使用bouncycastle庫來制作證書(包括一個自簽名證書和為他人簽發(fā)證書)。

<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk15on</artifactId><version>1.54</version> </dependency>

?

import java.io.ByteArrayInputStream; import java.io.FileOutputStream; import java.io.OutputStream; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Enumeration;import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;public class CertMakeDemo {public static void main(String[] args) throws Exception {X500Name subject = new X500Name("CN=root, O=root, OU=root");KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");gen.initialize(1024);KeyPair pair = gen.generateKeyPair();X509Certificate certificate = signerSelf(subject, pair);System.out.println("證書：" + certificate);KeyStore pkcs12 = KeyStore.getInstance("PKCS12");pkcs12.load(null, null);pkcs12.setKeyEntry("root", pair.getPrivate(), "123456".toCharArray(), new Certificate[] { certificate });for (Enumeration<String> e = pkcs12.aliases(); e.hasMoreElements();) {String alias = e.nextElement();System.out.println(pkcs12.getCertificateChain(alias));System.out.println(pkcs12.getKey(alias, "123456".toCharArray()));}OutputStream out = new FileOutputStream("f:/temp/root.pfx");pkcs12.store(out, "123456".toCharArray());out.close();//root為張三簽發(fā)證書X500Name zsSubject = new X500Name("CN=張三, O=張三, OU=張三");gen = KeyPairGenerator.getInstance("RSA");gen.initialize(1024);KeyPair zsKeypair = gen.generateKeyPair();X509Certificate zsCertificate = signer(zsSubject, zsKeypair.getPublic(), certificate, pair.getPrivate());System.out.println("張三證書：" + zsCertificate);out = new FileOutputStream("f:/temp/zhangsan.cer");out.write(zsCertificate.getEncoded());out.close();}public static X509Certificate signer(X500Name subject, PublicKey subjectPublicKey,// X509Certificate issuerCert, PrivateKey issuerPrivateKey) throws Exception {X500Name issuer = X500Name.getInstance(issuerCert.getSubjectX500Principal().getEncoded());String signatureAlgorithm = issuerCert.getSigAlgName();return signer(subject, subjectPublicKey, issuer, issuerPrivateKey, signatureAlgorithm);}public static X509Certificate signerSelf(X500Name subject, KeyPair pair) throws Exception {String signatureAlgorithm = "SHA1With" + pair.getPrivate().getAlgorithm();return signer(subject, pair.getPublic(), subject, pair.getPrivate(), signatureAlgorithm);}public static X509Certificate signer(X500Name subject, PublicKey subjectPublicKey,//X500Name issuer, PrivateKey issuerPrivateKey, String signatureAlgorithm) throws Exception {BigInteger sn = new BigInteger(new SimpleDateFormat("yyyyMMdd").format(new Date()));Date notBefore = new Date();Date notAfter = new Date(notBefore.getTime() + 365L * 24 * 60 * 60 * 1000);SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded());ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(issuerPrivateKey);X509v3CertificateBuilder builder = new X509v3CertificateBuilder(//issuer, sn, notBefore, notAfter, subject, publicKeyInfo);byte[] certBytes = builder.build(signer).getEncoded();X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509")//.generateCertificate(new ByteArrayInputStream(certBytes));return certificate;} }

?

?

總結(jié)

以上是生活随笔為你收集整理的证书制作的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。