1. 首頁
  2. 問答
  3. 使用Bouncy Castle Java生成X509證書

使用Bouncy Castle Java生成X509證書

2013-02-18 214 views
8

我正在尋找一個示例或教程來使用BC中的Java生成X509證書。使用Bouncy Castle Java生成X509證書

很多例子都有/使用棄用的API。我看了一下BC,但並沒有說明哪個類做了什麼或沒有適當的文檔/例子。

請如果有人對此有所瞭解,請指向我可以使用BC生成X509證書的教程。 [生成和寫入文件的公鑰和私鑰]

來源

2013-02-18 Reddy

+0

http://stackoverflow.com/questions/9938079/generating-x509certificate-using-bouncycastle-x509v3certificatebuilder – Abhi 2013-02-18 06:06:16

回答

6

X509v3CertificateBuilder看起來像使用的類。在bouncycastle wiki上有一些使用新API的示例。的KeyPairGenerator的

來源

2013-02-18 17:39:03

+0

我聽到@GregS是[令人放心昂貴](http://en.wikipedia.org/wiki/Reassuringly_Expensive)僱用小時。 – 2013-02-19 19:15:37

7

創作:

private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier, 
     int bitCount) throws NoSuchProviderException, 
     NoSuchAlgorithmException { 
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(
      algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME); 
    kpg.initialize(bitCount); 
    return kpg; 
}

密鑰對的創建:

private KeyPair createKeyPair(String encryptionType, int byteCount) 
    throws NoSuchProviderException, NoSuchAlgorithmException 
{ 
    KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount); 
    KeyPair keyPair = keyPairGenerator.genKeyPair(); 
    return keyPair; 
} 

KeyPair keyPair = createKeyPair("RSA", 4096);

轉換東西PEM(可以寫入文件):

private String convertCertificateToPEM(X509Certificate signedCertificate) throws IOException { 
    StringWriter signedCertificatePEMDataStringWriter = new StringWriter(); 
    JcaPEMWriter pemWriter = new JcaPEMWriter(signedCertificatePEMDataStringWriter); 
    pemWriter.writeObject(signedCertificate); 
    pemWriter.close(); 
    return signedCertificatePEMDataStringWriter.toString(); 
    }

x509證書的創建:

X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
    serverCertificate, new BigInteger("1"), 
    new Date(System.currentTimeMillis()), 
    new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L), 
    jcaPKCS10CertificationRequest.getSubject(), 
    jcaPKCS10CertificationRequest.getPublicKey() 
/*).addExtension(
    new ASN1ObjectIdentifier("2.5.29.35"), 
    false, 
    new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/ 
).addExtension(
     new ASN1ObjectIdentifier("2.5.29.19"), 
     false, 
     new BasicConstraints(false) // true if it is allowed to sign other certs 
).addExtension(
     new ASN1ObjectIdentifier("2.5.29.15"), 
     true, 
     new X509KeyUsage(
      X509KeyUsage.digitalSignature | 
       X509KeyUsage.nonRepudiation | 
       X509KeyUsage.keyEncipherment | 
       X509KeyUsage.dataEncipherment));

簽名:

ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(signingKeyPair.getPrivate()); 


    X509CertificateHolder x509CertificateHolder = certificateBuilder.build(sigGen); 
    org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure = 
     x509CertificateHolder.toASN1Structure(); 
    return eeX509CertificateStructure; 
    } 

    private X509Certificate readCertificateFromASN1Certificate(
    org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure, 
    CertificateFactory certificateFactory) 
    throws IOException, CertificateException { // 
    // Read Certificate 
    InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); 
    X509Certificate signedCertificate = 
     (X509Certificate) certificateFactory.generateCertificate(is1); 
    return signedCertificate; 
    }

CertificateFactory:

certificateFactory = CertificateFactory.getInstance("X.509", 
     BouncyCastleProvider.PROVIDER_NAME);

來源

2014-11-06 14:51:33 EpicPandaForce

相關問題

 相關問題