可以使用J2SDK内部使用的sun.security.x509包中的X509CertImpl类来创建新的证书,该类的构造器中传入有关新的证书各种信息,如序列号、有效期、签发者等。最后使用X509CertImpl类的sign( )方法用CA的私钥进行签名。可以打印新的证书的信息,也可以将其保存在密钥库中。当然你也可以使用第三方工具如BouncyCastleProvider( http://www.bouncycastle.org/latest_releases.html)的包里面的+--org.bouncycastle.jce.X509V1CertificateGenerator
类来生成证书。
类来生成证书。
解决方案 »
- 一个面试题,该怎么做
- 跟新界面,是否要删除原有JComponent?
- 有段代码想了好久都不懂.请各位帮忙一下
- Graphics 和 Graphics2D有什么区别,不都是平面上的东西吗?
- 如何合并两个Map的value(key相同)?
- resin和mysql做的电影网站的cpu占用问题
- package问题
- 我使用list.iterator(),但是生成的iterator的游标不是从第一个开始,从哪里开始不一定,不知道为什么?
- 我在2000新裝的tomcat5,可是點菜單上的Start Tomcat5啟動時出了錯,請大家幫一下?
- javamail中关于发送邮件的协议、服务器、端口的问题,请多帮忙!
- 请问:Jwindows\Jdialog\JFrame各自有什么不同之处?
- 头痛的问题
下面是一个例子,你需要运行的化,用如java SignCertificate keystore ca mykey mykey_signedimport java.io.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X500Name;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateAlgorithmId;public class SignCertificate { // 你用来签名的算法
private static final String SIG_ALG_NAME = "MD5WithRSA"; // 有效期
private static final int VALIDITY = 365; /**
* Usage: SignCertificate keystore CAAlias certToSignAlias newAlias
*/
public static void main (String[] args) throws Exception { if (args.length != 4) {
System.err.println(
"Usage: java SignCertificate keystore CAAlias certToSignAlias newAlias");
System.exit(1);
} String keystoreFile = args[0];
String caAlias = args[1];
String certToSignAlias = args[2];
String newAlias = args[3];
BufferedReader in = new BufferedReader
(new InputStreamReader(System.in));
System.out.print("Keystore password: ");
char[] password = in.readLine().toCharArray();
System.out.print("CA (" + caAlias + ") password: ");
char[] caPassword = in.readLine().toCharArray();
System.out.print("Cert (" + certToSignAlias + ") password: ");
char[] certPassword = in.readLine().toCharArray();
FileInputStream input = new FileInputStream(keystoreFile);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(input, password);
input.close(); // 得到CA的私钥来签名
PrivateKey caPrivateKey = (PrivateKey)keyStore.getKey(caAlias, caPassword);
// 得到CA的证书
java.security.cert.Certificate caCert = keyStore.getCertificate(caAlias); // 创建 X509CertImpl 对象
byte[] encoded = caCert.getEncoded();
X509CertImpl caCertImpl = new X509CertImpl(encoded);
X509CertInfo caCertInfo = (X509CertInfo)caCertImpl.get
(X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)caCertInfo.get
(X509CertInfo.SUBJECT + "." + CertificateIssuerName.DN_NAME); //得到用CA签名的证书
java.security.cert.Certificate cert = keyStore.getCertificate(certToSignAlias);
PrivateKey privateKey = (PrivateKey)keyStore.getKey(certToSignAlias, certPassword);
encoded = cert.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded);
X509CertInfo certInfo = (X509CertInfo)certImpl.get
(X509CertImpl.NAME + "." + X509CertImpl.INFO);
Date firstDate = new Date();
Date lastDate = new Date(firstDate.getTime() + VALIDITY*24*60*60*1000L);
CertificateValidity interval = new CertificateValidity(firstDate, lastDate); certInfo.set(X509CertInfo.VALIDITY, interval); // 序列号
certInfo.set(X509CertInfo.SERIAL_NUMBER,
new CertificateSerialNumber((int)(firstDate.getTime()/1000))); // 发行者
certInfo.set(X509CertInfo.ISSUER +
"." + CertificateSubjectName.DN_NAME, issuer); AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
certInfo.set(CertificateAlgorithmId.NAME + "." +
CertificateAlgorithmId.ALGORITHM, algorithm);
X509CertImpl newCert = new X509CertImpl(certInfo); // 签名此证书
newCert.sign(caPrivateKey, SIG_ALG_NAME); keyStore.setKeyEntry(newAlias, privateKey, certPassword,
new java.security.cert.Certificate[] { newCert } ); // 保存在秘钥库种
FileOutputStream output = new FileOutputStream(keystoreFile);
keyStore.store(output, password);
output.close(); }
}