java 生成证书和签发证书(纯代码,编译通过)

最新推荐文章于 2023-07-03 22:33:59 发布
最新推荐文章于 2023-07-03 22:33:59 发布
阅读量8.1k 收藏 15
点赞数 1
分类专栏: Java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xiuye2015/article/details/54585277
版权 
package com.xiuye.cert;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;

import com.xiuye.cert.bean.KeyStoreInfo;
import com.xiuye.cert.bean.SignedCertInfo;

import sun.security.x509.AlgorithmId;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

public class DigitalCertificateGenerator {

	public static final String KEY_STORE_TYPE_JKS = "jks";
	public static final String KEY_STORE_TYPE_PKCS12 = "pkcs12";
	public static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
	public static final String SECURE_RANDOM_PROVIDER = "SUN";
	public static final String SIGN_ALGORITHM_SHA256 = "sha256WithRSA";
	public static final String SIGN_ALGORITHM_MD5 = "MD5WithRSA";
	public static final String KEY_PAIR_ALGORITHM_RSA = "RSA";

	public static void signCertPFXForSubject(SignedCertInfo signedCertInfo) {
		try {
			X500Name subject = new X500Name("CN=" + signedCertInfo.getCN()
					+ ",OU=" + signedCertInfo.getOU() + ",O="
					+ signedCertInfo.getO() + ",L=" + signedCertInfo.getL()
					+ ",ST=" + signedCertInfo.getST() + ",C="
					+ signedCertInfo.getC());

			issueSignedCert(signedCertInfo.getKeyStorePath(),
					signedCertInfo.getKeyStorePass(), KEY_STORE_TYPE_PKCS12,
					signedCertInfo.getIssuerAlias(),
					signedCertInfo.getIssuerAliasPass(),
					signedCertInfo.getSubjectAlias(),
					signedCertInfo.getSubjectAliasPass(), subject,
					signedCertInfo.getValidity(),
					signedCertInfo.getSubjectPath());
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

	public static void signCertJKSForSubject(SignedCertInfo signedCertInfo) {
		try {
			X500Name subject = new X500Name("CN=" + signedCertInfo.getCN()
					+ ",OU=" + signedCertInfo.getOU() + ",O="
					+ signedCertInfo.getO() + ",L=" + signedCertInfo.getL()
					+ ",ST=" + signedCertInfo.getST() + ",C="
					+ signedCertInfo.getC());

			issueSignedCert(signedCertInfo.getKeyStorePath(),
					signedCertInfo.getKeyStorePass(), KEY_STORE_TYPE_JKS,
					signedCertInfo.getIssuerAlias(),
					signedCertInfo.getIssuerAliasPass(),
					signedCertInfo.getSubjectAlias(),
					signedCertInfo.getSubjectAliasPass(), subject,
					signedCertInfo.getValidity(),
					signedCertInfo.getSubjectPath());
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

	public static void issueSignedCert(String keyStorePath,
			String keyStorePass, String keyStoreType, String issuerAlias,
			String issuerAliasPass, String subjectAlias,
			String subjectAliasPass, X500Name subject, int validity,
			String subjectPath) {

		FileOutputStream fos = null;
		FileOutputStream keyStoreFos = null;

		FileInputStream fis = null;

		try {
			fis = new FileInputStream(keyStorePath);
			KeyStore ks = KeyStore.getInstance(keyStoreType);
			ks.load(fis, keyStorePass.toCharArray());

			X509Certificate issuerCert = (X509Certificate) ks
					.getCertificate(issuerAlias);
			X509CertImpl issuerCertImpl = new X509CertImpl(
					issuerCert.getEncoded());
			X509CertInfo issuerCertInfo = (X509CertInfo) issuerCertImpl
					.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);

			X500Name issuer = (X500Name) issuerCertInfo
					.get(X509CertInfo.SUBJECT + "."
							+ CertificateIssuerName.DN_NAME);
			PrivateKey pk = (PrivateKey) ks.getKey(issuerAlias,
					issuerAliasPass.toCharArray());

			CertAndKeyGen cakg = new CertAndKeyGen(KEY_PAIR_ALGORITHM_RSA,
					SIGN_ALGORITHM_SHA256);
			SecureRandom sr = SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM,
					SECURE_RANDOM_PROVIDER);
			cakg.setRandom(sr);
			cakg.generate(2048);

			X509CertInfo info = new X509CertInfo();
			info.set(X509CertInfo.VERSION, new CertificateVersion(
					CertificateVersion.V3));
			info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
					new Random().nextInt() & 0x7fffffff));

			AlgorithmId aid = AlgorithmId.get(SIGN_ALGORITHM_SHA256);
			info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(aid));
			info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
			info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
			info.set(X509CertInfo.KEY,
					new CertificateX509Key(cakg.getPublicKey()));
			Date fistDate = new Date();
			Date lastDate = new Date();
			lastDate.setTime(fistDate.getTime()
					+ (validity * 24L * 60L * 60L * 1000));
			CertificateValidity interval = new CertificateValidity(fistDate,
					lastDate);
			info.set(X509CertInfo.VALIDITY, interval);

			X509CertImpl cert = new X509CertImpl(info);

			cert.sign(pk, SIGN_ALGORITHM_SHA256);

			X509Certificate subjectCert = cert;

			X509Certificate[] chain = new X509Certificate[] { subjectCert,
					issuerCert };

			ks.setKeyEntry(subjectAlias, cakg.getPrivateKey(),
					subjectAliasPass.toCharArray(), chain);

			keyStoreFos = new FileOutputStream(keyStorePath);

			ks.store(keyStoreFos, keyStorePass.toCharArray());

			fos = new FileOutputStream(subjectPath);

			fos.write(cert.getEncoded());
			fos.flush();

		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (SignatureException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		}

		finally {
			try {
				if (fos != null) {
					fos.close();
				}
				if (fis != null) {
					fis.close();
				}
				if (keyStoreFos != null) {
					keyStoreFos.close();
				}
			} catch (IOException e) {
				e.printStackTrace();
			}
		}
	}

	public static void exportPFXPublicKeyCertificate(
			String keyStorePathAndFileName, String keyStorePass, String alias,
			String exportPathAndFileName) {

		exportPublicKeyCertificate(keyStorePathAndFileName, keyStorePass,
				KEY_STORE_TYPE_PKCS12, alias, exportPathAndFileName);

	}

	public static void exportJKSPublicKeyCertificate(
			String keyStorePathAndFileName, String keyStorePass, String alias,
			String exportPathAndFileName) {

		exportPublicKeyCertificate(keyStorePathAndFileName, keyStorePass,
				KEY_STORE_TYPE_JKS, alias, exportPathAndFileName);

	}

	public static void exportPublicKeyCertificate(
			String keyStorePathAndFileName, String keyStorePass,
			String keyStoreType, String alias, String exportPathAndFileName) {
		FileOutputStream fos = null;
		FileInputStream fis = null;
		try {
			KeyStore ks = KeyStore.getInstance(keyStoreType);
			fis = new FileInputStream(keyStorePathAndFileName);
			ks.load(fis, keyStorePass.toCharArray());
			Certificate cert = ks.getCertificate(alias);
			fos = new FileOutputStream(exportPathAndFileName);
			fos.write(cert.getEncoded());
			fos.flush();

		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (FileNotFoundException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} finally {
			try {
				if (fos != null) {
					fos.close();
				}
				if (fis != null) {
					fis.close();
				}
			} catch (IOException e) {
				e.printStackTrace();
			}
		}
	}

	public static void generatePFX(String alias, String keyStorePass,
			String certPass, String CN, String OU, String O, String L,
			String ST, String C, Date start, long validityDays,
			String pathAndFileName) {
		generateDigitalCert(KEY_STORE_TYPE_PKCS12, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, alias, keyStorePass, certPass, CN, OU,
				O, L, ST, C, start, validityDays, pathAndFileName, true);

	}

	public static void addNewCert2PFX(String alias, String keyStorePass,
			String certPass, String CN, String OU, String O, String L,
			String ST, String C, Date start, long validityDays,
			String pathAndFileName) {
		generateDigitalCert(KEY_STORE_TYPE_PKCS12, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, alias, keyStorePass, certPass, CN, OU,
				O, L, ST, C, start, validityDays, pathAndFileName, false);

	}

	public static void addNewCert2PFX(KeyStoreInfo certInfo) {
		generateDigitalCert(KEY_STORE_TYPE_PKCS12, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, certInfo.getAlias(),
				certInfo.getKeyStorePass(), certInfo.getCertPass(),
				certInfo.getCN(), certInfo.getOU(), certInfo.getO(),
				certInfo.getL(), certInfo.getST(), certInfo.getC(),
				certInfo.getStart(), certInfo.getValidityDays(),
				certInfo.getPathAndFileName(), false);
	}

	public static void generatePFX(KeyStoreInfo certInfo) {
		generateDigitalCert(KEY_STORE_TYPE_PKCS12, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, certInfo.getAlias(),
				certInfo.getKeyStorePass(), certInfo.getCertPass(),
				certInfo.getCN(), certInfo.getOU(), certInfo.getO(),
				certInfo.getL(), certInfo.getST(), certInfo.getC(),
				certInfo.getStart(), certInfo.getValidityDays(),
				certInfo.getPathAndFileName(), true);
	}

	public static void generateJKS(String alias, String keyStorePass,
			String certPass, String CN, String OU, String O, String L,
			String ST, String C, Date start, long validityDays,
			String pathAndFileName) {
		generateDigitalCert(KEY_STORE_TYPE_JKS, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, alias, keyStorePass, certPass, CN, OU,
				O, L, ST, C, start, validityDays, pathAndFileName, true);
	}

	public static void addNewCert2JKS(String alias, String keyStorePass,
			String certPass, String CN, String OU, String O, String L,
			String ST, String C, Date start, long validityDays,
			String pathAndFileName) {
		generateDigitalCert(KEY_STORE_TYPE_JKS, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, alias, keyStorePass, certPass, CN, OU,
				O, L, ST, C, start, validityDays, pathAndFileName, false);
	}

	public static void generateJKS(KeyStoreInfo certInfo) {
		generateDigitalCert(KEY_STORE_TYPE_JKS, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, certInfo.getAlias(),
				certInfo.getKeyStorePass(), certInfo.getCertPass(),
				certInfo.getCN(), certInfo.getOU(), certInfo.getO(),
				certInfo.getL(), certInfo.getST(), certInfo.getC(),
				certInfo.getStart(), certInfo.getValidityDays(),
				certInfo.getPathAndFileName(), true);
	}

	public static void addNewCert2JKS(KeyStoreInfo certInfo) {
		generateDigitalCert(KEY_STORE_TYPE_JKS, SIGN_ALGORITHM_SHA256,
				KEY_PAIR_ALGORITHM_RSA, SECURE_RANDOM_ALGORITHM,
				SECURE_RANDOM_PROVIDER, certInfo.getAlias(),
				certInfo.getKeyStorePass(), certInfo.getCertPass(),
				certInfo.getCN(), certInfo.getOU(), certInfo.getO(),
				certInfo.getL(), certInfo.getST(), certInfo.getC(),
				certInfo.getStart(), certInfo.getValidityDays(),
				certInfo.getPathAndFileName(), false);
	}

	public static void generateDigitalCert(String keyStoreType,
			String signAlgorithm, String keyPairAlgorithm,
			String secureRandomAlgorithm, String secureRandomProvider,
			String alias, String keyStorePass, String certPass, String CN,
			String OU, String O, String L, String ST, String C, Date start,
			long validityDays, String pathAndFileName, boolean createNew) {
		FileOutputStream out = null;
		try {
			SecureRandom sr = SecureRandom.getInstance(secureRandomAlgorithm,
					secureRandomProvider);
			CertAndKeyGen cakg = new CertAndKeyGen(keyPairAlgorithm,
					signAlgorithm);
			cakg.setRandom(sr);
			cakg.generate(2048);
			X500Name subject = new X500Name("CN=" + CN + ",OU=" + OU + ",O="
					+ O + ",L=" + L + ",ST=" + ST + ",C=" + C);

			X509Certificate certificate = cakg.getSelfCertificate(subject,
					start, validityDays * 24L * 60L * 60L);
			KeyStore outStore = KeyStore.getInstance(keyStoreType);
			if (createNew) {
				outStore.load(null, keyStorePass.toCharArray());
				outStore.setKeyEntry(alias, cakg.getPrivateKey(),
						certPass.toCharArray(),
						new Certificate[] { certificate });
			} else {
				File f = new File(pathAndFileName);
				if (!f.exists()) {
					throw new FileNotFoundException("证书库文件不存在,不能把新的证书加入到证书库.");
				}

				FileInputStream fis = new FileInputStream(f);
				outStore.load(fis, keyStorePass.toCharArray());
				fis.close();
				outStore.setKeyEntry(alias, cakg.getPrivateKey(),
						certPass.toCharArray(),
						new Certificate[] { certificate });

			}
			out = new FileOutputStream(pathAndFileName);
			outStore.store(out, keyStorePass.toCharArray());

		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (SignatureException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} finally {

			try {
				if (out != null) {
					out.close();
					out = null;
				}
			} catch (IOException e) {
				e.printStackTrace();
			}
		}

	}

}

package com.xiuye.test;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;

import com.xiuye.cert.DigitalCertificateGenerator;
import com.xiuye.cert.bean.KeyStoreInfo;
import com.xiuye.cert.bean.SignedCertInfo;
import com.xiuye.cert.util.CertUtil;

public class DigitalCertificateGeneratorMain {

	public static void main(String[] args) throws KeyStoreException,
			NoSuchAlgorithmException, CertificateException, IOException,
			UnrecoverableKeyException, InvalidKeyException,
			NoSuchProviderException, SignatureException {

		KeyStoreInfo certInfo = new KeyStoreInfo("荆轲2", "123", "456", "1", "2",
				"3", "4", "5", "6", new Date(), 365, "CurrentTest.pfx");
		DigitalCertificateGenerator.generatePFX(certInfo);
		DigitalCertificateGenerator.addNewCert2PFX(certInfo);

		certInfo = new KeyStoreInfo("无名5", "789", "101", "7", "8", "9", "10",
				"11", "12", new Date(), 365, "CurrentTest.keystore");
		DigitalCertificateGenerator.generateJKS(certInfo);
		DigitalCertificateGenerator.addNewCert2JKS(certInfo);
		certInfo = new KeyStoreInfo("无名3", "789", "101", "7", "8", "9", "10",
				"11", "12", new Date(), 365, "CurrentTest.keystore");
		DigitalCertificateGenerator.generateJKS(certInfo);
		DigitalCertificateGenerator.addNewCert2JKS(certInfo);

		File f = new File("CurrentTest.keystore");
		if (!f.exists()) {
			System.out.println("not exist!");
		}
		KeyStore outStore = KeyStore.getInstance("jks");
		FileInputStream fis = new FileInputStream(f);
		outStore.load(fis, "789".toCharArray());

		Enumeration<String> e = outStore.aliases();

		// while(e.hasMoreElements()){
		// String alias = e.nextElement();

		Key key = outStore.getKey("中原", "中原".toCharArray());

		System.out.println("===========================");
		System.out.println(" key := " + key);
		System.out.println("===========================");

		key = outStore.getKey("无名3", "101".toCharArray());

		System.out.println("===========================");
		System.out.println(" key := " + key);
		System.out.println("===========================");

		// }
		//
		DigitalCertificateGenerator.exportJKSPublicKeyCertificate(
				"CurrentTest.keystore", "789", "无名3", "wuming3.cer");
		DigitalCertificateGenerator.exportPFXPublicKeyCertificate(
				"CurrentTest.pfx", "123", "荆轲2", "jingke2.cer");
		SignedCertInfo signedCertInfo = new SignedCertInfo();
		String s = "中原";
		signedCertInfo.setC(s);
		signedCertInfo.setCN(s);
		signedCertInfo.setIssuerAlias("无名3");
		signedCertInfo.setIssuerAliasPass("101");
		signedCertInfo.setKeyStorePass("789");
		signedCertInfo.setKeyStorePath("CurrentTest.keystore");
		signedCertInfo.setL(s);
		signedCertInfo.setO(s);
		signedCertInfo.setOU(s);
		signedCertInfo.setST(s);
		signedCertInfo.setSubjectAlias(s);
		signedCertInfo.setSubjectAliasPass(s);
		signedCertInfo.setSubjectPath("signed.cer");
		signedCertInfo.setValidity(365);

		System.out.println(signedCertInfo.getKeyStorePath());

		DigitalCertificateGenerator.signCertJKSForSubject(signedCertInfo);

		Certificate c1 = CertUtil.cert("wuming3.cer");
		Certificate c = CertUtil.cert("signed.cer");
		c.verify(c1.getPublicKey());
		System.out.println(c);
		System.out.println("end");

	}

}




Xiuye_XY
关注
  • 1
    点赞
  • 15
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
专栏目录
Java生成的国密cer证书
08-24
国密算法是我国自主研发创新的一套数据加密处理系列算法,很多项目都在用了,所以用Java代码生成的基于国密算法签发的sm2 证书,放到资源里面方便大家下载使用。
java.security 框架之签名、加密、摘要及证书
长安明月的博客
08-03 1799
单向加密是不可逆的,MD5、SHA、MAC 都是单向加密算法,也称之为摘要算法。MD5、SHA 会根据明文用哈希算法计算一个固定长度的摘要(哈希值),然后把明文和摘要发送给接收者,接收者根据同样的算法计算出摘要,对比两个摘要是否一样即可验证明文的正确性。它的应用场景是防止报文被篡改和校验数据。MD5、SHA 等算法是开源的,容易被试探出来。有没有更安全的摘要算法呢?HMAC(带密钥的哈希函数),用一个密钥和一个明文消息作为输入,生成一个消息摘要。.........
ecdsa.rar_CA_ECDSA_java ecdsa_java ecdsa 加密_证书签发
09-20
基于椭圆曲线密码体制的本地实现的CA(证书授权中心)和数字证书签发系统
SM2软证书签发.zip
10-08
[.NET]基于BouncyCastle库生成国密SM2证书,支持SM2证书导出成pfx格式。通过CSR签发证书等.
Java可执行命令】(十一)Java 密钥库和证书管理工具keytool:玩转密钥库和证书管理,深入解析keytool工具的应用与技巧~
Technology changes the world of life
07-03 7223
Java的keytool命令是一个强大而灵活的工具,用于生成、导入、导出和管理密钥对和数字证书。它为Java开发人员提供了一种安全可靠的方式来保护应用程序和数据资源。通过遵循合适的使用和操作方法,可以确保密钥和证书的安全性和完整性。有充分的理解和掌握keytool命令,可以更好地进行加密、身份验证和数据保护,并在安全意识和实践中取得成功。
java实现安全证书相关操作
moonpure的专栏
11-17 1602
package test;      import java.io.ByteArrayOutputStream;   import java.io.File;   import java.io.FileInputStream;   import java.io.FileNotFoundException;   import java.io.FileOutputStream;   im...
java字段签名_java.security.cert.CertificateParsingException:签名字段无效 - java
weixin_40001309的博客
03-08 2673
我正在尝试阅读X509 certificateFileInputStream fr = new FileInputStream("suresh.pfx");CertificateFactory cf = CertificateFactory.getInstance("X509");X509Certificate c = (X509Certificate) cf.generateCertific...
java实现签发数字证书
zymx(u010820135)的专栏
09-07 6399
from  http://renhl169.blog.163.com/blog/static/20365322201023194724282/ 最近研究了一下数字签名和关于证书相关。 证书必须通过CA权威机构签发,但在开发期间有多种途径实现签发证书用于测试: 1)去相关ca获取测试证书,一般有效期在15-30天 2)用keytool工具可以生成证书,但不能实现签发.
使用java自带的sercurity包解析x.509证书字符串
lxh123456789asd的博客
07-26 2148
背景:本来是使用某个公司的jar包解析x.509证书,但他的包被扫描的时候却发现了很多安全漏洞,所以要使用其他方式对x.509证书进行解析,我解析的是前端传过来的一个字符串,类似于这样的“MIICMjCCAZsCCQD3/xw1j77JATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJD”,据网上说,x.509的文本其实是这样的-----BEGIN CERTIFICAT...
SM2 SM3 X.509 Cert 国密 数字签名 算法 国密证书 生成 签发 证书请求 keystore java.zip
最新发布
01-14
这得益于Java虚拟机(JVM),它充当了代码和底层硬件之间的中介。 面向对象: Java是一种粹的面向对象编程语言,支持封装、继承和多态等面向对象的概念。这使得Java编写的代码更加模块化、可维护和可扩展。 多...
java程序实现对证书的操作
moonpure的专栏
11-17 3093
Java程序从证书文件读取证书 import java.io.*; import java.security.cert.*;  public class PrintCert{  public static void main(String args[ ]) throws Exception{         CertificateFactory cf=CertificateFactory.g...
JAVA程序签发数字证书
zymx(u010820135)的专栏
09-07 1429
from  http://blog.sina.com.cn/s/blog_4bea2fb101000a64.html /*  * Title:  *  * Description:  *  * Copyright: Copyright (c) 2007  *  * Company:  *  * @author ifwater  * @version 1.0  
java生成证书_Java实现数字证书生成签名的简单实例
weixin_39639600的博客
02-12 756
package com.ylsoft.cert;import java.io.File;import java.io.FileInputStream;import java.io.FileOutputStream;import java.io.IOException;import java.security.InvalidKeyException;import java.security.KeyP...
Java服务器授权+授权工具部分代码及思路
小怪兽的博客
10-21 3828
目标: 项目部署到服务器上,需要当前服务器授权后才能正常访问,控制项目授权日期、(某终端/通道)授权数量、用户登录访问菜单权限 注: 授权端:授权工具在自己手里,控制授权,在此我称之为服务器 被授权端:jar包部署的服务器端,在此我称之为服务器 思路: 使用RSA-2048非对称加密方式,生成两对公钥私钥,公钥加密、私钥解密。 A公钥加密服务器的硬件信息生成机器码, 授权工具端通过上传A私钥文件解密服务器机器码。 获取到服务器硬件信息,再拼接有效日期、终端授权数量、菜单权限,授权工具端通过
Java 生成 OFD 文档
热门推荐
q1009020096的博客
04-19 1万+
OFD是我国推行的拥有自主知识产群的用于替代PDF的板式文档。 关于开发的库目前多数都是各个厂家自己搞自己,目前市面上并没有一个免费开源好用的OFD生成的库。 因此本次为大家介绍OFD Reader&Writer,它是个像写HTML和Word那样简单的编写OFD 的Java开源库,使用 MIT开源协议 对商用非常友好。 Github项目地址: OFD Reader and Writer ...
SpringBoot + Java生成证书
分享·收获
03-15 1062
&gt; CMD 下输入: keytool -genkey -alias tomcat -keyalg RSA -keystore C:\04=Patch-Upload\test123.keystore &gt; 按照提示继续输入: 密钥库口令:******** 名字+姓:xxxx System 单位名称:xxxx Company Limited 组织名称:xxx group 城市名称:Gua...
java 产生p10证书_PKCS#10 以及证书颁发过程
weixin_33397994的博客
03-07 3961
一、证书颁发1.单证书签发用户填写信息注册(或者由RA的业务操作员注册用户)。用户信息传递到RA。RA审核通过。用户请求发证。RA审核通过。用户签发证书请求。RA把用户信息传递到CA。CA到KMC中取密钥对,(密钥对由加密机生成生成的密钥对)。CA把用户信息和从KMC中取到的公钥制作成证书。CA用自己的私钥给用户证书签名。CA把自己的用户证书和用户的私钥通过SSL通路传递给RA。用户从RA下载...
使用java代码实现签发服务器通信证书
03-24
可以使用Java的KeyStore类来生成和管理证书。以下是一个简单的示例代码: ``` import java.io.FileOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.cert.X509Certificate; import java.util.Date; import javax.security.auth.x500.X500Principal; import sun.security.x509.*; public class CertificateGenerator { public static void main(String[] args) throws Exception { // Generate a key pair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // Generate a self-signed X.509 certificate X500Name issuer = new X500Name("CN=My Company, O=My Organization, L=My City, ST=My State, C=My Country"); X500Name subject = issuer; Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); // Yesterday Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); // One year from now BigInteger serialNumber = new BigInteger(64, new SecureRandom()); X509CertInfo certInfo = new X509CertInfo(); certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber)); certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject)); certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer)); certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate)); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic())); certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid))); X509CertImpl cert = new X509CertImpl(certInfo); cert.sign(keyPair.getPrivate(), "SHA256withRSA"); // Save the certificate to a file FileOutputStream fos = new FileOutputStream("server.crt"); fos.write(cert.getEncoded()); fos.close(); // Save the private key to a file fos = new FileOutputStream("server.key"); fos.write(keyPair.getPrivate().getEncoded()); fos.close(); } } ``` 这个示例代码生成一个2048位的RSA密钥对,并使用SHA256withRSA签名算法生成一个自签名的X.509证书证书的有效期为一年,保存在server.crt文件中,私钥保存在server.key文件中。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值