如何通过jdk的api自动生成证书？

我曾经做过如下的尝试：（通过openssl的脚本来运行，代码如下）
/**
* 生成一个证书
* @param 编号
* @return 证书
*/
public byte[] createCertificate (String code) {
String cmdStr = SSLDirectory + "\\openssl req -new -out D:\\client\\"
+ code + "-req.csr -newkey rsa:1024 -keyout D:\\client\\"
+ code + "-key.pem -nodes -subj \"/CN=MyCompany/O="
+ code + "/C=CN/\" -config "
+ SSLDirectory + "\\openssl.cnf";
System.out.println(cmdStr);
Runtime rt = Runtime.getRuntime();
Process process = null;
//)生成用户CA私钥对,待签名证书
try {
process = rt.exec("cmd /c " + cmdStr);
process.waitFor();
//Thread.sleep(10000);

} catch (IOException e) {
e.printStackTrace();
return null;
} catch (InterruptedException e) {
e.printStackTrace();
return null;
}

cmdStr = SSLDirectory + "\\openssl x509 -req -in D:\\client\\"
+ code + "-req.csr -out D:\\client\\"
+ code + ".crt -CA "
+ SSLDirectory + "\\ca\\ca-cert.pem -CAkey "
+ SSLDirectory + "\\ca\\ca-key.pem -CAcreateserial -days 365"; //用CA私钥进行签名生成x509证书
try {
process = rt.exec("cmd /c " + cmdStr);
process.waitFor();
//Thread.sleep(10000);
} catch (IOException e) {
e.printStackTrace();
return null;
} catch (InterruptedException e) {
e.printStackTrace();
return null;
}

cmdStr = SSLDirectory + "\\openssl pkcs12 -export -clcerts -in D:\\client\\"
+ code + ".crt -inkey D:\\client\\"
+ code + "-key.pem -out D:\\client\\"
+ code + ".p12 -passout pass:\""
+ code + "112233\"";
System.out.println(cmdStr);
//生成用户p12证书
try {
process = rt.exec("cmd /c " + cmdStr);
process.waitFor();
//Thread.sleep(10000);
} catch (IOException e) {
e.printStackTrace();
return null;
} catch (InterruptedException e) {
e.printStackTrace();
return null;
} //read the p12 file and conver to byte array
String fileName = "D:\\client\\" + code + ".p12";
ByteArrayOutputStream baosCertificate = new ByteArrayOutputStream();
try {
FileInputStream fis = new FileInputStream(new File(fileName));
byte[] tmpBuff = new byte[128];
int len = 0;
while ((len = fis.read(tmpBuff)) != -1) {
baosCertificate.write(tmpBuff, 0, len);
}

} catch (IOException e) {
e.printStackTrace();
}

return baosCertificate.toByteArray();
}

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

我用java直接调用runtime.exec(openssl脚本)来生成待签名证书——〉同样的方法用CA的私钥签名——〉生成P12的证书因为生成证书需要一些时间，所以我需要等待（waitFor()）exec进程退出，但是却是永远也等不到！后来我就不用waitFor()等待，而是使用主进程sleep来等文件的生成，却发现只有主进程退出才会在那个目录底下生成文件。也就是说如果我将三步分别使用3个class文件，
通过java命令来依次执行的话，是能够成功的。btw，我试过通过线程来分别工作，也是不行的。所以我希望有人能给点帮助，直接使用jdk的api来做，欢迎大家来讨论！有分的哦。
谢谢tnyi提供的连接！现在问题暂时解决了。public synchronized String certCreate(String clientName){ String pkcs12Alias = clientName;
String pkcs12FileName = WORKINGDIR + "\\" + pkcs12Alias + ".p12";
char[] keyPassword = (clientName).toCharArray(); Security.addProvider(new BouncyCastleProvider());
//Security.addProvider((java.security.Provider)(Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider")));
InputStream jksInputStream = null;
try {
jksInputStream = new FileInputStream(KEYSTOREFILE);
System.out.println("Establish JKS InputStream to " +
KEYSTOREFILE);
} catch (FileNotFoundException e) {
e.printStackTrace();
} KeyStore jksKeyStore = null;
try {
jksKeyStore = KeyStore.getInstance("JKS", "SUN");
System.out.println("Create JKS KeyStore Object.");
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} //Load the keystore
try {
jksKeyStore.load(jksInputStream, KSPASSWORD.toCharArray());
System.out.println("Load JKS KeyStore.");
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} //Take a glance at all aliases from the keystore.
Enumeration aliases = null;
try {
aliases = jksKeyStore.aliases();
System.out.println("Got KeyStore aliases.");
} catch (KeyStoreException e) {
e.printStackTrace();
} //Shows all aliases from the keystore, only for info
while (aliases.hasMoreElements()) {
System.out.println("Has alias: " + aliases.nextElement());
}
//Get PrivateKey
RSAPrivateCrtKey jksPrivateCrtKey = null;
try {
jksPrivateCrtKey =
(RSAPrivateCrtKey) jksKeyStore.getKey(ALIASNAME, KSPASSWORD.toCharArray());
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} //Get Certificate
Certificate jksCert = null;
try {
jksCert = jksKeyStore.getCertificate(ALIASNAME);
} catch (KeyStoreException e) {
e.printStackTrace();
} //Get Certificate Chain
Certificate[] jksCerts = null;
try {
jksCerts = jksKeyStore.getCertificateChain(ALIASNAME);
} catch (KeyStoreException e) {
e.printStackTrace();
} //=====================================
// Create PKCS#12
//===================================== KeyStore pkcs12KeyStore = null;
try {
pkcs12KeyStore = KeyStore.getInstance("PKCS12", "BC");
System.out.println("Create PKCS#12 KeyStore Object.");
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} try {
pkcs12KeyStore.load(null, keyPassword);
System.out.println(
"Load a new fresh PKCS#12 KeyStore from scratch.");
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} try {
pkcs12KeyStore.setKeyEntry(pkcs12Alias, jksPrivateCrtKey,
keyPassword, jksCerts);
System.out.println("Add the RSA Private Crt Key and the " +
"Certificate Chain to the PKCS#12 KeyStore.");
} catch (KeyStoreException e) {
e.printStackTrace();
} OutputStream pkcs12OutputStream = null;
try {
pkcs12OutputStream = new FileOutputStream(pkcs12FileName);
System.out.println(
"Establish PKCS#12 OutputStream to " + pkcs12FileName);
} catch (FileNotFoundException e) {
e.printStackTrace();
} try {
pkcs12KeyStore.store(pkcs12OutputStream, keyPassword);
pkcs12OutputStream.flush();
pkcs12OutputStream.close();
System.out.println("Store PKCS#12 KeyStore: " + pkcs12FileName);
} catch (IOException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} //=====================================
// Reread the pkcs12KeyStore
//===================================== InputStream pkcs12InputStream = null;
try {
pkcs12InputStream = new FileInputStream(pkcs12FileName);
System.out.println(
"Establish PKCS#12 InputStream to " + pkcs12FileName);
} catch (FileNotFoundException e) {
e.printStackTrace();
} try {
pkcs12KeyStore.load(pkcs12InputStream, keyPassword);
System.out.println("Re-read the PKCS#12 KeyStore.");
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} //Get PrivateKey
RSAPrivateCrtKey pkcs12PrivateCrtKey = null;
try {
pkcs12PrivateCrtKey =
(RSAPrivateCrtKey) pkcs12KeyStore.getKey(pkcs12Alias, keyPassword);
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} //Get Certificate
Certificate pkcs12Cert = null;
try {
pkcs12Cert = pkcs12KeyStore.getCertificate(pkcs12Alias);
//System.out.println("Get Certificate from PKCS#12: " + pkcs12Cert);
} catch (KeyStoreException e) {
e.printStackTrace();
} //Get Certificate Chain
Certificate[] pkcs12Certs = null;
try {
pkcs12Certs = pkcs12KeyStore.getCertificateChain(pkcs12Alias);
System.out.println("Get Certificate Chain from PKCS#12, with " +
pkcs12Certs.length + " certs.");
} catch (KeyStoreException e) {
e.printStackTrace();
//System.exit(1);
}
return pkcs12FileName;
}