Loi*_*ros 2 java rsa ssl-certificate
我有一个从RSA私有密钥字符串中加载PrivateKey对象的类,如下所示:
X509EncodedKeySpec spec = new X509EncodedKeySpec(privKeyString.getBytes());
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(spec);
我认为以上将工作以获取PrivateKey对象。但是,一旦有了私钥,我还想从中生成一个X509Certificate对象。这是我的尝试之一,但是generateCertificate方法期望输入流(我相信包含来自文件的证书),因此这将无法工作:
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate cert = f.generateCertificate(privateKey); // this doesn't work.
有没有一种方法可以仅从PrivateKey对象或从我原来拥有的私钥字符串(privKeyString变量)创建证书(理想情况下,该证书不会过期)?
谢谢,
事件的典型流程如下所示:生成一个密钥对,这意味着一个私钥和一个匹配的公钥。私钥是您的,您永远都不会共享它。这就是为什么它被称为私有。公钥是您向他人提供的。X.509证书是发布公钥的一种常见格式。该证书包含公钥以及一些标识信息。该证书可以是自签名的,也可以由其他机构签名。
不幸的是,标准的Oracle Java库不包含任何类来帮助您从公共密钥生成X.509证书。您可以使用Oracle JDK附带的命令行工具keytool来完成此任务。如果必须以编程方式执行此操作,则Bouncycastle Java库包含一些可完成此操作的类。例如,JcaX509v3CertificateBuilder可能是完成这一任务,用起来最简单的方法JcaContentSignerBuilder类。
这是一个使用Java 7和Bouncycastle 1.50版提供程序和PKIX库的示例。
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
public class CertBuilder {
public static void main(String[] args) throws Exception {
// Generate a keypair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
// Start creating a self-signed X.509 certificate with the public key
X500Name subjName = new X500Name("C=US, ST=NY, O=Certs_R_Us, CN=notreal@example.com");
BigInteger serialNumber = new BigInteger("900");
Calendar cal = Calendar.getInstance();
cal.set(2014, 6, 7, 11, 59, 59);
Date notBefore = cal.getTime();
cal.add(Calendar.YEAR, 10); // Expires in 10 years
Date notAfter = cal.getTime();
JcaX509v3CertificateBuilder x509Builder = new JcaX509v3CertificateBuilder(subjName, serialNumber,
notBefore, notAfter, subjName, kp.getPublic());
// Create a signer to sign (self-sign) the certificate.
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WITHRSA");
ContentSigner signer = signerBuilder.build(kp.getPrivate());
// Now finish the creation of the self-signed certificate.
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509Certificate mySelfSignedCert = converter.getCertificate(x509Builder.build(signer));
// Now create a KeyStore and store the private key and associated cert.
final char[] password = "password99".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, password);
KeyStore.PrivateKeyEntry privKeyEntry = new KeyStore.PrivateKeyEntry(kp.getPrivate(),
new Certificate[] {mySelfSignedCert});
ks.setEntry("myRSAkey", privKeyEntry, new KeyStore.PasswordProtection(password));
// Now save off the KeyStore to a file.
FileOutputStream fos = null;
try {
fos = new FileOutputStream("MyKeys.jks");
ks.store(fos, password);
} finally {
if (fos != null) {
fos.close();
}
}
}
}
| 归档时间: |
|
| 查看次数: |
3566 次 |
| 最近记录: |