基于BouncyCastle,PKCS12添加CrlBag支持
2018-06-18 03:38:36来源:未知 阅读 ()
BouncyCastle的KeyStore(PKCS12KeyStorespi)默认支持KeyBag、PKCS8ShroudedKeyBag、CertBag。现阶段还没有任何一个p12生成工具支持添加CrlBag的。
直接对PKCS12KeyStorespi.java进行修改:
首先是engineLoad方法,直接在certbag的判断后添加对crlbag的判断:
else if (b.getBagId().equals(crlBag)) { org.bouncycastle.asn1.pkcs.CRLBag crlB = org.bouncycastle.asn1.pkcs.CRLBag.getInstance(b.getBagValue()); // TODO set the attributes on the key X509CRL crlx509 = null; try { InputStream crlIn = new ByteArrayInputStream( ((ASN1OctetString) crlB.getCrlValue()).getOctets()); crlx509 = (X509CRL) certFact.generateCRL(crlIn); } catch (Exception e) { // TODO: handle exception new Exception(e.toString()); } // // set the attributes // ASN1OctetString localId = null; String alias = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence) e.nextElement(); ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier) sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set) sq.getObjectAt(1); if (attrSet.size() > 0) { ASN1Primitive attr = (ASN1Primitive) attrSet.getObjectAt(0); if (crlx509 instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) crlx509; ASN1Encodable existing = bagAttr.getBagAttribute(aOid); if (existing != null) { // OK, but the value has to be the same if (!existing.toASN1Primitive().equals(attr)) { throw new IOException( "attempt to add existing attribute with different value"); } } else { bagAttr.setBagAttribute(aOid, attr); } } if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString) attr).getString(); crls.put(alias, crlx509); } else if (aOid.equals(pkcs_9_at_localKeyId)) { localId = (ASN1OctetString) attr; } } } } if (localId != null) { String name = new String(Hex.encode(localId.getOctets())); if (alias == null) { crls.put(name, crlx509); } else { localIds.put(alias, name); } } else { unmarkedCrl = true; crls.put("unmarked", crlx509); } } } }
在engineLoad中,还需要对unmarkedCrl判断,虽说p9扩展是可添加也可不添加,但是对pfx处理的时候,还是需要localId作为Key存储在HashTable中。
if (unmarkedKey) { if (keyCerts.isEmpty()) { String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); keyCerts.put(name, cert); keys.put(name, keys.remove("unmarked")); } } else if (unmarkedCrl) { String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); crls.put(name, crls.remove("unmarked")); }
在外部生成pfx时,我们读取一个crl文件,直接转换为X509CRL文件格式存储在Pfx文件中,然后通过engineLoad方法解析pfx中包含的所有内容。解析后,存储在HashTable和IgnoresCaseHashtable中。以备doStore方法使用。
在doStore中,处理CRL:
// // handle the crl // ASN1EncodableVector crlSeq = new ASN1EncodableVector(); Enumeration crlbs = crls.keys(); while (crlbs.hasMoreElements()) { byte[] crlSalt = new byte[SALT_SIZE]; random.nextBytes(crlSalt); String name = (String) crlbs.nextElement(); X509CRL x509crl = (X509CRL) crls.get(name); PKCS12PBEParams crlParams = new PKCS12PBEParams(crlSalt, MIN_ITERATIONS); AlgorithmIdentifier crlAlgId = new AlgorithmIdentifier(keyAlgorithm, crlParams.toASN1Primitive()); org.bouncycastle.asn1.pkcs.CRLBag crlbagInfo = null; try { crlbagInfo = new org.bouncycastle.asn1.pkcs.CRLBag(crlBag, new DEROctetString(x509crl.getEncoded())); } catch (CRLException e) { new CRLException(e.toString()); } boolean crlattrSet = false; ASN1EncodableVector crlName = new ASN1EncodableVector(); if (x509crl instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) x509crl; // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); } // // make sure we have a local key-id // if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) { Certificate ct = engineGetCertificate(name); bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); } Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); ASN1EncodableVector crlS = new ASN1EncodableVector(); crlS.add(oid); crlS.add(new DERSet(bagAttrs.getBagAttribute(oid))); crlName.add(new DERSequence(crlS)); crlattrSet = true; } } if (!crlattrSet) { // // set a default friendly name (from the key id) and local id // ASN1EncodableVector crlS = new ASN1EncodableVector(); Certificate ct = engineGetCertificate(name); crlS.add(pkcs_9_at_localKeyId); crlS.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); crlName.add(new DERSequence(crlS)); crlS = new ASN1EncodableVector(); crlS.add(pkcs_9_at_friendlyName); crlS.add(new DERSet(new DERBMPString(name))); crlName.add(new DERSequence(crlS)); } SafeBag crlsBag = new SafeBag(crlBag, crlbagInfo.toASN1Primitive(), new DERSet(crlName)); crlSeq.add(crlsBag); } byte[] CrlEncoded = new DERSequence(crlSeq).getEncoded(ASN1Encoding.DER); BEROctetString CrlString = new BEROctetString(CrlEncoded);
至此,CRL基本处理完成,添加到ContentInfo中即可:
// safebag 按顺序放入contentinfo // keyBag | pkcs8ShroudedKeyBag | certBag | crlBag | secretBag | safeContentsBag ContentInfo[] info = new ContentInfo[] {new ContentInfo(data, keyString),
new ContentInfo(encryptedData, cInfo.toASN1Primitive()),
new ContentInfo(data, CrlString)};
编写测试类,输出一个pfx:
package cn.com.infosec.PKCS12; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.FileOutputStream; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Security; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.Date; import org.bouncycastle.asn1.DERBMPString; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500NameBuilder; import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX500NameUtil; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; import org.bouncycastle.crypto.engines.DESedeEngine; import org.bouncycastle.crypto.engines.RC2Engine; import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS12PfxPdu; import org.bouncycastle.pkcs.PKCS12PfxPduBuilder; import org.bouncycastle.pkcs.PKCS12SafeBag; import org.bouncycastle.pkcs.PKCS12SafeBagBuilder; import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder; import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder; import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder; public class PKCS12 { private static KeyPair keyPair; private static KeyPair CAkeyPair; private static String BC = "BC"; private static char[] passwd = {'1', '2', '3', '4', '5', '6'}; private static String certPath = "d:/test.pfx"; private static String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate"; static { try { // Client 秘钥对 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(1024); keyPair = kpg.generateKeyPair(); // CA 秘钥对 KeyPairGenerator kpca = KeyPairGenerator.getInstance("RSA"); kpca.initialize(1024); CAkeyPair = kpca.generateKeyPair(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } public static void genPkx() throws Exception { PrivateKey privKey = keyPair.getPrivate(); PublicKey pubKey = keyPair.getPublic(); // 创建证书链 X509Certificate[] chain = createCertChain(pubKey); // 创建Pfx PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain); // // now try reading our object // KeyStore store = KeyStore.getInstance("PKCS12", "BC"); // initialize keystore with pfx store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd); // store.setKeyEntry("Eric's Key", privKey, passwd, chain); FileOutputStream fout = new FileOutputStream(certPath); store.store(fout, passwd); fout.close(); } private static X509Certificate[] createCertChain(PublicKey pubKey) throws Exception { PrivateKey caPrivKey = CAkeyPair.getPrivate(); PublicKey caPubKey = CAkeyPair.getPublic(); PrivateKey intPrivKey = keyPair.getPrivate(); PublicKey intPubKey = keyPair.getPublic(); X509Certificate[] chain = new X509Certificate[3]; chain[2] = createMasterCert(caPubKey, caPrivKey); chain[1] = createIntermediateCert(intPubKey, caPrivKey, chain[2]); chain[0] = createCert(pubKey, intPrivKey, intPubKey); return chain; } public static X509Certificate createMasterCert(PublicKey pubKey, PrivateKey privKey) throws Exception { // // signers name // String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate"; // // subjects name - the same as we are self signed. // String subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate"; // // create the certificate - version 3 // X509v3CertificateBuilder v1CertBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(subject), pubKey); // sign with GM X509CertificateHolder cert = v1CertBuilder .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); } public static X509Certificate createIntermediateCert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws Exception { // // subject name builder. // X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); subjectBuilder.addRDN(BCStyle.C, "AU"); subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); subjectBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate"); subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); // // create the certificate - version 3 // X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( JcaX500NameUtil.getIssuer(caCert), BigInteger.valueOf(2), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), subjectBuilder.build(), pubKey); // // extensions // JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey)); v3CertBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); X509CertificateHolder cert = v3CertBuilder .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); } public static X509Certificate createCert(PublicKey pubKey, PrivateKey caPrivKey, PublicKey caPubKey) throws Exception { // // signer name builder. // X500NameBuilder issuerBuilder = new X500NameBuilder(BCStyle.INSTANCE); issuerBuilder.addRDN(BCStyle.C, "AU"); issuerBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); issuerBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate"); issuerBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); // // subject name builder // X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); subjectBuilder.addRDN(BCStyle.C, "AU"); subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); subjectBuilder.addRDN(BCStyle.L, "Melbourne"); subjectBuilder.addRDN(BCStyle.CN, "Eric H. Echidna"); subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); // // create the certificate - version 3 // X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder(issuerBuilder.build(), BigInteger.valueOf(3), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), subjectBuilder.build(), pubKey); // // add the extensions // JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey)); v3CertBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(caPubKey)); X509CertificateHolder cert = v3CertBuilder .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); } private static PKCS12PfxPdu createPfx(PrivateKey privKey, PublicKey pubKey, X509Certificate[] chain) throws Exception { JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]); // Cert Bag // CA ta taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate")); PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]); // Inter ca caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate")); PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]); // user ee eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); // TODO PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder( PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd)); keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); // CRL Bag X509CRL crl = CrlBag(); X509CRLHolder acrl = new X509CRLHolder(crl.getEncoded()); PKCS12SafeBagBuilder crlBagBuilder = new PKCS12SafeBagBuilder(acrl.toASN1Structure()); crlBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); crlBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); // construct the actual key store // PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); PKCS12SafeBag[] certs = new PKCS12SafeBag[3]; certs[0] = eeCertBagBuilder.build(); certs[1] = caCertBagBuilder.build(); certs[2] = taCertBagBuilder.build(); // TODO pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder( PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs); pfxPduBuilder.addData(keyBagBuilder.build()); pfxPduBuilder.addData(crlBagBuilder.build()); return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd); } public static X509CRL CrlBag() throws Exception { FileInputStream fis = new FileInputStream("D:\\GIAG2.crl"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL aCrl = (X509CRL) cf.generateCRL(fis); return aCrl; } public static void main(String[] args) throws Exception { BouncyCastleProvider bcp = new BouncyCastleProvider(); Security.addProvider(bcp); genPkx(); } }
使用openssl查看:
OpenSSL> pkcs12 -in D:\test.pfx -info Enter Import Password: MAC:sha1 Iteration 1024 PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 51200 Bag Attributes localKeyID: F3 32 9A 1E EC 9C A8 E7 87 E2 73 28 74 AC E5 A7 8A 19 C2 A4 friendlyName: f3329a1eec9ca8e787e2732874ace5a78a19c2a4 Key Attributes: <No Attributes> Enter PEM pass phrase: Verifying - Enter PEM pass phrase: -----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXykO/vFWOcMCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMtSfWOttU3iBIICgBd5cr9SQN9l jdxNRqgqeb+Q8seSo2sDQVbhIggc/kUQgDuXgR71kNxnlqU/qtZul/DWZbCZTgGX 2V/vRO9bd3Y4/YNuxWBDRqxsD3rWWq0YNrkKyh0pApW/R5t1/AeQgADCSOzN5FLz fOLN76ZbDpxtQVitt09wu1I1F8ui7QicS3kwiCV6TQZHyoere7dv1QYt5mGmZnj9 luPRB6TcXMVKRnGYZki4AVx9Yc7XudC9pd5QPSlD4wJj3gap1mreOqvryxbU4dcl YLh+itTgeB4DIRzhj3liooJic+iNuICyULPpr3Tqj9JKbQFkICxZpQGhZ8L/AuXu aBC1jNdSLaMb+7PtCCXcH667A2zyUuD+/LLwqnvpfHFrYeelyFOY5nKC4UgsueHP t+MHldLYeJh/EzqoulbdTNTz90MocOgPgc6TBkfwlaiWOiLfLkFjkDjF1P64RxM9 PX1KoQDrsgIA2bEa28ZG0qUx/I6ENz9Nn/9IOV0uyWxct/WCEpdDIUSBJHbVHvX4 Nm+3rfOdK3av4vJTqGzaqRAGZQ7iAoHfOGhlnq6T1Q/Xs6SjCnLM7nARh0o0JE3q B7HDs2miXVzjZvYaT5or5tIsYm3WpLybx1gLtw4Bi98srnLQwuAQiQcwWL65+OT/ F9fBr3rQOzgQ8fauo/s6YWX/qwMuGPeK4KpZ7/F36rUGVzd5SiehZ0LIUJo+t6te iHT6q3JD+lADojXD5+Dvf5zGM35nnf+VjwnriBveVppenCm/nshwxo/gHWoBIRFL Q/VI3//vkl5mrfHyrt8fBCsp1mgkR3E9dL9lFKt3vw615bJm7olgWKvLjXHqyrPD gD1mYgrCH+E= -----END ENCRYPTED PRIVATE KEY----- PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 51200 Certificate bag Bag Attributes localKeyID: F3 32 9A 1E EC 9C A8 E7 87 E2 73 28 74 AC E5 A7 8A 19 C2 A4 friendlyName: f3329a1eec9ca8e787e2732874ace5a78a19c2a4 subject=/C=AU/O=The Legion of the Bouncy Castle/L=Melbourne/CN=Eric H. Echidna/emailAddress=feedback-crypto@bouncycastle.org issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Intermediate Certificate/emailAddress=feedback-crypto@bouncycastle.org -----BEGIN CERTIFICATE----- MIIC4jCCAkugAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCQVUx KDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNV BAsMH0JvdW5jeSBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0B CQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTE3MTIzMDAy MDU0NFoXDTE4MDIyODAyMDU0NFowgZYxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9U aGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3Vy bmUxGDAWBgNVBAMMD0VyaWMgSC4gRWNoaWRuYTEvMC0GCSqGSIb3DQEJARYgZmVl ZGJhY2stY3J5cHRvQGJvdW5jeWNhc3RsZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAIxalHTxlstm+f3wwL7R9LmTKqz3VGQsMxQU0uLybDMBgeWdpatm yvHud+0oOzrfwaGzcduRUx7+0B1cnzMCvM3snVxUcGJmH/gcF5+pBXOPIbBlfyKY gwnUx/B4QyOxZKkoZ93yf/fhlldWNkWwjfN3YqSGGpPie8nWCSPX0iPNAgMBAAGj QjBAMB0GA1UdDgQWBBTzMpoe7Jyo54ficyh0rOWnihnCpDAfBgNVHSMEGDAWgBTz Mpoe7Jyo54ficyh0rOWnihnCpDANBgkqhkiG9w0BAQUFAAOBgQBImpjBAY5P7ol0 Dfnu4jTgaedgpss5oC9zsi4RC8NOan040o1WVNif2924TMaSv5B5oyiZWUGJLt1r JLCfYtZX3dAwWpIFnKPSXPcezcTorUWTD78f7+Qs6aax5arN6inxC8LzEWOzeyRw MpOmsgTMhDJjltNNAnF6jOe6rxDALg== -----END CERTIFICATE----- Certificate bag Bag Attributes friendlyName: Bouncy Primary Certificate subject=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJBVTEo MCYGA1UECgwfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UE CwwaQm91bmN5IFByaW1hcnkgQ2VydGlmaWNhdGUwHhcNMTcxMjMwMDIwNTQ0WhcN MTgwMjI4MDIwNTQ0WjBcMQswCQYDVQQGEwJBVTEoMCYGA1UECgwfVGhlIExlZ2lv biBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECwwaQm91bmN5IFByaW1hcnkg Q2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZeos3VmEH5 ArZnt5y5XwvHmdUPg0WNxSAe33xwipx33ge1tT9MYyDkXOvmywk234D9uAyblkY/ HvMAapNrGbVk6C5NRCpFjwW1YWa92DMWi9RDetMnDw1cv+WkaQqLbeaaeEhoZ2OB HrvzKJhiB8d02c6T3KO6araImqMBD9d5AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA axNdt0JvRmdw67VvoioAiY8c0iTy0/Ic2cINDhBeMlyX6eiseCpovDzcIZVS8C57 o1eSjwuaBy5WwDQOvQbZ74pVO1setHo6tfRpmigwc1u6gaDxxKL50PyZ22PS550u 46f3rw+XjhGfoQwileXMPJ8hJHqMZQuHjsAy4+eJS3c= -----END CERTIFICATE----- Certificate bag Bag Attributes friendlyName: Bouncy Intermediate Certificate subject=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Intermediate Certificate/emailAddress=feedback-crypto@bouncycastle.org issuer=/C=AU/O=The Legion of the Bouncy Castle/OU=Bouncy Primary Certificate -----BEGIN CERTIFICATE----- MIIDIzCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJBVTEo MCYGA1UECgwfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UE CwwaQm91bmN5IFByaW1hcnkgQ2VydGlmaWNhdGUwHhcNMTcxMjMwMDIwNTQ0WhcN MTgwMjI4MDIwNTQ0WjCBkjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdp b24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNVBAsMH0JvdW5jeSBJbnRlcm1l ZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0 b0Bib3VuY3ljYXN0bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM WpR08ZbLZvn98MC+0fS5kyqs91RkLDMUFNLi8mwzAYHlnaWrZsrx7nftKDs638Gh s3HbkVMe/tAdXJ8zArzN7J1cVHBiZh/4HBefqQVzjyGwZX8imIMJ1MfweEMjsWSp KGfd8n/34ZZXVjZFsI3zd2KkhhqT4nvJ1gkj19IjzQIDAQABo4G9MIG6MB0GA1Ud DgQWBBTzMpoe7Jyo54ficyh0rOWnihnCpDCBhAYDVR0jBH0we4AULrvQaIUwE+yo EpZVQuovt3Dj2mGhYKReMFwxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVn aW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMSMwIQYDVQQLDBpCb3VuY3kgUHJpbWFy eSBDZXJ0aWZpY2F0ZYIBATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB BQUAA4GBADkgMlIUOSub1ypi8RlKfBl54SennqwOSfDu63W0cbkLF2uCOxRTTLQo gCoTwMOUrO/9xWEnY78iS1KXO8+yhZuTFKRjzO4DXUOLgSVQdfoxi9rZtZIfjCaT wHLSzOEYWO3lOAov61uZDzijrzJdQidocbAxdMHdSR5jSJ2M1xtn -----END CERTIFICATE----- PKCS7 Data Warning unsupported bag type: crlBag
OPENSSL现阶段是无法读取crlBag的,现阶段可能实际场景应用极少。加就加上了。
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:2018年网易Java笔试题
下一篇:在Linux下JDK安装
- 基于数据库的代码自动生成工具,生成JavaBean、生成数据库文 2020-05-31
- 数据分析 | 基于智能标签,精准管理数据 2020-05-30
- 不用找了,基于 Redis 的分布式锁实战来了! 2020-05-26
- Spring02_基于XML的IOC 2020-05-24
- Spring 基于自动装配的依赖注入详解 [自动装配模式搞不懂? 2020-05-20
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash