使用JAVA自带security,创建测试用的CSR证书请求文件
2017-09-25 11:16
561 查看
项目中要用到安全证书,生成CSR测试。
不多说,直接上干货。
1、什么是数字证书,这篇文章讲的不错,通俗易懂,简单明了。
http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
2、使用keytool自带命令生成相关证书。
http://www.cnblogs.com/SirSmith/p/4996392.html
这些是网上的一些例子,使用后,自己可以跟着做一遍。
3、用java来生成csr数据,格式如下
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICzDCCAbQCAQAwVzEOMAwGA1UEBhMFY2hpYW4xCzAJBgNVBAgTAmZ6MQswCQYDVQQHEwJmejEN
MAsGA1UEChMEeHlzajENMAsGA1UECxMEeHlzajENMAsGA1UEAxMEY2hlbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIxCstBDP+snnSRNK9lRKippsvii4wD/d/MZnx2oj0xG+9wIkQ+f
4lHJ8WsmtvoYGTgQSWXX/eEOusDzBN7ZcQpPqXDBEYwcIxaM1Mz6gm5JnpnrGKWKXSSbP9M2Uh/I
J6zjAJT0eyhL5kJg2rP/wxbUBqDTqwgU8W6bwGmDQg6jaJQU9YY7jyLv1dMH1QKx07RnfQtbzgca
yVPjrvPAY0kdppF5cqYnS0jNptbK6SI1iaaELVZRYbnn/eXtUbLntUP5iyRsjyCBYjdTvEBgOg11
uK/B39q0on1LSOAnO1tSZC8ZOOhaxiwxqfPDpYb/wugPAB/vp6S7SFWa5DZWPusCAwEAAaAwMC4G
CSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFAt7FLUGJBiuehAF3LiACcoHztzHMA0GCSqGSIb3DQEB
CwUAA4IBAQB4sp8UyWfAv1cdWYY4JqcPOAGqb3IapM8GTTMr6pROXsf3mRMSNhCHoBC0ykPfa5mL
PXlUR2m5zYcXuTBR0CoMR/wtUIsjikzbNThfnKX1DwtvrjxZmq9uaewEfDrez7MizteOMnIHcRFd
E/s4GxSNtjTgf5hRuxN08LG40m7QMr2Mqhl6yCWw4Q9fm+qrKASX9AyMe+r49zarOqMVOpATx0Tq
UCbl+wTekjny6c+N9GgbQlrtvlU0/QxypBkowosdKeuWFvS01wB8SbdOZorOvns3RBO9cRJc3Z8m
vrX/GC9wcrrCM/7MewpDJOzEcq1ycGLobU7I60BLF3jAH00R
-----END NEW CERTIFICATE REQUEST-----
相关代码
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jcajce.provider.keystore.PKCS12;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class StoreUtils {
public KeyPair kp = null;
public String password = "";
public String generateCSR(String alg,int size,String cn) throws NoSuchAlgorithmException, InvalidKeyException, IOException, CertificateException, SignatureException{
Security.addProvider(new BouncyCastleProvider());
String strCSR = "";
String sigAlg = "SHA1WithRSA";
try {
if (alg == null || alg.length() <= 0) {
sigAlg = "SHA1WithRSA";
} else {
sigAlg = alg;
int algSize = 2048;
if (size != 0) {
algSize = size;
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(algSize, new SecureRandom());
this.kp = kpg.generateKeyPair();
PublicKey publicKey = this.kp.getPublic();
PrivateKey privateKey = this.kp.getPrivate();
sun.security.pkcs.PKCS10 pkcs10 = new sun.security.pkcs.PKCS10(
publicKey);
//PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
String CN = "defaultUserName";
if (cn != null && cn.length() > 0) {
CN = cn;
}
String DN = "CN=" + CN + ",C= CN";
@SuppressWarnings("restriction")
sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name(
DN);
pkcs10.encodeAndSign(x500Name, signature);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos);
pkcs10.print(ps);
String strPEMCSR = baos.toString();
strCSR = strPEMCSR.replaceAll("\r|\n", "");
strCSR = strCSR.replaceAll(
"-----BEGIN NEW CERTIFICATE REQUEST-----", "");
strCSR = strCSR.replaceAll(
"-----END NEW CERTIFICATE REQUEST-----", "");
return strCSR;
}
} catch (Exception e) {
System.out.println(e.getMessage());
// TODO: handle exception
}
return strCSR;
}
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException, SignatureException, IOException {
StoreUtils StoreUtils = new StoreUtils();
System.out.println(StoreUtils.generateCSR("SHA1WithRSA",0,""));
}
}
用到的包 bcprov-ext-jdk15on-1.49.jar
不多说,直接上干货。
1、什么是数字证书,这篇文章讲的不错,通俗易懂,简单明了。
http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
2、使用keytool自带命令生成相关证书。
http://www.cnblogs.com/SirSmith/p/4996392.html
这些是网上的一些例子,使用后,自己可以跟着做一遍。
3、用java来生成csr数据,格式如下
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICzDCCAbQCAQAwVzEOMAwGA1UEBhMFY2hpYW4xCzAJBgNVBAgTAmZ6MQswCQYDVQQHEwJmejEN
MAsGA1UEChMEeHlzajENMAsGA1UECxMEeHlzajENMAsGA1UEAxMEY2hlbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIxCstBDP+snnSRNK9lRKippsvii4wD/d/MZnx2oj0xG+9wIkQ+f
4lHJ8WsmtvoYGTgQSWXX/eEOusDzBN7ZcQpPqXDBEYwcIxaM1Mz6gm5JnpnrGKWKXSSbP9M2Uh/I
J6zjAJT0eyhL5kJg2rP/wxbUBqDTqwgU8W6bwGmDQg6jaJQU9YY7jyLv1dMH1QKx07RnfQtbzgca
yVPjrvPAY0kdppF5cqYnS0jNptbK6SI1iaaELVZRYbnn/eXtUbLntUP5iyRsjyCBYjdTvEBgOg11
uK/B39q0on1LSOAnO1tSZC8ZOOhaxiwxqfPDpYb/wugPAB/vp6S7SFWa5DZWPusCAwEAAaAwMC4G
CSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFAt7FLUGJBiuehAF3LiACcoHztzHMA0GCSqGSIb3DQEB
CwUAA4IBAQB4sp8UyWfAv1cdWYY4JqcPOAGqb3IapM8GTTMr6pROXsf3mRMSNhCHoBC0ykPfa5mL
PXlUR2m5zYcXuTBR0CoMR/wtUIsjikzbNThfnKX1DwtvrjxZmq9uaewEfDrez7MizteOMnIHcRFd
E/s4GxSNtjTgf5hRuxN08LG40m7QMr2Mqhl6yCWw4Q9fm+qrKASX9AyMe+r49zarOqMVOpATx0Tq
UCbl+wTekjny6c+N9GgbQlrtvlU0/QxypBkowosdKeuWFvS01wB8SbdOZorOvns3RBO9cRJc3Z8m
vrX/GC9wcrrCM/7MewpDJOzEcq1ycGLobU7I60BLF3jAH00R
-----END NEW CERTIFICATE REQUEST-----
相关代码
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jcajce.provider.keystore.PKCS12;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class StoreUtils {
public KeyPair kp = null;
public String password = "";
public String generateCSR(String alg,int size,String cn) throws NoSuchAlgorithmException, InvalidKeyException, IOException, CertificateException, SignatureException{
Security.addProvider(new BouncyCastleProvider());
String strCSR = "";
String sigAlg = "SHA1WithRSA";
try {
if (alg == null || alg.length() <= 0) {
sigAlg = "SHA1WithRSA";
} else {
sigAlg = alg;
int algSize = 2048;
if (size != 0) {
algSize = size;
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(algSize, new SecureRandom());
this.kp = kpg.generateKeyPair();
PublicKey publicKey = this.kp.getPublic();
PrivateKey privateKey = this.kp.getPrivate();
sun.security.pkcs.PKCS10 pkcs10 = new sun.security.pkcs.PKCS10(
publicKey);
//PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
String CN = "defaultUserName";
if (cn != null && cn.length() > 0) {
CN = cn;
}
String DN = "CN=" + CN + ",C= CN";
@SuppressWarnings("restriction")
sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name(
DN);
pkcs10.encodeAndSign(x500Name, signature);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos);
pkcs10.print(ps);
String strPEMCSR = baos.toString();
strCSR = strPEMCSR.replaceAll("\r|\n", "");
strCSR = strCSR.replaceAll(
"-----BEGIN NEW CERTIFICATE REQUEST-----", "");
strCSR = strCSR.replaceAll(
"-----END NEW CERTIFICATE REQUEST-----", "");
return strCSR;
}
} catch (Exception e) {
System.out.println(e.getMessage());
// TODO: handle exception
}
return strCSR;
}
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException, SignatureException, IOException {
StoreUtils StoreUtils = new StoreUtils();
System.out.println(StoreUtils.generateCSR("SHA1WithRSA",0,""));
}
}
用到的包 bcprov-ext-jdk15on-1.49.jar
相关文章推荐
- IT咨询顾问:一次吐血的项目救火 java或判断优化小技巧 asp.net core Session的测试使用心得 【.NET架构】BIM软件架构02:Web管控平台后台架构 NetCore入门篇:(十一)NetCore项目读取配置文件appsettings.json 使用LINQ生成Where的SQL语句 js_jquery_创建cookie有效期问题_时区问题
- 使用java自带的java.util.logging创建日志类,支持保存日志到文件和mysql
- Java中使用密钥库和算法创建数字证书
- C#创建https请求并使用pfx证书
- java文件对象的创建和使用(本文章只是初学者的笔记)
- java中使用scoket模拟http post请求发送图片或文件
- java使用创建Word文件示例
- eclipse创建测试apk文件的测试工程,报错java.lang.NullPointerException
- 使用JAVA自带的zipInputStream进行解压缩文件包的操作
- 简化 Ajax 和 Java 开发,第 4 部分: 使用 JSP 标记文件创建 JSF 样式的组件
- 【零碎JAVA】使用jar命令创建可执行的jar文件
- 制作多域名(SAN/UCC)CSR(证书请求文件)
- Java中使用默认的密钥库和算法创建数字证书
- 使用JMeter进行性能测试(Java请求)
- 如何使用Keytool工具生成证书Keystore和证书签名请求文件?
- Web项目中使用java Struts2实现Zip、xml文件的动态创建和下载(Zip文件中动态存在多个xml文件)
- java-使用keytool来创建管理密钥及证书等-java学习笔记(3)
- 制作多域名(SAN/UCC)CSR(证书请求文件)
- 创建的permission java.security.AllPermission;文件,用于加密
- Java使用当前日期创建文件