Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
489 views
in Technique[技术] by (71.8m points)

x509certificate - Creating an X509 Certificate in Java without BouncyCastle?

Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Yes, but not with publicly documented classes. I've documented the process in this article.

import sun.security.x509.*;
import java.security.cert.*;
import java.security.*;
import java.math.BigInteger;
import java.util.Date;
import java.io.IOException

/**?
?* Create a self-signed X.509 Certificate
?* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
?* @param pair the KeyPair
?* @param days how many days from now the Certificate is valid for
?* @param algorithm the signing algorithm, eg "SHA1withRSA"
?*/?
X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
? throws GeneralSecurityException, IOException
{
? PrivateKey privkey = pair.getPrivate();
? X509CertInfo info = new X509CertInfo();
? Date from = new Date();
? Date to = new Date(from.getTime() + days * 86400000l);
? CertificateValidity interval = new CertificateValidity(from, to);
? BigInteger sn = new BigInteger(64, new SecureRandom());
? X500Name owner = new X500Name(dn);
?
? info.set(X509CertInfo.VALIDITY, interval);
? info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
? info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
? info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
? info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
? info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
? AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
? info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
?
? // Sign the cert to identify the algorithm that's used.
? X509CertImpl cert = new X509CertImpl(info);
? cert.sign(privkey, algorithm);
?
? // Update the algorith, and resign.
? algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
? info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
? cert = new X509CertImpl(info);
? cert.sign(privkey, algorithm);
? return cert;
} ??

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...