当前位置:theitroad>使用 Java 生成证书、公钥和私钥

使用 Java 生成证书、公钥和私钥

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/925377/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-11 21:10:27  来源:igfitidea点击:

Generate certificates, public and private keys with Java

javasslopensslkeytool

提问by PeterMmm

I'm looking for a java library or code to generate certificates, public and private keys on the fly without to use third party programs (such as openssl).

我正在寻找一个 Java 库或代码来动态生成证书、公钥和私钥,而无需使用第三方程序(例如 openssl)。

I think something that is doeing keytool+openssl but from Java code.

我认为是在使用 keytool+openssl 但来自 Java 代码。

Consider a java servlet based web application secured with ssl and client authentification. I want the servlet container generate client certificates (eg. pkcs12 format) on request only with Java code.

考虑使用 ssl 和客户端身份验证保护的基于 java servlet 的 Web 应用程序。我希望 servlet 容器仅使用 Java 代码根据请求生成客户端证书(例如 pkcs12 格式)。

回答by Sekhar

You can generate Certificate in java dynamically, by using a pair or keys. (Public Key, Private Keys). Get These keys as BigInteger format and checking the following code to generate certificate.

您可以使用一对或密钥在 Java 中动态生成证书。(公钥,私钥)。以 BigInteger 格式获取这些密钥并检查以下代码以生成证书。

RSAPrivateKeySpec serPrivateSpec = new RSAPrivateKeySpec(
    new BigInteger(val of pub key), new BigInteger(val of pri key));
fact = KeyFactory.getInstance("RSA");
PrivateKey serverPrivateKey = fact.generatePrivate(serPrivateSpec);

RSAPublicKeySpec serPublicSpec = new RSAPublicKeySpec(
    new BigInteger(agentCL.getSerPubMod()), new BigInteger(agentCL.getSerPubExp()));
PublicKey serverPublicKey = fact.generatePublic(serPublicSpec);

keyStore = KeyStore.getInstance(IMXAgentCL.STORE_TYPE);
keyStore.load(null, SOMEPWD.toCharArray());

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

X509Certificate[] serverChain = new X509Certificate[1];
X509V3CertificateGenerator serverCertGen = new X509V3CertificateGenerator();
X500Principal serverSubjectName = new X500Principal("CN=OrganizationName");
serverCertGen.setSerialNumber(new BigInteger("123456789"));
// X509Certificate caCert=null;
serverCertGen.setIssuerDN(somename);
serverCertGen.setNotBefore(new Date());
serverCertGen.setNotAfter(new Date());
serverCertGen.setSubjectDN(somename);
serverCertGen.setPublicKey(serverPublicKey);
serverCertGen.setSignatureAlgorithm("MD5WithRSA");
// certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,new
// AuthorityKeyIdentifierStructure(caCert));
serverCertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
    new SubjectKeyIdentifierStructure(serverPublicKey));
serverChain[0] = serverCertGen.generateX509Certificate(serverPrivateKey, "BC"); // note: private key of CA

keyStore.setEntry("xyz",
    new KeyStore.PrivateKeyEntry(serverPrivateKey, serverChain),
    new KeyStore.PasswordProtection("".toCharArray()));

Hope this will help you.

希望这会帮助你。

回答by Ray Hulha

Legacy Warning Begin:

旧版警告开始

  • This code only sets the CommonName/CN/Subject.
  • The correct place now is the SubjectAltName.
  • 此代码仅设置CommonName/CN/Subject
  • 现在正确的位置是SubjectAltName

From Chrome Deprecates Subject CN Matching:

Chrome 弃用主题 CN 匹配

Chrome 58 will require that certificates specify the hostname(s) to which they apply in the SubjectAltName field; values in the Subject field will be ignored."

Chrome 58 将要求证书在 SubjectAltName 字段中指定它们适用的主机名;主题字段中的值将被忽略。”

Legacy Warning End

遗留警告结束

import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;

import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;

public class UseKeyTool {

    private static final int keysize = 1024;
    private static final String commonName = "www.test.de";
    private static final String organizationalUnit = "IT";
    private static final String organization = "test";
    private static final String city = "test";
    private static final String state = "test";
    private static final String country = "DE";
    private static final long validity = 1096; // 3 years
    private static final String alias = "tomcat";
    private static final char[] keyPass = "changeit".toCharArray();

    // copied most ideas from sun.security.tools.KeyTool.java

    @SuppressWarnings("restriction")
    public static void main(String[] args) throws Exception {

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);

        CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);

        X500Name x500Name = new X500Name(commonName, organizationalUnit, organization, city, state, country);

        keypair.generate(keysize);
        PrivateKey privKey = keypair.getPrivateKey();

        X509Certificate[] chain = new X509Certificate[1];

        chain[0] = keypair.getSelfCertificate(x500Name, new Date(), (long) validity * 24 * 60 * 60);

        keyStore.setKeyEntry(alias, privKey, keyPass, chain);

        keyStore.store(new FileOutputStream(".keystore"), keyPass);



    }
}

相关推荐

Java 为什么使用 springfox 和 Swagger2 时 v2/api-docs 是默认 URL?

Java 为什么使用 springfox 和 Swagger2 时 v2/api-docs 是默认 URL?

Java String 数组:有方法的大小吗?

Java String 数组:有方法的大小吗?

Java 如何使用 JPA 注释映射一组字符串对象?

Java 如何使用 JPA 注释映射一组字符串对象?

Java org.glassfish.jersey.server.model.ModelValidationException:应用程序初始化期间应用程序资源模型的验证失败

Java org.glassfish.jersey.server.model.ModelValidationException:应用程序初始化期间应用程序资源模型的验证失败

相关推荐
最近更新
标签