这就是我现在生成数字证书的方法。现在我可以生成一个带有私钥密码保护的数字证书。
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
testKeyStore();
}
public static void testKeyStore() throws Exception {
try {
String storeName = "d://suresh_test.cer";
java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate trustCert = createCertificate("CN=CA", "CN=CA",
publicKey, privateKey);
java.security.cert.Certificate[] outChain = {
createCertificate("CN=Client", "CN=CA", publicKey,
privateKey), trustCert };
KeyStore outStore = KeyStore.getInstance("PKCS12");
outStore.load(null, "suresh_".toCharArray());
outStore.setKeyEntry("mykey", privateKey, "suresh_".toCharArray(),
outChain);
OutputStream outputStream = new FileOutputStream(storeName);
outStore.store(outputStream, "suresh_".toCharArray());
outputStream.flush();
outputStream.close();
KeyStore inStore = KeyStore.getInstance("PKCS12");
inStore.load(new FileInputStream(storeName),
"suresh_".toCharArray());
} catch (Exception e) {
e.printStackTrace();
throw new AssertionError(e.getMessage());
}
}
private static X509Certificate createCertificate(String dn, String issuer,
PublicKey publicKey, PrivateKey privateKey) throws Exception {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.setSerialNumber(BigInteger.valueOf(Math.abs(new Random()
.nextLong())));
certGenerator.setIssuerDN(new X509Name(dn));
certGenerator.setSubjectDN(new X509Name(dn));
certGenerator.setIssuerDN(new X509Name(issuer)); // Set issuer!
certGenerator.setNotBefore(Calendar.getInstance().getTime());
certGenerator.setNotAfter(Calendar.getInstance().getTime());
certGenerator.setPublicKey(publicKey);
certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate certificate = (X509Certificate) certGenerator.generate(
privateKey, "BC");
return certificate;
}
如何使其自签名?
我没有任何线索。
我该如何继续呢?
感谢您的任何提示。
您拥有生成自签名证书所需的所有代码。您只需要确保您的链仅包含一个证书。
public static void testKeyStore() throws Exception {
try {
String storeName = "path/to/store";
java.security.KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate selfCert = createCertificate("CN=Client", "CN=Client",
publicKey, privateKey);
// Note: if you just want to store this certificate then write the
// contents of selfCert.getEncoded() to file
java.security.cert.Certificate[] outChain = { selfCert };
KeyStore outStore = KeyStore.getInstance("PKCS12");
outStore.load(null, PASSWORD.toCharArray());
outStore.setKeyEntry("mykey", privateKey, PASSWORD.toCharArray(),
outChain);
OutputStream outputStream = new FileOutputStream(storeName);
outStore.store(outputStream, PASSWORD.toCharArray());
outputStream.flush();
outputStream.close();
KeyStore inStore = KeyStore.getInstance("PKCS12");
inStore.load(new FileInputStream(storeName), PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
throw new AssertionError(e.getMessage());
}
}
我建议你不要扔AssertionError。这只能由 Java 本身用来指示assert声明是错误的。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
