真实的国产乱ⅩXXX66竹夫人,五月香六月婷婷激情综合,亚洲日本VA一区二区三区,亚洲精品一区二区三区麻豆

成都創(chuàng)新互聯(lián)網(wǎng)站制作重慶分公司

javaPKCS12證書生成

引入依賴

創(chuàng)新互聯(lián)公司專業(yè)為企業(yè)提供龍馬潭網(wǎng)站建設(shè)、龍馬潭做網(wǎng)站、龍馬潭網(wǎng)站設(shè)計(jì)、龍馬潭網(wǎng)站制作等企業(yè)網(wǎng)站建設(shè)、網(wǎng)頁(yè)設(shè)計(jì)與制作、龍馬潭企業(yè)網(wǎng)站模板建站服務(wù),10年龍馬潭做網(wǎng)站經(jīng)驗(yàn),不只是建網(wǎng)站,更提供有價(jià)值的思路和整體網(wǎng)絡(luò)服務(wù)。

                    
                            org.bouncycastle
                            bcprov-jdk15on
                            1.49
                    
                    
                            org.bouncycastle
                            bcpkix-jdk15on
                            1.49
                     

直接上代碼

package test;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.*;

/**
 * 成都一方思致科技有限公司
 *
 * @author 蔣昌寶
 * @version 1.0
 * @date 2019/8/23 9:26
 * @description 證書生成工具類
 * =========================================================================
 * 變更履歷:
 * -------------------------------------------------------------------------
 * 變更編號(hào)     變更時(shí)間    變更人   變更原因    變更內(nèi)容
 * -------------------------------------------------------------------------
 */

public class GenerateCertificateUtil {

private static KeyPair getKey() throws NoSuchAlgorithmException {
    // 密鑰對(duì) 生成器,RSA算法 生成的  提供者是 BouncyCastle
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA",  new BouncyCastleProvider());
    // 密鑰長(zhǎng)度 1024
    generator.initialize(1024);
    // 證書中的密鑰 公鑰和私鑰
    KeyPair keyPair = generator.generateKeyPair();
    return keyPair;
}

/**
 * @param password  密碼
 * @param issuerStr 頒發(fā)機(jī)構(gòu)信息
 * @param subjectStr 使用者信息
 * @param certificateCRL 頒發(fā)地址
 * @return
 */
public static Map createCert(String password, String issuerStr, String subjectStr, String certificateCRL) {

    Map result = new HashMap();
    ByteArrayOutputStream out = null;
    try {
        //  生成JKS證書
        //  KeyStore keyStore = KeyStore.getInstance("JKS");
        //  標(biāo)志生成PKCS12證書
        KeyStore keyStore = KeyStore.getInstance("PKCS12",  new BouncyCastleProvider());
        keyStore.load(null, null);
        KeyPair keyPair = getKey();
        //  issuer與 subject相同的證書就是CA證書
        Certificate cert = generateCertificateV3(issuerStr, subjectStr,  keyPair, result, certificateCRL, null);
        // cretkey隨便寫,標(biāo)識(shí)別名
        keyStore.setKeyEntry("cretkey",  keyPair.getPrivate(),  password.toCharArray(),  new Certificate[] { cert });
        out = new ByteArrayOutputStream();
        cert.verify(keyPair.getPublic());
        keyStore.store(out, password.toCharArray());
        byte[] keyStoreData = out.toByteArray();
        result.put("keyStoreData", keyStoreData);
        return result;
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (out != null) {
            try {
                out.close();
            } catch (IOException e) {
            }
        }
    }
    return result;
}

/**
 * @param issuerStr
 * @param subjectStr
 * @param keyPair
 * @param result
 * @param certificateCRL
 * @param extensions
 * @return
 */
public static Certificate generateCertificateV3(String issuerStr, String subjectStr, KeyPair keyPair, Map result,
                                                String certificateCRL, List extensions) {

    ByteArrayInputStream bout = null;
    X509Certificate cert = null;
    try {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        Date notBefore = new Date();
        Calendar rightNow = Calendar.getInstance();
        rightNow.setTime(notBefore);
        // 日期加1年
        rightNow.add(Calendar.YEAR, 1);
        Date notAfter = rightNow.getTime();
        // 證書序列號(hào)
        BigInteger serial = BigInteger.probablePrime(256, new Random());
        X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
                new X500Name(issuerStr), serial, notBefore, notAfter,new X500Name(subjectStr), publicKey);
        JcaContentSignerBuilder jBuilder = new JcaContentSignerBuilder( "SHA1withRSA");
        Secur刪除eRandom secur刪除eRandom = new Secur刪除eRandom();
        jBuilder.setSecur刪除eRandom(secur刪除eRandom);
        ContentSigner singer = jBuilder.setProvider(  new BouncyCastleProvider()).build(privateKey);
        // 分發(fā)點(diǎn)
        ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier( "2.5.29.31");
        GeneralName generalName = new GeneralName( GeneralName.uniformResourceIdentifier, certificateCRL);
        GeneralNames seneralNames = new GeneralNames(generalName);
        DistributionPointName distributionPoint = new DistributionPointName( seneralNames);
        DistributionPoint[] points = new DistributionPoint[1];
        points[0] = new DistributionPoint(distributionPoint, null, null);
        CRLDistPoint cRLDistPoint = new CRLDistPoint(points);
        builder.addExtension(cRLDistributionPoints, true, cRLDistPoint);
        // 用途
        ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier( "2.5.29.15");
        // | KeyUsage.nonRepudiation | KeyUsage.keyCertSign
        builder.addExtension(keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
        // 基本限制 X509Extension.java
        ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
        builder.addExtension(basicConstraints, true, new BasicConstraints(true));
        // privKey:使用自己的私鑰進(jìn)行簽名,CA證書
        if (extensions != null){
            for (Extension ext : extensions) {
                builder.addExtension(
                        new ASN1ObjectIdentifier(ext.getOid()),
                        ext.isCritical(),
                        ASN1Primitive.fromByteArray(ext.getValue()));
            }
        }
        X509CertificateHolder holder = builder.build(singer);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        bout = new ByteArrayInputStream(holder.toASN1Structure() .getEncoded());
        cert = (X509Certificate) cf.generateCertificate(bout);
        byte[] certBuf = holder.getEncoded();
        SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
        // 證書數(shù)據(jù)
        result.put("certificateData", certBuf);
        //公鑰
        result.put("publicKey", publicKey.getEncoded());
        //私鑰
        result.put("privateKey", privateKey.getEncoded());
        //證書有效開始時(shí)間
        result.put("notBefore", format.format(notBefore).getBytes("utf-8"));
        //證書有效結(jié)束時(shí)間
        result.put("notAfter", format.format(notAfter).getBytes("utf-8"));
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bout != null) {
            try {
                bout.close();
            } catch (IOException e) {
            }
        }
    }
    return cert;
}

class Extension {

    private String oid;
    private boolean critical;
    private byte[] value;

    public String getOid() {
        return oid;
    }

    public void setOid(String oid) {
        this.oid = oid;
    }

    public boolean isCritical() {
        return critical;
    }

    public void setCritical(boolean critical) {
        this.critical = critical;
    }

    public byte[] getValue() {
        return value;
    }

    public void setValue(byte[] value) {
        this.value = value;
    }
}

/**

  • 測(cè)試證書生成
  • @throws Exception
    */
    public static void main(String[] args) throws Exception{
    // CN: 名字與姓氏 OU : 組織單位名稱
    // O :組織名稱 L : 城市或區(qū)域名稱 E : 電子郵件
    // ST: 州或省份名稱 C: 單位的兩字母國(guó)-家代碼
    String issuerStr = "CN=jcb憑證,OU=研發(fā)部,O=jcb有限公司,C=CN,E=jcb@sina.com,L=北京,ST=北京";
    String subjectStr = "CN=jcb有限公司,OU=用戶,O=test,C=CN,E=jcb@sina.com,L=北京,ST=北京";
    String certificateCRL = "https://jcb.cn";
    Map result = GenerateCertificateUtil.createCert("123456", issuerStr, subjectStr, certificateCRL);
    // 生成.p12
    FileOutputStream outPutStream = new FileOutputStream("d:/keystore_jcb.p12");
    outPutStream.write(result.get("keyStoreData"));
    outPutStream.flush();
    outPutStream.close();
    //生成.cer頒發(fā)給用戶的證書
    // FileOutputStream fos = new FileOutputStream(new File("d:/zheng.cer"));
    // fos.write(result.get("certificateData"));
    // fos.flush();
    // fos.close();
    }

}


本文名稱:javaPKCS12證書生成
URL鏈接:http://weahome.cn/article/jjcoci.html

其他資訊

在線咨詢

微信咨詢

電話咨詢

028-86922220(工作日)

18980820575(7×24)

提交需求

返回頂部