问题描述
我想根据其公钥获取S/MIME证书的电子邮件地址和到期日期.这种办法甚至可能吗?还是我完全错了?我可以解密公共密钥以通过Java获得此类数据吗?
I would like to get the email address and expire date to a S/MIME certificate based on it's public key. Is this aproach even possible? Or am I totally wrong? Can I decrypt the public key to get these kind of data via java?
我在Google中进行了搜索,阅读了Wiki页面,并阅读了有关oracle s/mime项目的信息.但是它并没有像它可能的那样接缝.这些数据仅在csr中可用吗?
I searched in google, read the wiki pages and read about an oracle s/mime project. But it doesn't seam like its possible. Are those data only availabe in the csr??
预先感谢
推荐答案
我很惊讶这不是一个骗子,但我找不到一个好的.
I'm amazed this isn't a dupe, but I couldn't find a good one.
尽管Bouncy很好,并且如果要使用它也具有许多功能,但是核心Java可以永远处理X.509证书.对于 PEM或DER格式(尽管javadoc尚不清楚)中的文件(或可以作为流访问的任何文件)中的证书,您需要的是 CertificateFactory :
Although Bouncy is fine and has many features if you want to use it, core Java can handle X.509 certificates since forever. For a cert in a file (or anything that can be accessed as a Stream) in either PEM or DER format (although the javadoc isn't clear on that) all you need is CertificateFactory:
CertificateFactory fact = CertificateFactory.getInstance("X.509");
// from a real file
InputStream is = new FileInputStream ("filename");
Certificate cert = fact.generateCertificate(is);
is.close(); // or use try-resources to do automatically
// from an alternate/custom filesystem, such as a ZIP
Path p = Paths.get("somespecification"); // or any other creation of a Path
InputStream is = Files.newInputStream(p); // add open options if needed
// same as before
// from the classpath (usually a JAR)
InputStream is = ClassLoader /*or any Class<?> object*/ .getResourceAsStream("name");
// same as before
// from a byte[] in memory
InputStream is = new ByteArrayInputStream (bytearray);
// same as before, except don't really need to close
// you get the idea
尽管像这样的JCA API被定义为允许很多扩展,但阅读X.509证书实际上不仅会给您 Certificate
,还会给您 X509Certificate
从中, .getNotAfter()
直接给出失效日期时间.电子邮件地址(如果存在)(通常不是X.509证书所必需的,但在用于S/MIME的证书中应始终如此)通常是主题名称中的一个属性,该名称实际上具有内部结构,Java不允许您直接接触,因此您需要:
Although JCA APIs like this one are defined to allow a lot of extension, reading an X.509 cert will actually give you not just Certificate
but subclass X509Certificate
from which .getNotAfter()
gives the expiration date-time directly. The email address if present (which isn't required by X.509 certs in general, but should always be the case in a cert used for S/MIME) will usually be an attribute in the subject name, which actually has internal structure that Java doesn't let you get at directly so you need to:
String x500name = ((X509Certificate)cert).getSubjectX500Principal()) .toString();
// simple case: no multivalue RDN, no reserved chars ,+="<>\;# or extra spaces
for( String attr : x500name.split(", ") )
if( attr.startsWith("EMAILADDRESS=") )
... use attr.substring(13) ...
// other cases require slightly more complicated parsing
请注意,尽管许多人使用解密"来描述不熟悉的密码,但X.509中根本没有加密,因此也没有实际的解密.
Note there is no encryption at all in X.509, and thus no actual decryption, although many people use 'decrypt' to describe anything unfamiliar not an actual cipher.
这篇关于有没有办法解密S/MIME公钥数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!