我正在尝试移植JXTA以在App Engine上运行.鉴于App Engine尚不支持BouncyCastle"BC"提供程序,我必须移植现有的JXTA代码以使用列入白名单的类生成X509Certificate.我对Crypto的了解很少,我不确定我想要实现的目标是否可行.以下是来自JXTA项目的PSEUtils.java的原始代码:
有一个包含java.security.cert.X509Certificate的帮助器类:
public static class IssuerInfo {
public X509Certificate cert; // subject Cert
public PrivateKey subjectPkey; // subject private key
public X509Certificate issuer; // issuer Cert
public PrivateKey issuerPkey; // issuer private key
}
在方法中:
public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo)
我将主题传递给:
new X500Principal("CN="+useCN)
密钥对(来自原始代码):
KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
g.initialize(1024, UTILS.srng);
KeyPair keypair = g.generateKeyPair();
和jxta编码的IssuerInfo.
现在因为我无法引入bouncycastle.jce包,我必须删除JXTA使用的X509Principal和X509V3CertificateGenerator代码,并尝试用符合GAE限制的实现替换它.以下是我目前使用org.bouncycastle.X509.X509v3CertificateBuilder的genCert方法.
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
new X500Name(issuer.getName()),
BigInteger.ONE,
today, …