利用BC的X509v3CertificateBuilder组装X509证书

于 2011-11-22 17:38:03 发布
阅读量547 收藏
点赞数
分类专栏: java基础 PKI行业 文章标签: bouncycastle X509 证书 组装 X509v3CertificateBuilder 
// 设置开始日期和结束日期
		long year = 360 * 24 * 60 * 60 * 1000;
		Date notBefore = new Date();
		Date notAfter = new Date(notBefore.getTime() + year);

		// 设置颁发者和主题
		String issuerString = "CN=root,OU=单位,O=组织";
		X500Name issueDn = new X500Name(issuerString);
		X500Name subjectDn = new X500Name(issuerString);

		// 证书序列号
		BigInteger serail = BigInteger.probablePrime(32, new Random());

		
		//证书中的公钥
		KeyPair keyPair = null;
		try {
			keyPair = KeyPairGenerator.getInstance("RSA", bcProvider)
					.generateKeyPair();
		} catch (NoSuchAlgorithmException e1) {
			e1.printStackTrace();
		}
		PublicKey publicKey = keyPair.getPublic();
		PrivateKey privateKey = keyPair.getPrivate();

		//组装公钥信息
		SubjectPublicKeyInfo subjectPublicKeyInfo = null;
		try {
			subjectPublicKeyInfo = SubjectPublicKeyInfo
					.getInstance(new ASN1InputStream(publicKey.getEncoded())
							.readObject());
		} catch (IOException e1) {
			e1.printStackTrace();
		}

		
		//证书的签名数据
		final byte[] signatureData ;
		try {
			signature = Signature.getInstance("SHA1withRSA");
			signature.initSign(privateKey);
			signature.update(publicKey.getEncoded());
			signatureData = signature.sign();
		} catch (Exception e) {
			throw new RuntimeException(e.getMessage(),e);
		}

		//组装证书
		X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
				issueDn, serail, notBefore, notAfter, subjectDn,
				subjectPublicKeyInfo);
		
		//给证书签名
		X509CertificateHolder holder = builder.build(new ContentSigner() {
			ByteArrayOutputStream buf = new ByteArrayOutputStream();
			@Override
			public byte[] getSignature() {
				try {
					buf.write(signatureData);
				} catch (IOException e) {
					e.printStackTrace();
				}
				return signatureData;
			}

			@Override
			public OutputStream getOutputStream() {
				return buf;
			}

			@Override
			public AlgorithmIdentifier getAlgorithmIdentifier() {
				return AlgorithmIdentifier.getInstance(X509Util.getAlgorithmOID("SHA1withRSA"));
			}
		});
		try {
			byte[] certBuf = holder.getEncoded();
			X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certBuf));
			System.out.println(certificate);
			//证书base64编码字符串
			System.out.println(Base64.encode(certificate.getEncoded()));
		} catch (IOException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		}
 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值