java编程模式用CA给证书进行签名/签发证书
来源:互联网 发布:华为中级网络认 编辑:程序博客网 时间:2024/04/29 07:11
from http://www.myexception.cn/program/822758.html
ava编程方式用CA给证书进行签名/签发证书
这些代码首先加载CA证书,然后分别用CA给Alice和Bob签发一个证书并保存到resource/目录下面,用jks格式存储。
CA证书也是用java编程方式制作的,制作过程请看我的上一篇博客。
public static void main(String[] args) throws KeyStoreException,NoSuchAlgorithmException, CertificateException,FileNotFoundException, IOException, UnrecoverableEntryException {//读取CA证书的JKS文件KeyStore store = KeyStore.getInstance("JKS");File file = new File("resource/atlas-ca.jks");store.load(new FileInputStream(file), "atlas".toCharArray());PrivateKeyEntry ke = (PrivateKeyEntry) store.getEntry("atlas",new PasswordProtection("atlas".toCharArray()));String subject = "C=CN,ST=GuangDong,L=Shenzhen,O=Skybility,OU=Cloudbility,CN=Alice,E=alice@163.com";//给alice签发证书并存为xxx-alice.jks的文件gen(ke, subject, "alice");subject = "C=CN,ST=GuangDong,L=Shenzhen,O=Skybility,OU=Cloudbility,CN=Bob,E=Bob@gmail.com";//给Bob签发证书并存为xxx-bob.jks的文件gen(ke, subject, "bob");}//用KeyEntry形式存储一个私钥以及对应的证书,并把CA证书加入到它的信任证书列表里面。public static void store(PrivateKey key, Certificate cert,Certificate caCert, String name) throws KeyStoreException,NoSuchAlgorithmException, CertificateException, IOException {KeyStore store = KeyStore.getInstance("JKS");store.load(null, null);store.setKeyEntry(name, key, name.toCharArray(), new Certificate[] {cert, caCert });File file = new File("resource/atlas-" + name + ".jks");if (file.exists() || file.createNewFile()) {store.store(new FileOutputStream(file), ("_"+name).toCharArray());}}//用ke所代表的CA给subject签发证书,并存储到名称为name的jks文件里面。public static void gen(PrivateKeyEntry ke, String subject, String name) {try {X509Certificate caCert = (X509Certificate) ke.getCertificate();KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");kpg.initialize(2048);KeyPair keyPair = kpg.generateKeyPair();KeyStore store = KeyStore.getInstance("JKS");store.load(null, null);String issuer = caCert.getIssuerDN().toString();Certificate cert = generateV3(issuer, subject,BigInteger.ZERO, new Date(System.currentTimeMillis() - 1000* 60 * 60 * 24),new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24* 365 * 32), keyPair.getPublic(),//待签名的公钥ke.getPrivateKey()//CA的私钥, null);store(keyPair.getPrivate(), cert, ke.getCertificate(), name);} catch (Exception e) {e.printStackTrace();}}public static Certificate generateV3(String issuer, String subject,BigInteger serial, Date notBefore, Date notAfter,PublicKey publicKey, PrivateKey privKey, List<Extension> extensions)throws OperatorCreationException, CertificateException, IOException {X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(issuer), serial, notBefore, notAfter,new X500Name(subject), publicKey);ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);//privKey是CA的私钥,publicKey是待签名的公钥,那么生成的证书就是被CA签名的证书。if (extensions != null)for (Extension ext : extensions) {builder.addExtension(new ASN1ObjectIdentifier(ext.getOid()),ext.isCritical(),ASN1Primitive.fromByteArray(ext.getValue()));}X509CertificateHolder holder = builder.build(sigGen);CertificateFactory cf = CertificateFactory.getInstance("X.509");InputStream is1 = new ByteArrayInputStream(holder.toASN1Structure().getEncoded());X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1);is1.close();return theCert;}
1 0
- java编程模式用CA给证书进行签名/签发证书
- [置顶] java编程方式用CA给证书进行签名/签发证书
- 用CA给证书签名
- openssl如何制作自签名的CA证书,及利用CA签发证书
- 更改CA签发证书有效期
- 搭建CA,二级CA,和签发证书
- Java实现自签名证书,CA颁发证书
- 用openssl自做CA自签发SSL证书
- 用OpenSSL创建CA和签发证书,转换成java可以加载的jks
- Openssl生成CA及签发证书方法
- openssl部署构建CA及签发证书
- openssl 自建CA,并签发证书
- 建立自己的CA,签发证书
- OpenSSL 自建CA及签发证书
- 自做CA自签发SSL证书
- 使用openssl的CA签发证书,签名applet[换博客10年3月]
- 用openssl签发证书
- Tomcat6.0用第三方CA签发的证书作服务器证书的配置方法
- zookeeper的简单介绍
- 笔记二 习题2.26有符号和无符号引出的问题
- Android签名的一些事。
- Hibernate之hbm.xml文档配置——简
- bat学习笔记
- java编程模式用CA给证书进行签名/签发证书
- Linux中CP和SCP(远程拷贝)的介绍
- mybatis入门
- 每天一个数组函数
- Java 中的 ==, equals 与 hashCode 的区别与联系
- 树莓派3初始化
- 【JAVA笔记——器】Spring Aop 实现Log日志系统——基本实现
- 能容入团队开发成员必备的优秀习惯,提高效率的小技巧
- vulakn教程--Drawing a Triangle--Presentation--SwapChain