如何在Keystore上创建密钥库的证书?
[英]How to Create a Certificate on keystore to my KeyPair?
问题描述
How do I create a X509Certificate to my KeyPair? 
如何为我的KeyPair创建X509Certificate? (My class already has the KeyPair and I need to create a certificate which will hold my public key and then store it on a keystore). (我的班级已经拥有KeyPair,我需要创建一个证书,该证书将保存我的公钥,然后将其存储在密钥库中)。
I was expecting to have a X509Certificate constructor able to receive my public key and then store it through keystore.setEntry( pvtkey, cert) but I didnt find nothing useful to associate the new certificate and my key pair... 我希望有一个X509Certificate构造函数能够接收我的公钥,然后通过keystore.setEntry(pvtkey,cert)存储它,但我没有发现任何有用的关联新证书和我的密钥对...
Any idea? 任何想法?
Edit: I also tried to pass certificate chain as null but it doesn't work, it looks like a bug reported on http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=5866fda73ac1258fcfebef9c3234?bug_id=4906869 编辑:我也尝试将证书链传递为null但它不起作用,它看起来像http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=5866fda73ac1258fcfebef9c3234?bug_id=4906869上报告的错误
Thanks! 谢谢!
2 个解决方案
解决方案1
3 已采纳 2012-07-17 23:05:37
There is no Java class in Oracle Java to create an X509Certificate. Oracle Java中没有用于创建X509Certificate的Java类。 You either have to 你要么必须
- use the keytool program (easy, but it isn't java), or 使用keytool程序(简单,但它不是java),或
- write your own custom code (hard), 编写自己的自定义代码(硬),
- use a third party library like bouncycastle (relatively easy). 使用像bouncycastle这样的第三方库(相对简单)。
EDIT : 编辑:
As these entries can stay around for quite some time, I should add that the above statements apply to Java 7 and earlier. 由于这些条目可以保留一段时间,我应该补充一点,上述语句适用于Java 7及更早版本。
解决方案2
0 2017-08-29 04:37:55
Here is a related question with solution how to generate self-signed X509Certificate: link 以下是解决方案如何生成自签名X509Certificate: 链接的相关问题
Try to use BouncyCastle classes in this way: 尝试以这种方式使用BouncyCastle类:
// generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(4096, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// build a certificate generator
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal dnName = new X500Principal("cn=Example_CN");
// add some options
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(new X509Name("dc=Example_Name"));
certGen.setIssuerDN(dnName); // use the same
// yesterday
certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000));
// in 2 years
certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000));
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
// finally, sign the certificate with the private key of the same KeyPair
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
Remember to add Security Provider: 请记住添加安全提供程序:
Security.addProvider(new BouncyCastleProvider());
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.