java 获取X509证书序列号
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3431985/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
get X509Certificate serial number
提问by Denis
I need to get serial number of x509 certificate. The result of usage "certificate.getSerialNumber()" differs from the expected. As I see X509 certificate file specs, it should go in following format:
我需要获得 x509 证书的序列号。使用“certificate.getSerialNumber()”的结果与预期不同。当我看到 X509 证书文件规范时,它应该采用以下格式:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3
}
And I couldn't find in the begining of the file the value that is provided by certificate.getSerialNumber() method.
而且我在文件的开头找不到由 certificate.getSerialNumber() 方法提供的值。
And related question: When trying to display the serial with openssl it takes right value from file but adds '3' after each number.
和相关问题:当尝试使用 openssl 显示序列时,它从文件中获取正确的值,但在每个数字后添加“3”。
So my question is: How can I get the stored serial value? And where to read why and how openssl and java modifies this data.
所以我的问题是:如何获取存储的序列值?以及在哪里阅读 openssl 和 java 修改这些数据的原因和方式。
OPENSSL
开放式SSL
Run with:
运行:
openssl x509 -serial -noout -inform DER -in mycert.cer
Result:
结果:
serial=3030303031303030303030313030373439323639
JAVA
爪哇
Code:
代码:
InputStream in = new FileInputStream("mycert.cer");
BouncyCastleProvider provider = new BouncyCastleProvider();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", provider);
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(in);
BigInteger serialNum = certificate.getSerialNumber();
System.out.println(serialNum);
Output:
输出:
275106190557734483187066766755592068430195471929
FILE
文件
And viewing the file, I see:
查看文件,我看到:
0...0..r.......000010000001007492690
. *.H..
..
which seems to be the serial, provided by openssl but openssl mix it with '3'(after each number).
这似乎是由 openssl 提供的序列号,但 openssl 将其与“3”(在每个数字之后)混合。
回答by Erick Eduardo Garcia
I had the same problem with ruby and found the answer here in java X509 serial number using java
我在使用 ruby 时遇到了同样的问题,并使用 java在 java X509 序列号中找到了答案
For those who wants the solution in ruby
对于那些想要 ruby 解决方案的人
serial = 275106190557734483187066766755592068430195471929
serial.to_s(16)
this will output 3030303031303030303030313030373439323639
这将输出 3030303031303030303030313030373439323639
回答by user207421
Java doesn't modify this data. I'd be amazed if openssl did either. Presumably your expectations are incorrect.
Java 不会修改这些数据。如果 openssl 也这样做,我会感到惊讶。大概你的期望是不正确的。
