您的位置:首页 > 编程语言 > Java开发

java生成数字证书(一、公钥数字证书)

2015-05-16 17:25 411 查看
这一段时间做毕业设计,要生成数字证书,于是学习了相关知识,这儿和大家分享一下。

首先介绍一下数字证书的分类,数字证书分为两种:公钥数字证书(cer)和私钥数字证书(pfx),顾名思义cer就是只含有公钥的数字证书,pfx则含有私钥。

1.生成公钥数字证书

需要导入bouncycastle-jce-jdk13-112.jar

package ca;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class MyCert {
static {
Security.addProvider(new BouncyCastleProvider());
}
/**
* 根据seed产生密钥对
* @param seed
* @return
* @throws NoSuchAlgorithmException
*/
public KeyPair generateKeyPair(int seed) throws NoSuchAlgorithmException {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024, new SecureRandom(new byte[seed]));
KeyPair keyPair = kpg.generateKeyPair();
return keyPair;
}

/**
* 产生数字公钥证书
* String[] info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}
* @throws SignatureException
* @throws SecurityException
* @throws NoSuchProviderException
* @throws InvalidKeyException
*/
public X509Certificate generateCert(String[] info, KeyPair keyPair_root,KeyPair keyPair_user) throws InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X509Certificate cert = null;
certGen.setSerialNumber(new BigInteger(info[8]));
certGen.setIssuerDN(new X509Name(
"CN=huahua, OU=hnu, O=university , C=china"));
certGen.setNotBefore(new Date(Long.parseLong(info[6])));
certGen.setNotAfter(new Date(Long.parseLong(info[7])));
certGen.setSubjectDN(new X509Name("C=" + info[0] + ",OU=" + info[1]
+ ",O=" + info[2] + ",C=" + info[3] + ",L=" + info[4] + ",ST="
+ info[3]));
certGen.setPublicKey(keyPair_user.getPublic());
certGen.setSignatureAlgorithm("SHA1WithRSA");
cert = certGen.generateX509Certificate(keyPair_root.getPrivate(), "BC");
return cert;
}
/**
* 在D盘产生公钥数字证书了
* @param args
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws NoSuchProviderException
* @throws SecurityException
* @throws SignatureException
* @throws CertificateEncodingException
* @throws IOException
*/
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException, CertificateEncodingException, IOException{
MyCert myCert = new MyCert();
KeyPair keyPair_root = myCert.generateKeyPair(10);
KeyPair keyPair_user = myCert.generateKeyPair(100);
String[] info = {"huahua_user","hnu","university","china","hunan","changsha","111111","11111111","1"};
X509Certificate cert = myCert.generateCert(info, keyPair_root, keyPair_user);
String certPath = "d:/"+info[0]+".cer";
FileOutputStream fos = new FileOutputStream(certPath);
fos.write(cert.getEncoded());
fos.close();
}
}


代码结果如下,有图有真相



写到这儿先休息一下,下一期再说私钥数字证书。88
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  java 证书
相关文章推荐
新的分享
章节导航