您的位置: 首页  >  IT文章  >  利用BC的X509v3CertificateBuilder组建X509证书

利用BC的X509v3CertificateBuilder组建X509证书

分类: IT文章 2022-04-16 00:20:30
利用BC的X509v3CertificateBuilder组装X509证书
// 设置开始日期和结束日期
		long year = 360 * 24 * 60 * 60 * 1000;
		Date notBefore = new Date();
		Date notAfter = new Date(notBefore.getTime() + year);

		// 设置颁发者和主题
		String issuerString = "CN=root,OU=单位,O=组织";
		X500Name issueDn = new X500Name(issuerString);
		X500Name subjectDn = new X500Name(issuerString);

		// 证书序列号
		BigInteger serail = BigInteger.probablePrime(32, new Random());

		
		//证书中的公钥
		KeyPair keyPair = null;
		try {
			keyPair = KeyPairGenerator.getInstance("RSA", bcProvider)
					.generateKeyPair();
		} catch (NoSuchAlgorithmException e1) {
			e1.printStackTrace();
		}
		PublicKey publicKey = keyPair.getPublic();
		PrivateKey privateKey = keyPair.getPrivate();

		//组装公钥信息
		SubjectPublicKeyInfo subjectPublicKeyInfo = null;
		try {
			subjectPublicKeyInfo = SubjectPublicKeyInfo
					.getInstance(new ASN1InputStream(publicKey.getEncoded())
							.readObject());
		} catch (IOException e1) {
			e1.printStackTrace();
		}

		
		//证书的签名数据
		final byte[] signatureData ;
		try {
			signature = Signature.getInstance("SHA1withRSA");
			signature.initSign(privateKey);
			signature.update(publicKey.getEncoded());
			signatureData = signature.sign();
		} catch (Exception e) {
			throw new RuntimeException(e.getMessage(),e);
		}

		//组装证书
		X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
				issueDn, serail, notBefore, notAfter, subjectDn,
				subjectPublicKeyInfo);
		
		//给证书签名
		X509CertificateHolder holder = builder.build(new ContentSigner() {
			ByteArrayOutputStream buf = new ByteArrayOutputStream();
			@Override
			public byte[] getSignature() {
				try {
					buf.write(signatureData);
				} catch (IOException e) {
					e.printStackTrace();
				}
				return signatureData;
			}

			@Override
			public OutputStream getOutputStream() {
				return buf;
			}

			@Override
			public AlgorithmIdentifier getAlgorithmIdentifier() {
				return AlgorithmIdentifier.getInstance(X509Util.getAlgorithmOID("SHA1withRSA"));
			}
		});
		try {
			byte[] certBuf = holder.getEncoded();
			X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certBuf));
			System.out.println(certificate);
			//证书base64编码字符串
			System.out.println(Base64.encode(certificate.getEncoded()));
		} catch (IOException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		}
 

相关推荐