gpt4 book ai didi

java - 如何使用给定的私钥通过 ca 证书签署最终实体证书

转载 作者:行者123 更新时间:2023-12-01 09:46:53 26 4
gpt4 key购买 nike

我已经用 java 编写了我的 CA 证书(使用 bouncy caSTLe 库)。现在我想使用给定的私钥签署最终实体证书。这是我的代码:

           X500Principal dnNameIssuer = new X500Principal("CN=\"" + hashedValue + " CA\", OU=PKI, O=\"" + hashedValue + ", Inc\", L=Darmstadt, ST=Hessen, C=DE");
X500Principal dnNameSubject = dnName;
serialNumber = new BigInteger("123127956789") ;
keyus = new KeyUsage(KeyUsage.digitalSignature);

ContentSigner signer = new JcaContentSignerBuilder("SHA512withECDSA").build(myprivateKey);



Date D1 = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date D2 = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
AuthorityKeyIdentifier AKI = new AuthorityKeyIdentifier(keyBytesPublic);

X509v3CertificateBuilder certBldr = new JcaX509v3CertificateBuilder(certroot,serialNumber, D1, D2, dnName, mypublicKey);
certBldr.addExtension(X509Extension.authorityKeyIdentifier, true, AKI);
certBldr.addExtension(X509Extension.subjectAlternativeName, false,new GeneralNames(new GeneralName(GeneralName.rfc822Name,"PNeODZ3wV5m2UXmJiovxdwPKZdCkB87ESsk7H8vTZKU=")));
certBldr.addExtension(X509Extensions.KeyUsage, true, keyus);
certBldr.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), false, new BasicConstraints(false));


// Build/sign the certificate.
X509CertificateHolder certHolder = certBldr.build(signer);

X509Certificate Endcert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
`

我收到错误 enter image description here

你能帮帮我吗?或者当有人有另一种方式通过 CA 证书签署最终实体证书时,这对我来说将是一种乐趣。

谢谢

最佳答案

该错误是由于 Unresolved 依赖关系造成的。您需要类似的东西

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.49</version>
</dependency>

您的代码中有一些错误

X500Principal dnNameIssuer = new X500Principal("CN=\"" + hashedValue + " CA\", OU=PKI, O=\"" + hashedValue + ", Inc\", L=Darmstadt, ST=Hessen, C=DE");

避免创建字符串。使用从X509中提取的ca证书颁发者名称

 X509Certificate cacert =...
X500Name issuer = X500Name.getInstance(cacert.getSubjectX500Principal().getEncoded());

此日期是过去的日期

Date D1 = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date D2 = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);

创建与此类似的内容(+ 1 天)

Date D1 = new Date();
Date D2 = new Date(System.currentTimeMillis() + VALIDITY_PERIOD);

将 keyEncipherment 添加到 keyUsage 也很常见

keyus = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);

并使用 cacert 创建authorityKeyIdentifier

 X509ExtensionUtils extUtils = new X509ExtensionUtils( 
new SHA1DigestCalculator());
certBldr.addExtension(Extension.authorityKeyIdentifier, false,
extUtils.createAuthorityKeyIdentifier(caCert))

您在项目 ejbca 中有一个完整的 CA 示例。 This is您需要的类(class)。

这里还有一个创建最终实体证书的完整示例(摘自 here )

public static X509CertificateHolder buildEndEntityCert(X500Name subject,
AsymmetricKeyParameter entityKey, AsymmetricKeyParameter caKey,
X509CertificateHolder caCert, String ufn) throws Exception
{
SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.
createSubjectPublicKeyInfo(entityKey);

if(subject==null)
subject = new X500Name("CN = BETaaS Gateway Certificate");

X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(
caCert.getSubject(),
BigInteger.valueOf(1),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + VALIDITY_PERIOD),
subject,
entityKeyInfo);

X509ExtensionUtils extUtils = new X509ExtensionUtils(
new SHA1DigestCalculator());

certBldr.addExtension(Extension.authorityKeyIdentifier, false,
extUtils.createAuthorityKeyIdentifier(caCert))
.addExtension(Extension.subjectKeyIdentifier, false,
extUtils.createSubjectKeyIdentifier(entityKeyInfo))
.addExtension(Extension.basicConstraints, true,
new BasicConstraints(false))
.addExtension(Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment))
.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(
new GeneralName(GeneralName.rfc822Name, ufn)));

AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME);
AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg);

ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey);

return certBldr.build(signer);
}

关于java - 如何使用给定的私钥通过 ca 证书签署最终实体证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37928762/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com