Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to load public certificate from pem file?

Tags:

java

ssl

cryptography

public-key

bouncycastle

I was trying to extract RES public key from the file below

-----BEGIN CERTIFICATE----- MIIGwTCCBamgAwIBAgIQDlV4zznmQiVeF45Ipc0k7DANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEyMTAzMDAwMDAwMFoXDTE1MTEwNDEyMDAwMFowgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEQMA4GA1UEBxMHSG91c3RvbjEpMCcGA1UEChMgVmFsZXJ1cyBDb21wcmVzc2lvbiBTZXJ2aWNlcywgTFAxCzAJBgNVBAsTAklUMRkwFwYDVQQDDBAqLnZhbGVydXMtY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GR2NKV9GwVHBtpvgBUdVVbd6qeh6aKOS/r5TIKFd3vFBGjC7cWYwF26F0YFvrAP262Yu+oDRTeuSKwyHmegD7aTSOyCTOva69WcnKYRmNfHsnnGRa5z4v9EKc1RbNcwIrDUz8zcdHdP6AO8JJgLreWyBl15WXdxAr3yNbwoyJTbWk2ToC64LASP+8SQQTRszg762FIbhZ8xda8KKGAyC29/FOcLIttoBANT4hEwvcRLKOxAA8tg322Dla1XU2gnxWP2dSuLEflGRcEovPjGqxCzuGe0aN8Lg7aKwgCR1OYXmGiKCNHupHkN7A+QrD8zrxKUFd1UiyLcIovYhadcdQIDAQABo4IDTDCCA0gwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFKKX1d9m6kHUjxQ1OpzXgNRbNGR4MCsGA1UdEQQkMCKCECoudmFsZXJ1cy1jby5jb22CDnZhbGVydXMtY28uY29tMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcxNi5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzE2LmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAEBMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBALdCoLlXX4Sg8pKcqlT8l1MHbS2rsnw03R8lVQBQqcJimE9VZqDdoLfEPASIEMQbl40T6RHb4tFuZNjP2y4Fy3jMAYf1yajZAtAd5OLOMU39cgZQY2J8QCeEVKt8qbH6P32/2yyuh4hcNL4Vz8G0MTzwVUjz8WVmUBHAQSpS0T9oDKkwvmrkPGJFVuBxCRDKYb/23O8EKKzSTiO37VbCaeFUrTuWc8tGP8XDqRdj2yefiVqcNp4xr2tq9ZhJcISWODqO4fzt6vPOwgdnY3fbPLeH2tZoZTSCPURAadoNOAIC6fCLFlHjLuRGkxWIHMX3QnrrVD8pC7FnDO09q/aADew= -----END CERTIFICATE-----

Here is the code i did..

public static PublicKey loadPublicKeyFromFile(File publicKeyFile) throws Exception {      FileReader file = new FileReader(publicKeyFile);     PemReader reader = new PemReader(file);     X509EncodedKeySpec caKeySpec = new X509EncodedKeySpec(reader.readPemObject().getContent());     KeyFactory kf = KeyFactory.getInstance("RSA");     PublicKey caKey = kf.generatePublic(caKeySpec);     return caKey; }

But It throws out

java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID

What's the appropriate way to extract RES Public key from a file..

like image 388
surendhar_s Avatar asked Jun 10 '14 09:06

surendhar_s

People also ask

Does PEM include public key?

The PEM file supplied to the Hybrid Data Pipeline server must include the SSL certificate private and public keys, any intermediate certificates, and the root certificate. A PEM encoded file includes Base64 data.

2 Answers

An X.509 certificate and an X509EncodedKeySpec are quite different structures, and trying to parse a cert as a key won't work. Java's X509EncodedKeySpec is actually SubjectPublicKeyInfo from X.509 or equivalent and more convenient PKIX also linked from Key, which is only a small part of a certificate.

What you need to do is read and parse the cert and then extract the pubkey from the cert. Standard SunJCE CertificateFactory can do it (and can read either PEM or DER to boot) like this:

CertificateFactory fact = CertificateFactory.getInstance("X.509"); FileInputStream is = new FileInputStream (args[0]); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); PublicKey key = cer.getPublicKey(); is.close(); // add error handling as appropriate, try-with-resources is often good

If you have BouncyCastle you can use its provider the same way (just add a second argument to .getInstance or set the default provider list order), or you can use PEMParser with JcaX509CertificateConverter -- which effectively does the same thing, internally running the data through a CertificateFactory.

like image 131
dave_thompson_085 Avatar answered Sep 19 '22 10:09

dave_thompson_085

With Sun JVM it is also possible with

import java.security.cert.X509Certificate; import sun.security.x509.X509CertImpl;  InputStream is = ... X509Certificate crt = new X509CertImpl(is);

, although I'd prefer the accepted answer as JVM implementation-independent one.

Under the hood, in Sun JVM, CertificateFactory(more precisely, X509Factory) does instantiate X509CertImpl , but there is very subtle difference between the two approaches: CertificateFactory caches X509 Certificate instances by binary content of the input stream, the one that can be retrieved by cer.getEncoded().

The cache can be cleared by

fact.generateCertificate(null);
like image 35
igor.zh Avatar answered Sep 18 '22 10:09

igor.zh
Sign in to Comment

Related questions

Lombok annotation @Getter for boolean field
Order of loading jar files from lib directory
Get application context from non activity singleton class
In Java does anyone use short or byte?
Converting from HashSet<String> to String[]
How to parse a String containing XML in Java and retrieve the value of the root node?
How to get the version number of JavaFX?
How do I properly load a BufferedImage in java?
Inspect in memory hsqldb while debugging
Why does dividing a float by an integer return 0.0?
Proguard keep class names?
Comparing two hashmaps for equal values and same key sets?
How do I turn on line numbers permanently in IntelliJ 14? [duplicate]
Stream groupingBy: reducing to first element of list [duplicate]
In simplest terms, what is a factory?
How to map a JSON column with H2, JPA, and Hibernate
Spring configure @ResponseBody JSON format
Hibernate @NotEmpty annotation equivalent in Javax.package or alternative
Strange sbt bug where I cannot import sbt project due to keys colliding with themselves
Hibernate Delete query

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!