使用BouncyCastle和Java生成X509Certificate [英] Generating X509Certificate with BouncyCastle with Java
本文介绍了使用BouncyCastle和Java生成X509Certificate的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我现在正在生成的数字证书。现在我可以生成一个带有私钥密码保护的数字证书。
This is what I have right now to generate a digital certificate. And now I'm able to generate a digital certificate with password protected for private key.
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
testKeyStore();
}
public static void testKeyStore() throws Exception {
try {
String storeName = "d://suresh_test.cer";
java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate trustCert = createCertificate("CN=CA", "CN=CA",
publicKey, privateKey);
java.security.cert.Certificate[] outChain = {
createCertificate("CN=Client", "CN=CA", publicKey,
privateKey), trustCert };
KeyStore outStore = KeyStore.getInstance("PKCS12");
outStore.load(null, "suresh_".toCharArray());
outStore.setKeyEntry("mykey", privateKey, "suresh_".toCharArray(),
outChain);
OutputStream outputStream = new FileOutputStream(storeName);
outStore.store(outputStream, "suresh_".toCharArray());
outputStream.flush();
outputStream.close();
KeyStore inStore = KeyStore.getInstance("PKCS12");
inStore.load(new FileInputStream(storeName),
"suresh_".toCharArray());
} catch (Exception e) {
e.printStackTrace();
throw new AssertionError(e.getMessage());
}
}
private static X509Certificate createCertificate(String dn, String issuer,
PublicKey publicKey, PrivateKey privateKey) throws Exception {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.setSerialNumber(BigInteger.valueOf(Math.abs(new Random()
.nextLong())));
certGenerator.setIssuerDN(new X509Name(dn));
certGenerator.setSubjectDN(new X509Name(dn));
certGenerator.setIssuerDN(new X509Name(issuer)); // Set issuer!
certGenerator.setNotBefore(Calendar.getInstance().getTime());
certGenerator.setNotAfter(Calendar.getInstance().getTime());
certGenerator.setPublicKey(publicKey);
certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate certificate = (X509Certificate) certGenerator.generate(
privateKey, "BC");
return certificate;
}
如何使自签名?
我没有任何线索。
如何处理?
任何提示。
推荐答案
您拥有了生成自签名证书所需的所有代码。您只需要确保您的链只包含一个证书。
You had all the code you needed to produce a self-signed certificate. You just needed to ensure your chain contained only one certificate.
public static void testKeyStore() throws Exception {
try {
String storeName = "path/to/store";
java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate selfCert = createCertificate("CN=Client", "CN=Client",
publicKey, privateKey);
// Note: if you just want to store this certificate then write the
// contents of selfCert.getEncoded() to file
java.security.cert.Certificate[] outChain = { selfCert };
KeyStore outStore = KeyStore.getInstance("PKCS12");
outStore.load(null, PASSWORD.toCharArray());
outStore.setKeyEntry("mykey", privateKey, PASSWORD.toCharArray(),
outChain);
OutputStream outputStream = new FileOutputStream(storeName);
outStore.store(outputStream, PASSWORD.toCharArray());
outputStream.flush();
outputStream.close();
KeyStore inStore = KeyStore.getInstance("PKCS12");
inStore.load(new FileInputStream(storeName), PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
throw new AssertionError(e.getMessage());
}
}
我建议你不要抛出 AssertionError
。这应该只由Java本身使用来表示 assert
语句为false。
I would advise you don't throw an AssertionError
. This should only be used by Java itself to indicate an assert
statement is false.
这篇关于使用BouncyCastle和Java生成X509Certificate的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文