使用 Bouncy Castle Java 生成 X509 证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14930381/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Generating X509 Certificate using Bouncy Castle Java
提问by Reddy
I am looking for an example or tutorial to generate X509 Certificates using BC in Java.
我正在寻找在 Java 中使用 BC 生成 X509 证书的示例或教程。
A lot of example are having/using deprecated API. I gave a look at BC, but it doesn't show which class does what or no proper documentation/example.
很多例子都有/使用过时的 API。我看了一下 BC,但它没有显示哪个类做了什么或没有适当的文档/示例。
Please If any one you are having idea about it, please point me to a tutorial where I can use BC to generate X509 Certificates. [Generation and writing the public and private keys to files]
请如果您对此有任何想法,请将我指向一个教程,我可以在其中使用 BC 生成 X509 证书。【生成公私钥并将其写入文件】
采纳答案by President James K. Polk
The X509v3CertificateBuilderseems like the class to use. There are some examples of using the new API on the bouncycastle wiki.
该X509v3CertificateBuilder好像类使用。bouncycastle wiki上有一些使用新 API 的示例。
回答by EpicPandaForce
Creation of KeyPairGenerator:
KeyPairGenerator 的创建:
private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier,
int bitCount) throws NoSuchProviderException,
NoSuchAlgorithmException {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(bitCount);
return kpg;
}
Creation of keyPair:
密钥对的创建:
private KeyPair createKeyPair(String encryptionType, int byteCount)
throws NoSuchProviderException, NoSuchAlgorithmException
{
KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount);
KeyPair keyPair = keyPairGenerator.genKeyPair();
return keyPair;
}
KeyPair keyPair = createKeyPair("RSA", 4096);
Converting things to PEM (can be written to file):
将事物转换为 PEM(可以写入文件):
private String convertCertificateToPEM(X509Certificate signedCertificate) throws IOException {
StringWriter signedCertificatePEMDataStringWriter = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(signedCertificatePEMDataStringWriter);
pemWriter.writeObject(signedCertificate);
pemWriter.close();
return signedCertificatePEMDataStringWriter.toString();
}
Creation of X509Certificate:
X509Certificate的创建:
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
serverCertificate, new BigInteger("1"),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L),
jcaPKCS10CertificationRequest.getSubject(),
jcaPKCS10CertificationRequest.getPublicKey()
/*).addExtension(
new ASN1ObjectIdentifier("2.5.29.35"),
false,
new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/
).addExtension(
new ASN1ObjectIdentifier("2.5.29.19"),
false,
new BasicConstraints(false) // true if it is allowed to sign other certs
).addExtension(
new ASN1ObjectIdentifier("2.5.29.15"),
true,
new X509KeyUsage(
X509KeyUsage.digitalSignature |
X509KeyUsage.nonRepudiation |
X509KeyUsage.keyEncipherment |
X509KeyUsage.dataEncipherment));
Signing:
签名:
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").build(signingKeyPair.getPrivate());
X509CertificateHolder x509CertificateHolder = certificateBuilder.build(sigGen);
org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure =
x509CertificateHolder.toASN1Structure();
return eeX509CertificateStructure;
}
private X509Certificate readCertificateFromASN1Certificate(
org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure,
CertificateFactory certificateFactory)
throws IOException, CertificateException { //
// Read Certificate
InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded());
X509Certificate signedCertificate =
(X509Certificate) certificateFactory.generateCertificate(is1);
return signedCertificate;
}
CertificateFactory:
证书工厂:
certificateFactory = CertificateFactory.getInstance("X.509",
BouncyCastleProvider.PROVIDER_NAME);
