我有一个经过自我验证的root ca证书,并且可能由root ca颁发了签名证书,两者均使用签名算法:SHA256WITHECDSA
当我使用openssl verify -verbose -CAfile ./localhost-7054.pem ./cert.pem时说./cert.pem: OK
当我使用Java代码进行验证时,结果令人失望,这是我的代码,有人可以帮我吗?
public void test() throws Exception {
String orgPath = "C:\\Disk\\other\\test\\peerOrganizations\\org1.cnabs.com\\users\\Admin@org1.cnabs.com\\msp\\";
String caPath = "C:\\Disk\\other\\test\\peerOrganizations\\org1.cnabs.com\\users\\Admin@org1.cnabs.com\\msp\\";
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");
X509CertificateHolder orgHolder = getCertificate(orgPath, "signcerts");
X509Certificate orgX509 = converter.getCertificate(orgHolder);
X509CertificateHolder caHolder = getCertificate(caPath, "cacerts");
X509Certificate caX509 = converter.getCertificate(caHolder);
// exception: certificate does not verify with supplied key
orgX509.verify(caX509.getPublicKey());
}
以下是ca的pem格式:
-----BEGIN CERTIFICATE-----
MIICFzCCAb2gAwIBAgIUDxMZ0vUzR0+rXeF7g5JxE8rVbbIwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE5MDUyODEyNTYwMFoXDTM0MDUyNDEyNTYwMFowaDELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMtY2Etc2Vy
dmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJjvObbd9JPeyyxkckVutSN+F
e1Lzukj86byHXwLN4ycsPGQHxChX7+d29mPRlLk6phpd2a04qlLkzmHaggYdQKNF
MEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
FOkaD9beSTmpBruJEkATsyJhS7RIMAoGCCqGSM49BAMCA0gAMEUCIQC4GMwPWZPA
6ldjFjzeyhcfAYarfv9HIiROsWA5JsluCwIgeYA0tvBYLJWEAY1P7jqTvhL1as4T
+FRbmaqpy0x+2M4=
-----END CERTIFICATE-----
并以pem格式签名的证书:
-----BEGIN CERTIFICATE-----
MIIDATCCAqegAwIBAgIUQ2+E2w4UzqnFKJf/fLQBEDg520QwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE5MDUyODEzMDkwMFoXDTIwMDUyNzEzMTQwMFowgZMxCzAJ
BgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlw
ZXJsZWRnZXIxNjANBgNVBAsTBmNsaWVudDAKBgNVBAsTA2NvbTAMBgNVBAsTBWNu
YWJzMAsGA1UECxMEb3JnMTEdMBsGA1UEAwwUQWRtaW5Ab3JnMS5jbmFicy5jb20w
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASQx4A/d1Oux59CUQ/6aRcY/S72KdBp
wHA3EPzTee+bPOd4CVmbPLw5dBgKw2nLmoYRjaqKypfpA02GLTVHMU2co4IBATCB
/jAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUH3XSkfVy
bG5UEGjFFlr1d5SlHWgwHwYDVR0jBBgwFoAU6RoP1t5JOakGu4kSQBOzImFLtEgw
FwYDVR0RBBAwDoIMZTMxYTA3ZjkwNmM0MIGEBggqAwQFBgcIAQR4eyJhdHRycyI6
eyJoZi5BZmZpbGlhdGlvbiI6ImNvbS5jbmFicy5vcmcxIiwiaGYuRW5yb2xsbWVu
dElEIjoiQWRtaW5Ab3JnMS5jbmFicy5jb20iLCJoZi5UeXBlIjoiY2xpZW50Iiwi
cm9sZSI6ImFkbWluIn19MAoGCCqGSM49BAMCA0gAMEUCIQD2Z/hOz7dU6LozA+/E
4peBek58BBEbLql7YbQvBb74DQIgd9epGAAxWWhZyNWBr492ivR6aJT4A+BVdNMK
UEDirqk=
-----END CERTIFICATE-----
我只需要在Java中验证签名证书是否有效,有人可以帮助我吗?