Java开发网 - Re:Java中能自己生成证书吗？

Java开发网

您没有登录

» Java开发网 » Java Security

打印话题 寄给朋友 订阅主题

作者

Re:Java中能自己生成证书吗？ [Re:lvjing79]

v_gyc

发贴: 2
积分: 10

于 2004-11-07 12:29

用 BC, 自己来，下面是 V1 X509的， V3的还要麻烦点。

/*
* Created on 2004-10-22
* by v_gyc
*/

package test.certificate.generate;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509V1CertificateGenerator;

/**
* @author Administrator
*/
public class V1Generator {

private static final String sigalg_DSAWITHSHA1 = "DSAWithSHA1";

public static void main(String[] args) throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeyException, SecurityException,
SignatureException, IOException, CertificateEncodingException {

String attrs = "C=cn" + ", O=www.neuq.edu.cn" + ",L=QinHuangDao"
+ ",ST=HeBei" + ",E=****@mail.***.edu.cn"
+ ",OU=software center" + ",CN=Guanchun";

//first generate a certificate

X509Name subjectDN = new X509Name(attrs);
X509Name issuerDN = new X509Name(attrs);
Date from = new Date();
Date to = new Date(from.getTime() + 86400 * 1000 * 100);
BigInteger certSerial = BigInteger.valueOf(123456);

//这里应该使用 SecureRandom
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "BC");
KeyPair kp = kpg.generateKeyPair();
PublicKey pubk = kp.getPublic();
PrivateKey prik = kp.getPrivate();

X509Certificate result = generateCertificate(issuerDN, certSerial,
from, to, subjectDN, pubk, prik, sigalg_DSAWITHSHA1);

//output certificate
new File("tmp.cer").createNewFile();
java.io.File file = new File("tmp.cer");
FileOutputStream fos = new FileOutputStream(file);
byte[] certbytes = result.getEncoded();
fos.write(certbytes);
fos.close();

System.out.println("OK!!KO");
System.out.println("OK!!KO");

}

/**
* @param attrs
* /**
* @return X509Certificate /**
* @throws NoSuchAlgorithmException
* /**
* @throws NoSuchProviderException
* /**
* @throws SignatureException
* /**
* @throws InvalidKeyException
* @param issuerDN
* @param serial
* @param from
* @param to
* @param subjectDN
* @param publicKey
* TODO
* @param privateKey
* TODO
* @param algorithm
* TODO
*/
public static X509Certificate generateCertificate(X509Name issuerDN,
BigInteger serial, Date from, Date to, X509Name subjectDN,
PublicKey publicKey, PrivateKey privateKey, String algorithm)

throws NoSuchAlgorithmException, NoSuchProviderException,
SignatureException, InvalidKeyException {

X509V1CertificateGenerator certGenerator = new X509V1CertificateGenerator();
certGenerator.setIssuerDN(issuerDN);
//issue serial
certGenerator.setSerialNumber(serial);
certGenerator.setSignatureAlgorithm(algorithm);
//date
certGenerator.setNotBefore(from);
certGenerator.setNotAfter(to);

//subject DN
certGenerator.setSubjectDN(subjectDN);

//public key
certGenerator.setPublicKey(publicKey);

//generate certificate using private key
X509Certificate result = certGenerator
.generateX509Certificate(privateKey);
return result;
}

}

话题树型展开

人气	标题	作者	字数	发贴时间
19193	Java中能自己生成证书吗？	lvjing79	17	2004-09-12 15:01
17059	Re:Java中能自己生成证书吗？	linux_china	25	2004-09-12 15:04
18639	Re:Java中能自己生成证书吗？	v_gyc	4050	2004-11-07 12:29
17232	Re:Java中能自己生成证书吗？	lvjing79	43	2004-09-12 17:10
16867	Re:Java中能自己生成证书吗？	emarket	228	2004-09-12 22:00
16812	Re:Java中能自己生成证书吗？	floater	27	2004-09-13 01:25
17087	Re:Java中能自己生成证书吗？	lvjing79	42	2004-09-13 17:40
16824	Re:Java中能自己生成证书吗？	menzy	14	2004-09-16 08:25
16997	Re:Java中能自己生成证书吗？	lvjing79	35	2004-09-16 14:08
16951	Re:Java中能自己生成证书吗？	NUAA_SG	8	2004-09-20 15:55
16901	Re:Java中能自己生成证书吗？	menzy	59	2004-09-21 10:47

已读帖子

新的帖子

被删除的帖子