6'};
    private static String certPath = "d:/test.pfx";
    private static String issuer =
            "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";

    static {
        try {
            // Client 秘钥对
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(1024);
            keyPair = kpg.generateKeyPair();

            // CA 秘钥对
            KeyPairGenerator kpca = KeyPairGenerator.getInstance("RSA");
            kpca.initialize(1024);
            CAkeyPair = kpca.generateKeyPair();

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    }

    public static void genPkx() throws Exception {
        PrivateKey privKey = keyPair.getPrivate();
        PublicKey pubKey = keyPair.getPublic();

        // 创建证书链
        X509Certificate[] chain = createCertChain(pubKey);

        // 创建Pfx
        PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain);
        //
        // now try reading our object
        //
        KeyStore store = KeyStore.getInstance("PKCS12", "BC");

        // initialize keystore with pfx
        store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd);
        // store.setKeyEntry("Eric's Key", privKey, passwd, chain);
        FileOutputStream fout = new FileOutputStream(certPath);

        store.store(fout, passwd);
        fout.close();
    }

    private static X509Certificate[] createCertChain(PublicKey pubKey) throws Exception {
        PrivateKey caPrivKey = CAkeyPair.getPrivate();
        PublicKey caPubKey = CAkeyPair.getPublic();
        PrivateKey intPrivKey = keyPair.getPrivate();
        PublicKey intPubKey = keyPair.getPublic();

        X509Certificate[] chain = new X509Certificate[3];

        chain[2] = createMasterCert(caPubKey, caPrivKey);
        chain[1] = createIntermediateCert(intPubKey, caPrivKey, chain[2]);
        chain[0] = createCert(pubKey, intPrivKey, intPubKey);
        return chain;
    }

    public static X509Certificate createMasterCert(PublicKey pubKey, PrivateKey privKey)
            throws Exception {
        //
        // signers name
        //
        String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";

        //
        // subjects name - the same as we are self signed.
        //
        String subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";

        //
        // create the certificate - version 3
        //
        X509v3CertificateBuilder v1CertBuilder =
                new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(1),
                        new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
                        new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
                        new X500Name(subject), pubKey);
        // sign with GM
        X509CertificateHolder cert = v1CertBuilder
                .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey));

        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
    }

    public static X509Certificate createIntermediateCert(PublicKey pubKey, PrivateKey caPrivKey,
            X509Certificate caCert) throws Exception {
        //
        // subject name builder.
        //
        X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE);

        subjectBuilder.addRDN(BCStyle.C, "AU");
        subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
        subjectBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate");
        subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");

        //
        // create the certificate - version 3
        //
        X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder(
                JcaX500NameUtil.getIssuer(caCert), BigInteger.valueOf(2),
                new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
                new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
                subjectBuilder.build(), pubKey);

        //
        // extensions
        //
        JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();

        v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false,
                utils.createSubjectKeyIdentifier(pubKey));

        v3CertBuilder.addExtension(Extension.authorityKeyIdentifier, false,
                utils.createAuthorityKeyIdentifier(caCert));

        v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));

        X509CertificateHolder cert = v3CertBuilder
                .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey));

        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
    }

    public static X509Certificate createCert(PublicKey pubKey, PrivateKey caPrivKey,
            PublicKey caPubKey) throws Exception {
        //
        // signer name builder.
        //
        X500NameBuilder issuerBuilder = new X500NameBuilder(BCStyle.INSTANCE);

        issuerBuilder.addRDN(BCStyle.C, "AU");
        issuerBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
        issuerBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate");
        issuerBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");

        //
        // subject name builder
        //
        X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE);

        subjectBuilder.addRDN(BCStyle.C, "AU");
        subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
        subjectBuilder.addRDN(BCStyle.L, "Melbourne");
        subjectBuilder.addRDN(BCStyle.CN, "Eric H. Echidna");
        subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");

        //
        // create the certificate - version 3
        //
        X509v3CertificateBuilder v3CertBuilder =
                new JcaX509v3CertificateBuilder(issuerBuilder.build(), BigInteger.valueOf(3),
                        new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
                        new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
                        subjectBuilder.build(), pubKey);


        //
        // add the extensions
        //
        JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();

        v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false,
                utils.createSubjectKeyIdentifier(pubKey));

        v3CertBuilder.addExtension(Extension.authorityKeyIdentifier, false,
                utils.createAuthorityKeyIdentifier(caPubKey));

        X509CertificateHolder cert = v3CertBuilder
                .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey));

        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
    }

    private static PKCS12PfxPdu createPfx(PrivateKey privKey, PublicKey pubKey,
            X509Certificate[] chain) throws Exception {
        JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();

        PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);

        // Cert Bag
        // CA ta
        taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("Bouncy Primary Certificate"));

        PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);

        // Inter ca
        caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("Bouncy Intermediate Certificate"));

        PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);

        // user ee
        eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("Eric's Key"));
        eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
                extUtils.createSubjectKeyIdentifier(pubKey));


        // TODO
        PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey,
                new BcPKCS12PBEOutputEncryptorBuilder(
                        PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC,
                        new CBCBlockCipher(new DESedeEngine())).build(passwd));

        keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("Eric's Key"));
        keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
                extUtils.createSubjectKeyIdentifier(pubKey));

        // CRL Bag
        X509CRL crl = CrlBag();
        X509CRLHolder acrl = new X509CRLHolder(crl.getEncoded());
        PKCS12SafeBagBuilder crlBagBuilder = new PKCS12SafeBagBuilder(acrl.toASN1Structure());
        crlBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("Eric's Key"));
        crlBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
                extUtils.createSubjectKeyIdentifier(pubKey));

        // construct the actual key store
        //
        PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();

        PKCS12SafeBag[] certs = new PKCS12SafeBag[3];

        certs[0] = eeCertBagBuilder.build();
        certs[1] = caCertBagBuilder.build();
        certs[2] = taCertBagBuilder.build();

        // TODO
        pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(
                PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC,
                new CBCBlockCipher(new RC2Engine())).build(passwd), certs);

        pfxPduBuilder.addData(keyBagBuilder.build());
        pfxPduBuilder.addData(crlBagBuilder.build());

        return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd);

    }


    public static X509CRL CrlBag() throws Exception {
        FileInputStream fis = new FileInputStream("D:\\GIAG2.crl");
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRL aCrl = (X509CRL) cf.generateCRL(fis);
        return aCrl;

    }

    public static void main(String[] args) throws Exception {
        BouncyCastleProvider bcp = new BouncyCastleProvider();
        Security.addProvider(bcp);
        genPkx();
    }
}
View Code

使用openssl查看:

OpenSSL> pkcs12 -in D:\test.pfx -info
Enter Import Password:
MAC:sha1 Iteration 1024
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 51200
Bag Attributes
    localKeyID: F3 32 9A 1E EC 9C A8 E7 87 E2 73 28 74 AC E5 A7 8A 19 C2 A4
    friendlyName: f3329a1eec9ca8e787e2732874ace5a78a19c2a4
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXykO/vFWOcMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMtSfWOttU3iBIICgBd5cr9SQN9l
jdxNRqgqeb+Q8seSo2sDQVbhIggc/kUQgDuXgR71kNxnlqU/qtZul/DWZbCZTgGX
2V/vRO9bd3Y4/YNuxWBDRqxsD3rWWq0YNrkKyh0pApW/R5t1/AeQgADCSOzN5FLz
fOLN76ZbDpxtQVitt09wu1I1F8ui7QicS3kwiCV6TQZHyoere7dv1QYt5mGmZnj9
luPRB6TcXMVKRnGYZki4AVx9Yc7XudC9pd5QPSlD4wJj3gap1mreOqvryxbU4dcl
YLh+itTgeB4DIRzhj3liooJic+iNuICyULPpr3Tqj9JKbQFkICxZpQGhZ8L/AuXu
aBC1jNdSLaMb+7PtCCXcH667A2zyUuD+/LLwqnvpfHFrYeelyFOY5nKC4UgsueHP
t+MHldLYeJh/EzqoulbdTNTz90MocOgPgc6TBkfwlaiWOiLfLkFjkDjF1P64RxM9
PX1KoQDrsgIA2bEa28ZG0qUx/I6ENz9Nn/9IOV0uyWxct/WCEpdDIUSBJHbVHvX4
Nm+3rfOdK3av4vJTqGzaqRAGZQ7iAoHfOGhlnq6T1Q/Xs6SjCnLM7nARh0o0JE3q
B7HDs2miXVzjZvYaT5or5tIsYm3WpLybx1gLtw4Bi98srnLQwuAQiQcwWL65+OT/
F9fBr3rQOzgQ8fauo/s6YWX/qwMuGPeK4KpZ7/F36rUGVzd5SiehZ0LIUJo+t6te
iHT6q3JD+lADojXD5+Dvf5zGM35nnf+VjwnriBveVppenCm/nshwxo/gHWoBIRFL
Q/VI3//vkl5mrfHyrt8fBCsp1mgkR3E9dL9lFKt3vw615bJm7olgWKvLjXHqyrPD
gD1mYgrCH+E=
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 51200
Certificate bag
Bag Attributes
    localKeyID: F3 32 9A 1E EC 9C A8 E7 87 E2 73 28 74 AC E5 A7 8A 19 C2 A4
    friendlyName: f3329a1eec9ca8e787e2732874ace5a78a19c2a4
subject=/C=AU/O=The Legion of the Bouncy Castle/L=Melbourne/CN=Eric H. Echidna/emailAddress=feedback-crypto@bouncycastle.org
issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Intermediate Certificate/emailAddress=feedback-crypto@bouncycastle.org
-----BEGIN CERTIFICATE-----
MIIC4jCCAkugAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCQVUx
KDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNV
BAsMH0JvdW5jeSBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0B
CQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTE3MTIzMDAy
MDU0NFoXDTE4MDIyODAyMDU0NFowgZYxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9U
aGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3Vy
bmUxGDAWBgNVBAMMD0VyaWMgSC4gRWNoaWRuYTEvMC0GCSqGSIb3DQEJARYgZmVl
ZGJhY2stY3J5cHRvQGJvdW5jeWNhc3RsZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAIxalHTxlstm+f3wwL7R9LmTKqz3VGQsMxQU0uLybDMBgeWdpatm
yvHud+0oOzrfwaGzcduRUx7+0B1cnzMCvM3snVxUcGJmH/gcF5+pBXOPIbBlfyKY
gwnUx/B4QyOxZKkoZ93yf/fhlldWNkWwjfN3YqSGGpPie8nWCSPX0iPNAgMBAAGj
QjBAMB0GA1UdDgQWBBTzMpoe7Jyo54ficyh0rOWnihnCpDAfBgNVHSMEGDAWgBTz
Mpoe7Jyo54ficyh0rOWnihnCpDANBgkqhkiG9w0BAQUFAAOBgQBImpjBAY5P7ol0
Dfnu4jTgaedgpss5oC9zsi4RC8NOan040o1WVNif2924TMaSv5B5oyiZWUGJLt1r
JLCfYtZX3dAwWpIFnKPSXPcezcTorUWTD78f7+Qs6aax5arN6inxC8LzEWOzeyRw
MpOmsgTMhDJjltNNAnF6jOe6rxDALg==
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
    friendlyName: Bouncy Primary Certificate
subject=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate
issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJBVTEo
MCYGA1UECgwfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UE
CwwaQm91bmN5IFByaW1hcnkgQ2VydGlmaWNhdGUwHhcNMTcxMjMwMDIwNTQ0WhcN
MTgwMjI4MDIwNTQ0WjBcMQswCQYDVQQGEwJBVTEoMCYGA1UECgwfVGhlIExlZ2lv
biBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECwwaQm91bmN5IFByaW1hcnkg
Q2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZeos3VmEH5
ArZnt5y5XwvHmdUPg0WNxSAe33xwipx33ge1tT9MYyDkXOvmywk234D9uAyblkY/
HvMAapNrGbVk6C5NRCpFjwW1YWa92DMWi9RDetMnDw1cv+WkaQqLbeaaeEhoZ2OB
HrvzKJhiB8d02c6T3KO6araImqMBD9d5AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA
axNdt0JvRmdw67VvoioAiY8c0iTy0/Ic2cINDhBeMlyX6eiseCpovDzcIZVS8C57
o1eSjwuaBy5WwDQOvQbZ74pVO1setHo6tfRpmigwc1u6gaDxxKL50PyZ22PS550u
46f3rw+XjhGfoQwileXMPJ8hJHqMZQuHjsAy4+eJS3c=
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
    friendlyName: Bouncy Intermediate Certificate
subject=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Intermediate Certificate/emailAddress=feedback-crypto@bouncycastle.org
issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate
-----BEGIN CERTIFICATE-----
MIIDIzCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJBVTEo
MCYGA1UECgwfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UE
CwwaQm91bmN5IFByaW1hcnkgQ2VydGlmaWNhdGUwHhcNMTcxMjMwMDIwNTQ0WhcN
MTgwMjI4MDIwNTQ0WjCBkjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdp
b24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNVBAsMH0JvdW5jeSBJbnRlcm1l
ZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0
b0Bib3VuY3ljYXN0bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM
WpR08ZbLZvn98MC+0fS5kyqs91RkLDMUFNLi8mwzAYHlnaWrZsrx7nftKDs638Gh
s3HbkVMe/tAdXJ8zArzN7J1cVHBiZh/4HBefqQVzjyGwZX8imIMJ1MfweEMjsWSp
KGfd8n/34ZZXVjZFsI3zd2KkhhqT4nvJ1gkj19IjzQIDAQABo4G9MIG6MB0GA1Ud
DgQWBBTzMpoe7Jyo54ficyh0rOWnihnCpDCBhAYDVR0jBH0we4AULrvQaIUwE+yo
EpZVQuovt3Dj2mGhYKReMFwxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVn
aW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMSMwIQYDVQQLDBpCb3VuY3kgUHJpbWFy
eSBDZXJ0aWZpY2F0ZYIBATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
BQUAA4GBADkgMlIUOSub1ypi8RlKfBl54SennqwOSfDu63W0cbkLF2uCOxRTTLQo
gCoTwMOUrO/9xWEnY78iS1KXO8+yhZuTFKRjzO4DXUOLgSVQdfoxi9rZtZIfjCaT
wHLSzOEYWO3lOAov61uZDzijrzJdQidocbAxdMHdSR5jSJ2M1xtn
-----END CERTIFICATE-----
PKCS7 Data
Warning unsupported bag type: crlBag

OPENSSL现阶段是无法读取crlBag的,现阶段可能实际场景应用极少。加就加上了。

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:2018年网易Java笔试题

下一篇:在Linux下JDK安装