使用Bouncy Castle Java生成X509证书
我正在寻找一个示例或教程来使用Java中的BC生成X509证书。
很多例子都有/使用过时的API。 我看了BC,但它没有显示哪个类做了什么或没有适当的文档/示例。
如果您对此有任何想法,请指出我可以使用BC生成X509证书的教程。 [生成和写入文件的公钥和私钥]
X509v3CertificateBuilder看起来像要使用的类。 有一些在bouncycastle wiki上使用新API的例子。
创建KeyPairGenerator:
private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier, int bitCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator kpg = KeyPairGenerator.getInstance( algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME); kpg.initialize(bitCount); return kpg; }
创建keyPair:
private KeyPair createKeyPair(String encryptionType, int byteCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount); KeyPair keyPair = keyPairGenerator.genKeyPair(); return keyPair; } KeyPair keyPair = createKeyPair("RSA", 4096);
将事物转换为PEM(可以写入文件):
private String convertCertificateToPEM(X509Certificate signedCertificate) throws IOException { StringWriter signedCertificatePEMDataStringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(signedCertificatePEMDataStringWriter); pemWriter.writeObject(signedCertificate); pemWriter.close(); return signedCertificatePEMDataStringWriter.toString(); }
创建X509Certificate:
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( serverCertificate, new BigInteger("1"), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L), jcaPKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey() /*).addExtension( new ASN1ObjectIdentifier("2.5.29.35"), false, new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/ ).addExtension( new ASN1ObjectIdentifier("2.5.29.19"), false, new BasicConstraints(false) // true if it is allowed to sign other certs ).addExtension( new ASN1ObjectIdentifier("2.5.29.15"), true, new X509KeyUsage( X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
签名:
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(signingKeyPair.getPrivate()); X509CertificateHolder x509CertificateHolder = certificateBuilder.build(sigGen); org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure = x509CertificateHolder.toASN1Structure(); return eeX509CertificateStructure; } private X509Certificate readCertificateFromASN1Certificate( org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure, CertificateFactory certificateFactory) throws IOException, CertificateException { // // Read Certificate InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); X509Certificate signedCertificate = (X509Certificate) certificateFactory.generateCertificate(is1); return signedCertificate; }
CertificateFactory:
certificateFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);