在文件中写入PEM编码的证书 - java [英] Write PEM encoded certificate in file - java

问题描述

美好的一天。

我最近使用bouncy castle API创建X.509证书。

I recently create X.509 certificate by using bouncy castle API.

需要保存证书结果而不显示结果。

I need to save the certificate result rather than display the result.

我试图使用FileOutputStream，但它不工作。

I tried to use FileOutputStream, but it does not work.

认为

结果如下

----- BEGIN CERTIFICATE --- -
MIICeTCCAeKgAwIBAgIGATs8OWsXMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMT ...

-----BEGIN CERTIFICATE----- MIICeTCCAeKgAwIBAgIGATs8OWsXMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMT...

----- END CERTIFICATE -----

-----END CERTIFICATE-----

代码如下

import java.io.FileOutputStream;
//example of a basic CA


public class PKCS10CertCreateExample
{
    public static X509Certificate[] buildChain() throws Exception
    {
        //create the certification request
        KeyPair pair = chapter7.Utils.generateRSAKeyPair();
        PKCS10CertificationRequest request =
PKCS10ExtensionExample.generateRequest(pair);

        //create a root certificate
        KeyPair rootPair=chapter7.Utils.generateRSAKeyPair();
        X509Certificate rootCert = X509V1CreateExample.generateV1Certificate
(rootPair);

        //validate the certification request
        if(!request.verify("BC"))
        {
            System.out.println("request failed to verify!");
            System.exit(1);
        }

        //create the certificate using the information in the request
        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        certGen.setIssuerDN(rootCert.getSubjectX500Principal());
        certGen.setNotBefore(new Date(System.currentTimeMillis()));
        certGen.setNotAfter(new Date(System.currentTimeMillis()+50000));
        certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
        certGen.setPublicKey(request.getPublicKey("BC"));
        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        //certGen.addExtension(X509Extensions.KeyUsage, true, new BasicConstraints(false));
        certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
        certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));

        //extract the extension request attribute
        ASN1Set attributes = request.getCertificationRequestInfo().getAttributes();

        for(int i=0;i!=attributes.size();i++)
        {
           Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));

           //process extension request
           if(attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest))
           {
                   X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));

                   Enumeration<?> e = extensions.oids();
                   while(e.hasMoreElements())
                   {
                       DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
                       X509Extension ext = extensions.getExtension(oid);

                       certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
                   }   
               }       
           }
        X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate());
        return new X509Certificate[]{issuedCert, rootCert};
        }


        public static void main(String[] args) throws Exception
        {
            X509Certificate[] chain = buildChain();
            PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
            pemWrt.writeObject(chain[0]);
            //pemWrt.writeObject(chain[1]);
            pemWrt.close();

            //write it out
            //FileOutputStream fOut = new FileOutputStream("pkcs10req.req");
            //fOut.write(chain[0].toString());
            //fOut.write()
            //System.out.println(chain[0].toString());          
            //fOut.close();


        }

    }

推荐答案

插入以下方法..

    public static void pemEncodeToFile(String filename, Object obj, char[] password) throws Exception{
    PEMWriter pw = new PEMWriter(new FileWriter(filename));
       if (password != null && password.length > 0) {
           pw.writeObject(obj, "DESEDE", password, new SecureRandom());
       } else {
           pw.writeObject(obj);
       }
       pw.flush();
       pw.close();
    }

并像这样调用pemEncodeToFile方法。

and call the pemEncodeToFile method like this.

pemEncodeToFile("pkcs10.pem", chain[0], null);

这篇关于在文件中写入PEM编码的证书 - java的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！