溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

java PKCS12 證書生成

發(fā)布時間:2020-04-07 00:45:18 來源:網絡 閱讀:595 作者:北極冷冷冷 欄目:編程語言

引入依賴

                    <dependency>
                            <groupId>org.bouncycastle</groupId>
                            <artifactId>bcprov-jdk15on</artifactId>
                            <version>1.49</version>
                    </dependency>
                    <dependency>
                            <groupId>org.bouncycastle</groupId>
                            <artifactId>bcpkix-jdk15on</artifactId>
                            <version>1.49</version>
                    </dependency>

直接上代碼

package test;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.*;

/**
 * 成都一方思致科技有限公司
 *
 * @author 蔣昌寶
 * @version 1.0
 * @date 2019/8/23 9:26
 * @description 證書生成工具類
 * =========================================================================
 * 變更履歷:
 * -------------------------------------------------------------------------
 * 變更編號     變更時間    變更人   變更原因    變更內容
 * -------------------------------------------------------------------------
 */

public class GenerateCertificateUtil {

private static KeyPair getKey() throws NoSuchAlgorithmException {
    // 密鑰對 生成器,RSA算法 生成的  提供者是 BouncyCastle
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA",  new BouncyCastleProvider());
    // 密鑰長度 1024
    generator.initialize(1024);
    // 證書中的密鑰 公鑰和私鑰
    KeyPair keyPair = generator.generateKeyPair();
    return keyPair;
}

/**
 * @param password  密碼
 * @param issuerStr 頒發(fā)機構信息
 * @param subjectStr 使用者信息
 * @param certificateCRL 頒發(fā)地址
 * @return
 */
public static Map<String, byte[]> createCert(String password, String issuerStr, String subjectStr, String certificateCRL) {

    Map<String, byte[]> result = new HashMap<String, byte[]>();
    ByteArrayOutputStream out = null;
    try {
        //  生成JKS證書
        //  KeyStore keyStore = KeyStore.getInstance("JKS");
        //  標志生成PKCS12證書
        KeyStore keyStore = KeyStore.getInstance("PKCS12",  new BouncyCastleProvider());
        keyStore.load(null, null);
        KeyPair keyPair = getKey();
        //  issuer與 subject相同的證書就是CA證書
        Certificate cert = generateCertificateV3(issuerStr, subjectStr,  keyPair, result, certificateCRL, null);
        // cretkey隨便寫,標識別名
        keyStore.setKeyEntry("cretkey",  keyPair.getPrivate(),  password.toCharArray(),  new Certificate[] { cert });
        out = new ByteArrayOutputStream();
        cert.verify(keyPair.getPublic());
        keyStore.store(out, password.toCharArray());
        byte[] keyStoreData = out.toByteArray();
        result.put("keyStoreData", keyStoreData);
        return result;
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (out != null) {
            try {
                out.close();
            } catch (IOException e) {
            }
        }
    }
    return result;
}

/**
 * @param issuerStr
 * @param subjectStr
 * @param keyPair
 * @param result
 * @param certificateCRL
 * @param extensions
 * @return
 */
public static Certificate generateCertificateV3(String issuerStr, String subjectStr, KeyPair keyPair, Map<String, byte[]> result,
                                                String certificateCRL, List<Extension> extensions) {

    ByteArrayInputStream bout = null;
    X509Certificate cert = null;
    try {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        Date notBefore = new Date();
        Calendar rightNow = Calendar.getInstance();
        rightNow.setTime(notBefore);
        // 日期加1年
        rightNow.add(Calendar.YEAR, 1);
        Date notAfter = rightNow.getTime();
        // 證書序列號
        BigInteger serial = BigInteger.probablePrime(256, new Random());
        X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
                new X500Name(issuerStr), serial, notBefore, notAfter,new X500Name(subjectStr), publicKey);
        JcaContentSignerBuilder jBuilder = new JcaContentSignerBuilder( "SHA1withRSA");
        Secur刪除eRandom secur刪除eRandom = new Secur刪除eRandom();
        jBuilder.setSecur刪除eRandom(secur刪除eRandom);
        ContentSigner singer = jBuilder.setProvider(  new BouncyCastleProvider()).build(privateKey);
        // 分發(fā)點
        ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier( "2.5.29.31");
        GeneralName generalName = new GeneralName( GeneralName.uniformResourceIdentifier, certificateCRL);
        GeneralNames seneralNames = new GeneralNames(generalName);
        DistributionPointName distributionPoint = new DistributionPointName( seneralNames);
        DistributionPoint[] points = new DistributionPoint[1];
        points[0] = new DistributionPoint(distributionPoint, null, null);
        CRLDistPoint cRLDistPoint = new CRLDistPoint(points);
        builder.addExtension(cRLDistributionPoints, true, cRLDistPoint);
        // 用途
        ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier( "2.5.29.15");
        // | KeyUsage.nonRepudiation | KeyUsage.keyCertSign
        builder.addExtension(keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
        // 基本限制 X509Extension.java
        ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
        builder.addExtension(basicConstraints, true, new BasicConstraints(true));
        // privKey:使用自己的私鑰進行簽名,CA證書
        if (extensions != null){
            for (Extension ext : extensions) {
                builder.addExtension(
                        new ASN1ObjectIdentifier(ext.getOid()),
                        ext.isCritical(),
                        ASN1Primitive.fromByteArray(ext.getValue()));
            }
        }
        X509CertificateHolder holder = builder.build(singer);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        bout = new ByteArrayInputStream(holder.toASN1Structure() .getEncoded());
        cert = (X509Certificate) cf.generateCertificate(bout);
        byte[] certBuf = holder.getEncoded();
        SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
        // 證書數(shù)據(jù)
        result.put("certificateData", certBuf);
        //公鑰
        result.put("publicKey", publicKey.getEncoded());
        //私鑰
        result.put("privateKey", privateKey.getEncoded());
        //證書有效開始時間
        result.put("notBefore", format.format(notBefore).getBytes("utf-8"));
        //證書有效結束時間
        result.put("notAfter", format.format(notAfter).getBytes("utf-8"));
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bout != null) {
            try {
                bout.close();
            } catch (IOException e) {
            }
        }
    }
    return cert;
}

class Extension {

    private String oid;
    private boolean critical;
    private byte[] value;

    public String getOid() {
        return oid;
    }

    public void setOid(String oid) {
        this.oid = oid;
    }

    public boolean isCritical() {
        return critical;
    }

    public void setCritical(boolean critical) {
        this.critical = critical;
    }

    public byte[] getValue() {
        return value;
    }

    public void setValue(byte[] value) {
        this.value = value;
    }
}

/**

  • 測試證書生成
  • @throws Exception
    */
    public static void main(String[] args) throws Exception{
    // CN: 名字與姓氏 OU : 組織單位名稱
    // O :組織名稱 L : 城市或區(qū)域名稱 E : 電子郵件
    // ST: 州或省份名稱 C: 單位的兩字母國-家代碼
    String issuerStr = "CN=jcb憑證,OU=研發(fā)部,O=jcb有限公司,C=CN,E=jcb@sina.com,L=北京,ST=北京";
    String subjectStr = "CN=jcb有限公司,OU=用戶,O=test,C=CN,E=jcb@sina.com,L=北京,ST=北京";
    String certificateCRL = "https://jcb.cn";
    Map<String, byte[]> result = GenerateCertificateUtil.createCert("123456", issuerStr, subjectStr, certificateCRL);
    // 生成.p12
    FileOutputStream outPutStream = new FileOutputStream("d:/keystore_jcb.p12");
    outPutStream.write(result.get("keyStoreData"));
    outPutStream.flush();
    outPutStream.close();
    //生成.cer頒發(fā)給用戶的證書
    // FileOutputStream fos = new FileOutputStream(new File("d:/zheng.cer"));
    // fos.write(result.get("certificateData"));
    // fos.flush();
    // fos.close();
    }

}

向AI問一下細節(jié)

免責聲明:本站發(fā)布的內容(圖片、視頻和文字)以原創(chuàng)、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關證據(jù),一經查實,將立刻刪除涉嫌侵權內容。

AI