gpt4 book ai didi

java - 在java中生成证书链

转载 作者:塔克拉玛干 更新时间:2023-11-03 05:03:03 28 4
gpt4 key购买 nike

问题是如何在 Java 中以编程方式生成证书链。换句话说,我想在 java 中执行此处详述的操作:http://fusesource.com/docs/broker/5.3/security/i382664.html

基本上,我可以为新客户端创建 RSA key :

private KeyPair genRSAKeyPair(){
// Get RSA key factory:
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
log.error(e.getMessage());
e.printStackTrace();
return null;
}
// Generate RSA public/private key pair:
kpg.initialize(RSA_KEY_LEN);
KeyPair kp = kpg.genKeyPair();
return kp;

然后我生成相应的证书:

private X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws GeneralSecurityException, IOException {
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);

info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);

// Update the algorith, and resign.
algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
return cert;

然后我生成证书签名请求并将其保存到 csrFile 文件中:

public static void writeCertReq(File csrFile, String alias, String keyPass, KeyStore ks) 
throws KeyStoreException,
NoSuchAlgorithmException,
InvalidKeyException,
IOException,
CertificateException,
SignatureException,
UnrecoverableKeyException {

Object objs[] = getPrivateKey(ks, alias, keyPass.toCharArray());
PrivateKey privKey = (PrivateKey) objs[0];

PKCS10 request = null;

Certificate cert = ks.getCertificate(alias);
request = new PKCS10(cert.getPublicKey());
String sigAlgName = "MD5WithRSA";
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privKey);
X500Name subject = new X500Name(((X509Certificate) cert).getSubjectDN().toString());
X500Signer signer = new X500Signer(signature, subject);
request.encodeAndSign(signer);
request.print(System.out);
FileOutputStream fos = new FileOutputStream(csrFile);
PrintStream ps = new PrintStream(fos);
request.print(ps);
fos.close();
}

在哪里

private static Object[] getPrivateKey(KeyStore ks, String alias, char keyPass[]) 
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
key = null;
key = ks.getKey(alias, keyPass);
return (new Object[]{ (PrivateKey) key, keyPass });
}

现在我应该用 CA 私钥签署 CSR,但我看不出如何在 java 中实现它。我的 jks 中有“我自己的”CA 私钥。

此外,一旦我设法签署了 CSR,我应该将 CA 证书与已签署的 CSR 链接起来:这如何在 Java 中完成?

我宁愿不使用 bc 或其他外部库,只使用“sun.security”类。

谢谢。

最佳答案

我相信帖子中的代码示例 http://www.pixelstech.net/article/1406726666-Generate-certificate-in-Java----2将向您展示如何使用纯 Java 生成证书链。它不需要您使用 Bouncy CaSTLe。

关于java - 在java中生成证书链,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12330975/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com