Bouncy Castle使用备份

来源：互联网发布：怎样从网络切换到电视编辑：程序博客网时间：2024/05/21 06:47

使用的jar包是：bcprov-jdk15on-1.54.jar

base64使用apache的codec里面的，日期使用的joda-time

第一个是以前的bouncy castle版本生成证书的代码，现在可以用，但是已经不推荐了，有些API会显示已经过期了。

public class Test1 {    static {        Security.addProvider(new BouncyCastleProvider());    }    public static void main(String[] args) throws Exception {        // Hashtable attrs = new Hashtable();        // Vector order = new Vector();        //        // attrs.put(X509Principal.C, "AU");        // attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");        // attrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");        // attrs.put(X509Principal.EmailAddress,        // "feedback-crypto@bouncycastle.org");        //        // order.addElement(X509Principal.C);        // order.addElement(X509Principal.O);        // order.addElement(X509Principal.OU);        // order.addElement(X509Principal.EmailAddress);        // new X509Principal(order, attrs)        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");        keyPairGen.initialize(1024);        KeyPair keyPair = keyPairGen.generateKeyPair();        PublicKey pubKey = keyPair.getPublic();        PrivateKey privKey = keyPair.getPrivate();        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();        certGen.setSerialNumber(BigInteger.valueOf(1));        certGen.setIssuerDN(new X509Principal(                "C=CN,ST=JS,L=SZ,CN=DL,EMAILADDRESS=feedback-crypto@bouncycastle.org,O=OR,OU=OU"));        certGen.setSubjectDN(new X509Principal(                "C=CN,ST=JS,L=SZ,CN=DL,EMAILADDRESS=feedback-crypto@bouncycastle.org,O=OR,OU=OU"));        certGen.setNotBefore(LocalDate.now().toDate());        certGen.setNotAfter(LocalDate.now().plusYears(100).toDate());        certGen.setPublicKey(pubKey);        // certGen.setSignatureAlgorithm("MD5withRSA");        certGen.setSignatureAlgorithm("SHA1withRSA");        Certificate cert = certGen.generateX509Certificate(privKey);        System.out.println(cert);    }}

在新的bouncy castle版本里，推荐使用的是另一个生成方法

X509v3CertificateBuilder是推荐使用的，需要导入另一个jar包bcpkix-jdk15on-1.54.jar

public class Test2 {    static {        Security.addProvider(new BouncyCastleProvider());    }    public static void main(String[] args) throws Exception {        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC");        keyPairGen.initialize(1024);        KeyPair keyPair = keyPairGen.generateKeyPair();        PublicKey pubKey = keyPair.getPublic();        PrivateKey privKey = keyPair.getPrivate();        String mySigAlgo = "Sha1withRSA";        SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo                .getInstance(pubKey.getEncoded());//      X500NameBuilder nameBuilder = new X500NameBuilder();//      nameBuilder.addRDN(BCStyle.C, "CN");//      nameBuilder.addRDN(BCStyle.ST, "JS");//      nameBuilder.addRDN(BCStyle.L, "SZ");//      nameBuilder.addRDN(BCStyle.CN, "DL");//      nameBuilder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");//      nameBuilder.addRDN(BCStyle.O, "O");//      nameBuilder.addRDN(BCStyle.OU, "OU");////      X500Name x500Name = nameBuilder.build();        X500Name x500Name = new X500Name("C=CN,ST=JS,L=SZ,CN=DL,EMAILADDRESS=feedback-crypto@bouncycastle.org,O=OR,OU=OU");        LocalDate now = LocalDate.now();        X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(                x500Name, new BigInteger(64, new SecureRandom()), new Date(                        now.toEpochDay()), new Date(now.plusYears(100)                        .toEpochDay()), x500Name, publicKeyInfo);        ContentSigner signer = new JcaContentSignerBuilder(mySigAlgo)                .build(privKey);        X509CertificateHolder certHolder = certBuilder.build(signer);        X509Certificate cert = (new JcaX509CertificateConverter())                .getCertificate(certHolder);        System.out.println(cert);    }}

0 0