使用BouncyCastle和Java生成X509Certificate [英] Generating X509Certificate with BouncyCastle with Java

查看：407 发布时间：2017/1/16 11:24:38 java security encryption cryptography digital-certificate

本文介绍了使用BouncyCastle和Java生成X509Certificate的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

这是我现在正在生成的数字证书。现在我可以生成一个带有私钥密码保护的数字证书。

This is what I have right now to generate a digital certificate. And now I'm able to generate a digital certificate with password protected for private key.

public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    testKeyStore();
}

public static void testKeyStore() throws Exception {
    try {
        String storeName = "d://suresh_test.cer";
        java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
                .getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        X509Certificate trustCert = createCertificate("CN=CA", "CN=CA",
                publicKey, privateKey);
        java.security.cert.Certificate[] outChain = {
                createCertificate("CN=Client", "CN=CA", publicKey,
                        privateKey), trustCert };
        KeyStore outStore = KeyStore.getInstance("PKCS12");
        outStore.load(null, "suresh_".toCharArray());
        outStore.setKeyEntry("mykey", privateKey, "suresh_".toCharArray(),
                outChain);
        OutputStream outputStream = new FileOutputStream(storeName);
        outStore.store(outputStream, "suresh_".toCharArray());
        outputStream.flush();
        outputStream.close();

        KeyStore inStore = KeyStore.getInstance("PKCS12");
        inStore.load(new FileInputStream(storeName),
                "suresh_".toCharArray());
    } catch (Exception e) {
        e.printStackTrace();
        throw new AssertionError(e.getMessage());
    }
}

private static X509Certificate createCertificate(String dn, String issuer,
        PublicKey publicKey, PrivateKey privateKey) throws Exception {
    X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
    certGenerator.setSerialNumber(BigInteger.valueOf(Math.abs(new Random()
            .nextLong())));
    certGenerator.setIssuerDN(new X509Name(dn));
    certGenerator.setSubjectDN(new X509Name(dn));
    certGenerator.setIssuerDN(new X509Name(issuer)); // Set issuer!
    certGenerator.setNotBefore(Calendar.getInstance().getTime());
    certGenerator.setNotAfter(Calendar.getInstance().getTime());
    certGenerator.setPublicKey(publicKey);
    certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
    X509Certificate certificate = (X509Certificate) certGenerator.generate(
            privateKey, "BC");
    return certificate;
}

如何使自签名？

我没有任何线索。

如何处理？

任何提示。

推荐答案

您拥有了生成自签名证书所需的所有代码。您只需要确保您的链只包含一个证书。

You had all the code you needed to produce a self-signed certificate. You just needed to ensure your chain contained only one certificate.

public static void testKeyStore() throws Exception {
  try {
    String storeName = "path/to/store";
    java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
        .getInstance("RSA");
    keyPairGenerator.initialize(2048);
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    PrivateKey privateKey = keyPair.getPrivate();
    X509Certificate selfCert = createCertificate("CN=Client", "CN=Client",
        publicKey, privateKey);

    // Note: if you just want to store this certificate then write the
    // contents of selfCert.getEncoded() to file

    java.security.cert.Certificate[] outChain = { selfCert };
    KeyStore outStore = KeyStore.getInstance("PKCS12");
    outStore.load(null, PASSWORD.toCharArray());
    outStore.setKeyEntry("mykey", privateKey, PASSWORD.toCharArray(),
        outChain);
    OutputStream outputStream = new FileOutputStream(storeName);
    outStore.store(outputStream, PASSWORD.toCharArray());
    outputStream.flush();
    outputStream.close();

    KeyStore inStore = KeyStore.getInstance("PKCS12");
    inStore.load(new FileInputStream(storeName), PASSWORD.toCharArray());
  } catch (Exception e) {
    e.printStackTrace();
    throw new AssertionError(e.getMessage());
  }
}

我建议你不要抛出 AssertionError 。这应该只由Java本身使用来表示 assert 语句为false。

I would advise you don't throw an AssertionError. This should only be used by Java itself to indicate an assert statement is false.

这篇关于使用BouncyCastle和Java生成X509Certificate的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

使用BouncyCastle和Java生成X509Certificate [英] Generating X509Certificate with BouncyCastle with Java

问题描述

推荐答案

相关文章

Java开发最新文章

热门教程

热门工具

登录关闭

使用BouncyCastle和Java生成X509Certificate [英] Generating X509Certificate with BouncyCastle with Java

问题描述

推荐答案

相关文章

Java开发最新文章

热门教程

热门工具

登录 关闭

登录关闭