Java 生成数字证书系列(三)生成数字证书
序
正文
<span style="font-family:Comic Sans MS;font-size:12px;">package com.cacss.jsceu.context; /** * Created With IntelliJ IDEA. * * @author : lee * @group : sic-ca * @Date : 2014/12/30 * @Comments : 配置接口 * @Version : 1.0.0 */ public interface CAConfig { /** * C */ String CA_C = "CN"; /** * ST */ String CA_ST = "BJ"; /** * L */ String CA_L = "BJ"; /** */ String CA_O = "SICCA"; /** * CA_ROOT_ISSUER */ String CA_ROOT_ISSUER="C=CN,ST=BJ,L=BJ,O=SICCA,OU=SC,CN=SICCA"; /** * CA_DEFAULT_SUBJECT */ String CA_DEFAULT_SUBJECT="C=CN,ST=BJ,L=BJ,O=SICCA,OU=SC,CN="; String CA_SHA="SHA256WithRSAEncryption"; }</span>
<span style="font-family:Comic Sans MS;font-size:12px;">package com.cacss.jsceu.test; import com.cacss.jsceu.context.CAConfig; import com.cacss.jsceu.util.CertUtil; import com.cacss.jsceu.util.DateUtil; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.x509.X509V3CertificateGenerator; import javax.security.auth.x500.X500Principal; import java.security.*; import java.security.cert.X509Certificate; /** * Created With IntelliJ IDEA. * * @author : lee * @group : sic-ca * @Date : 2014/12/30 * @Comments : 证书类 * @Version : 1.0.0 */ @SuppressWarnings("all") public class BaseCert { /** * BouncyCastleProvider */ static { Security.addProvider(new BouncyCastleProvider()); } /** * */ protected static KeyPairGenerator kpg = null; /** * */ public BaseCert() { try { // 采用 RSA 非对称算法加密 kpg = KeyPairGenerator.getInstance("RSA"); // 初始化为 1023 位 kpg.initialize(1024); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } /** * 生成 X509 证书 * @param user * @return */ public X509Certificate generateCert(String user) { X509Certificate cert = null; try { KeyPair keyPair = this.kpg.generateKeyPair(); // 公钥 PublicKey pubKey = keyPair.getPublic(); // 私钥 PrivateKey priKey = keyPair.getPrivate(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); // 设置序列号 certGen.setSerialNumber(CertUtil.getNextSerialNumber()); // 设置颁发者 certGen.setIssuerDN(new X500Principal(CAConfig.CA_ROOT_ISSUER)); // 设置有效期 certGen.setNotBefore(DateUtil.getCurrDate()); certGen.setNotAfter(DateUtil.getNextYear()); // 设置使用者 certGen.setSubjectDN(new X500Principal(CAConfig.CA_DEFAULT_SUBJECT + user)); // 公钥 certGen.setPublicKey(pubKey); // 签名算法 certGen.setSignatureAlgorithm(CAConfig.CA_SHA); cert = certGen.generateX509Certificate(priKey, "BC"); } catch (Exception e) { System.out.println(e.getClass() + e.getMessage()); } return cert; } }</span>
<span style="font-family:Comic Sans MS;font-size:12px;">package com.cacss.jsceu.test; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; /** * Created With IntelliJ IDEA. * * @author : lee * @group : sic-ca * @Date : 2014/12/30 * @Comments : 测试证书类 * @Version : 1.0.0 */ public class GenerateCa { private static String certPath = "d:/lee.cer"; public static void main(String[] args) { BaseCert baseCert = new BaseCert(); X509Certificate cert = baseCert.generateCert("Lee"); System.out.println(cert.toString()); // 导出为 cer 证书 try { FileOutputStream fos = new FileOutputStream(certPath); fos.write(cert.getEncoded()); fos.close(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (CertificateEncodingException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } }</span>
效果图
<span style="font-family:Microsoft YaHei;font-size:12px;">Version: 3 SerialNumber: 1419920991041 IssuerDN: CN=SICCA,OU=SC,O=SICCA,L=BJ,ST=BJ,C=CN Start Date: Tue Dec 30 14:29:51 CST 2014 Final Date: Wed Dec 30 14:29:51 CST 2015 SubjectDN: CN=Lee,OU=SC,O=SICCA,L=BJ,ST=BJ,C=CN Public Key: RSA Public Key modulus: a9d5cc7de42c9afb468d7eb493bc69721443c0734edcb170ff13e062cc1b8d12e92edd347403d702288c5094ef2d0b2e811e0ee779a5e0a0cb7d5c75f30c5063eaa87aae7ba06bb3cf6ce6b0a5b0cd0cc2756255aff91fb09266b5dbbb6af491b5313947529d6a1fc30b9407ba1059bae909226c34e196b53c757a5826ffe147 public exponent: 10001 Signature Algorithm: SHA256WITHRSA Signature: 8b8b725292147e9dbe8054ed99453386e1e6ba3d 8248b31a2dcb477900005207c039898dd2af4675 310471d3097f1aa3b6ff7e197f2ccf292dcd8ad1 ce6f19204a54a2dc8fe1fe118eaf81004ad06c7c a04631f8a376272ddda5d4ae4980a1e2a3ee444e a6b80a8532358f5e1a1b82c6a54ea2e36a02d3ea 8758c799df308d78</span>
结束语
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。