在哪里可以找到我在本地创建的 X.509 证书的详细信息?
Where can I find details of an X.509 certificate I created locally?
我是使用证书进行身份验证的新手。如果我的问题没有意义,请纠正我。
我在本地创建了 2048 位 X.509 证书。我有 server.crt 、 server.key 、 server.key.org 和 mycert.pfx (mycert.pfx 包含 public 和私钥,我正在使用该文件在我的代码中)。
现在我有一个 Java 应用程序,代码如下:
String tenant="f6377xxx-aeb2-4a8a-be8a-7xxxxa60be3";
String authority = "https://login.windows.net/"+tenant+"/oauth2/authorize";
ExecutorService service=null;
service= Executors.newFixedThreadPool(1);
try
{
AuthenticationContext authenticationContext =
new AuthenticationContext(authority,false,service);
String certFile="/projects/mycert.pfx";
InputStream pkcs12Cert= new SharedFileInputStream(certFile);
AsymmetricKeyCredential credential = AsymmetricKeyCredential.create(
"xxxx-e53c-45b7-432-7b91d93674b6", pkcs12Cert, "password");
Future<AuthenticationResult> future = authenticationContext.acquireToken(
"https://outlook.office365.com", credential, null);
System.out.println("Token Received"+future.get().getAccessToken());
String token=future.get().getAccessToken();
此代码正在尝试向 Office 365 进行身份验证 API。为此,我在 Azure 上创建了一个带有租户 ID 和其他信息的应用程序。现在上面的代码抛出以下异常。
com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'H6383KO9763C6E4KIE8363032D6', Configured keys: []]\r\nTrace ID: 76YT3GG-7b8b-JDU73-afeb-JDUEY7372\r\nCorrelation ID: 7H3Y743-a5b7-KD98-88ba-HDUYE7663\r\nTimestamp: 2016-08-31 23:56:50Z","error":"invalid_client"}
原因是我没有在服务器端(即 Azure AD 应用程序)上传证书。我按照 this tutorial 找到了一个解决方案,该解决方案显示我必须下载清单文件,使用证书对其进行编辑,然后将其上传到 Azure 服务器。
问题是我不知道从哪里获取证书中以下密钥的值。你能帮我找到 customKeyIdentifier、keyId 和 value 吗?
"keyCredentials": [
{
"customKeyIdentifier": "$base64Thumbprint_from_above",
"keyId": "$keyid_from_above",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": "$base64Value_from_above"
}
],
我找到了以下源代码来生成我正在寻找的 keyCredentials 中的 key/values。虽然您需要先生成证书。然后 运行 代码和您的 keyCredentials 内容应该在 keycredentials.txt 文件中。
@Test
public void testGenerateKeyCredentials(){
String certFile = "/etc/abc/server2.crt";
System.out.printf("Generating keyCredentials entry from %s\n", certFile);
try {
FileInputStream certFileIn = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(certFileIn);
// Generate base64-encoded version of the cert's data
// for the "value" property of the "keyCredentials" entry
byte[] certData = cert.getEncoded();
String certValue = Base64.getEncoder().encodeToString(certData);
System.out.println("Cert value: " + certValue);
// Generate the SHA1-hash of the cert for the "customKeyIdentifier"
// property of the "keyCredentials" entry
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(certData);
String certCustomKeyId = Base64.getEncoder().encodeToString(md.digest());
System.out.println("Cert custom key ID: " + certCustomKeyId);
FileWriter fw = new FileWriter("keycredentials.txt", false);
PrintWriter pw = new PrintWriter(fw);
pw.println("\"keyCredentials\": [");
pw.println(" {");
pw.println(" \"customKeyIdentifier\": \"" + certCustomKeyId + "\",");
pw.println(" \"keyId\": \"" + UUID.randomUUID().toString() + "\",");
pw.println(" \"type\": \"AsymmetricX509Cert\",");
pw.println(" \"usage\": \"Verify\",");
pw.println(" \"value\": \"" + certValue + "\"");
pw.println(" }");
pw.println("],");
pw.close();
System.out.println("Key credentials written to keycredentials.txt");
} catch (FileNotFoundException e) {
System.out.printf("ERROR: Cannot find %s\n", certFile);
} catch (CertificateException e) {
System.out.println("ERROR: Cannot instantiate X.509 certificate");
} catch (NoSuchAlgorithmException e) {
System.out.println("ERROR: Cannot instantiate SHA-1 algorithm");
} catch (IOException e) {
System.out.println("ERROR: Cannot write to keycredentials.txt");
}
}
certCustomKeyId 和 certValue 的更短 C# 代码:
String certFile = "/etc/abc/server2.crt";
X509Certificate cert = new X509Certificate();
cert.Import(certFile);
String certValue = Convert.ToBase64String(cert.GetRawCertData());
Console.WriteLine("Cert value: " + certValue);
String certCustomKeyId = Convert.ToBase64String(cert.GetCertHash());
Console.WriteLine("customKeyIdentifier: " + certCustomKeyId);
Console.WriteLine("keyId:" + System.Guid.NewGuid());
我收到此错误(无效签名...未找到密钥)的原因是我使用了错误的client/application ID 当我在做类似的事情时:
var adal = require('adal-node');
var authorityURL = '...';
var context = new adal.AuthenticationContext(authorityURL);
context.acquireTokenAsync(resourceURL, clientId, key, thumbprint);
按照this procedure(从步骤 1.1 开始)
之后,其他一切都很好
我是使用证书进行身份验证的新手。如果我的问题没有意义,请纠正我。
我在本地创建了 2048 位 X.509 证书。我有 server.crt 、 server.key 、 server.key.org 和 mycert.pfx (mycert.pfx 包含 public 和私钥,我正在使用该文件在我的代码中)。
现在我有一个 Java 应用程序,代码如下:
String tenant="f6377xxx-aeb2-4a8a-be8a-7xxxxa60be3";
String authority = "https://login.windows.net/"+tenant+"/oauth2/authorize";
ExecutorService service=null;
service= Executors.newFixedThreadPool(1);
try
{
AuthenticationContext authenticationContext =
new AuthenticationContext(authority,false,service);
String certFile="/projects/mycert.pfx";
InputStream pkcs12Cert= new SharedFileInputStream(certFile);
AsymmetricKeyCredential credential = AsymmetricKeyCredential.create(
"xxxx-e53c-45b7-432-7b91d93674b6", pkcs12Cert, "password");
Future<AuthenticationResult> future = authenticationContext.acquireToken(
"https://outlook.office365.com", credential, null);
System.out.println("Token Received"+future.get().getAccessToken());
String token=future.get().getAccessToken();
此代码正在尝试向 Office 365 进行身份验证 API。为此,我在 Azure 上创建了一个带有租户 ID 和其他信息的应用程序。现在上面的代码抛出以下异常。
com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'H6383KO9763C6E4KIE8363032D6', Configured keys: []]\r\nTrace ID: 76YT3GG-7b8b-JDU73-afeb-JDUEY7372\r\nCorrelation ID: 7H3Y743-a5b7-KD98-88ba-HDUYE7663\r\nTimestamp: 2016-08-31 23:56:50Z","error":"invalid_client"}
原因是我没有在服务器端(即 Azure AD 应用程序)上传证书。我按照 this tutorial 找到了一个解决方案,该解决方案显示我必须下载清单文件,使用证书对其进行编辑,然后将其上传到 Azure 服务器。
问题是我不知道从哪里获取证书中以下密钥的值。你能帮我找到 customKeyIdentifier、keyId 和 value 吗?
"keyCredentials": [
{
"customKeyIdentifier": "$base64Thumbprint_from_above",
"keyId": "$keyid_from_above",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": "$base64Value_from_above"
}
],
我找到了以下源代码来生成我正在寻找的 keyCredentials 中的 key/values。虽然您需要先生成证书。然后 运行 代码和您的 keyCredentials 内容应该在 keycredentials.txt 文件中。
@Test
public void testGenerateKeyCredentials(){
String certFile = "/etc/abc/server2.crt";
System.out.printf("Generating keyCredentials entry from %s\n", certFile);
try {
FileInputStream certFileIn = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(certFileIn);
// Generate base64-encoded version of the cert's data
// for the "value" property of the "keyCredentials" entry
byte[] certData = cert.getEncoded();
String certValue = Base64.getEncoder().encodeToString(certData);
System.out.println("Cert value: " + certValue);
// Generate the SHA1-hash of the cert for the "customKeyIdentifier"
// property of the "keyCredentials" entry
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(certData);
String certCustomKeyId = Base64.getEncoder().encodeToString(md.digest());
System.out.println("Cert custom key ID: " + certCustomKeyId);
FileWriter fw = new FileWriter("keycredentials.txt", false);
PrintWriter pw = new PrintWriter(fw);
pw.println("\"keyCredentials\": [");
pw.println(" {");
pw.println(" \"customKeyIdentifier\": \"" + certCustomKeyId + "\",");
pw.println(" \"keyId\": \"" + UUID.randomUUID().toString() + "\",");
pw.println(" \"type\": \"AsymmetricX509Cert\",");
pw.println(" \"usage\": \"Verify\",");
pw.println(" \"value\": \"" + certValue + "\"");
pw.println(" }");
pw.println("],");
pw.close();
System.out.println("Key credentials written to keycredentials.txt");
} catch (FileNotFoundException e) {
System.out.printf("ERROR: Cannot find %s\n", certFile);
} catch (CertificateException e) {
System.out.println("ERROR: Cannot instantiate X.509 certificate");
} catch (NoSuchAlgorithmException e) {
System.out.println("ERROR: Cannot instantiate SHA-1 algorithm");
} catch (IOException e) {
System.out.println("ERROR: Cannot write to keycredentials.txt");
}
}
certCustomKeyId 和 certValue 的更短 C# 代码:
String certFile = "/etc/abc/server2.crt"; X509Certificate cert = new X509Certificate();
cert.Import(certFile);
String certValue = Convert.ToBase64String(cert.GetRawCertData());
Console.WriteLine("Cert value: " + certValue);
String certCustomKeyId = Convert.ToBase64String(cert.GetCertHash()); Console.WriteLine("customKeyIdentifier: " + certCustomKeyId);
Console.WriteLine("keyId:" + System.Guid.NewGuid());
我收到此错误(无效签名...未找到密钥)的原因是我使用了错误的client/application ID 当我在做类似的事情时:
var adal = require('adal-node');
var authorityURL = '...';
var context = new adal.AuthenticationContext(authorityURL);
context.acquireTokenAsync(resourceURL, clientId, key, thumbprint);
按照this procedure(从步骤 1.1 开始)
之后,其他一切都很好