利用BC的X509v3CertificateBuilder组建X509证书

利用BC的X509v3CertificateBuilder组装X509证书
// 设置开始日期和结束日期long year = 360 * 24 * 60 * 60 * 1000;Date notBefore = new Date();Date notAfter = new Date(notBefore.getTime() + year);// 设置颁发者和主题String issuerString = "CN=root,OU=单位,O=组织";X500Name issueDn = new X500Name(issuerString);X500Name subjectDn = new X500Name(issuerString);// 证书序列号BigInteger serail = BigInteger.probablePrime(32, new Random());//证书中的公钥KeyPair keyPair = null;try {keyPair = KeyPairGenerator.getInstance("RSA", bcProvider).generateKeyPair();} catch (NoSuchAlgorithmException e1) {e1.printStackTrace();}PublicKey publicKey = keyPair.getPublic();PrivateKey privateKey = keyPair.getPrivate();//组装公钥信息SubjectPublicKeyInfo subjectPublicKeyInfo = null;try {subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(publicKey.getEncoded()).readObject());} catch (IOException e1) {e1.printStackTrace();}//证书的签名数据final byte[] signatureData ;try {signature = Signature.getInstance("SHA1withRSA");signature.initSign(privateKey);signature.update(publicKey.getEncoded());signatureData = signature.sign();} catch (Exception e) {throw new RuntimeException(e.getMessage(),e);}//组装证书X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issueDn, serail, notBefore, notAfter, subjectDn,subjectPublicKeyInfo);//给证书签名X509CertificateHolder holder = builder.build(new ContentSigner() {ByteArrayOutputStream buf = new ByteArrayOutputStream();@Overridepublic byte[] getSignature() {try {buf.write(signatureData);} catch (IOException e) {e.printStackTrace();}return signatureData;}@Overridepublic OutputStream getOutputStream() {return buf;}@Overridepublic AlgorithmIdentifier getAlgorithmIdentifier() {return AlgorithmIdentifier.getInstance(X509Util.getAlgorithmOID("SHA1withRSA"));}});try {byte[] certBuf = holder.getEncoded();X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certBuf));System.out.println(certificate);//证书base64编码字符串System.out.println(Base64.encode(certificate.getEncoded()));} catch (IOException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();}
利用BC的X509v3CertificateBuilder组建

热点推荐
