项目中要用到安全证书,生成CSR测试。
不多说,直接上干货。
1、什么是数字证书,这篇文章讲的不错,通俗易懂,简单明了。
http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
2、使用keytool自带命令生成相关证书。
http://www.cnblogs.com/SirSmith/p/4996392.html
这些是网上的一些例子,使用后,自己可以跟着做一遍。
3、用java来生成csr数据,格式如下
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICzDCCAbQCAQAwVzEOMAwGA1UEBhMFY2hpYW4xCzAJBgNVBAgTAmZ6MQswCQYDVQQHEwJmejEN
MAsGA1UEChMEeHlzajENMAsGA1UECxMEeHlzajENMAsGA1UEAxMEY2hlbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIxCstBDP+snnSRNK9lRKippsvii4wD/d/MZnx2oj0xG+9wIkQ+f
4lHJ8WsmtvoYGTgQSWXX/eEOusDzBN7ZcQpPqXDBEYwcIxaM1Mz6gm5JnpnrGKWKXSSbP9M2Uh/I
J6zjAJT0eyhL5kJg2rP/wxbUBqDTqwgU8W6bwGmDQg6jaJQU9YY7jyLv1dMH1QKx07RnfQtbzgca
yVPjrvPAY0kdppF5cqYnS0jNptbK6SI1iaaELVZRYbnn/eXtUbLntUP5iyRsjyCBYjdTvEBgOg11
uK/B39q0on1LSOAnO1tSZC8ZOOhaxiwxqfPDpYb/wugPAB/vp6S7SFWa5DZWPusCAwEAAaAwMC4G
CSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFAt7FLUGJBiuehAF3LiACcoHztzHMA0GCSqGSIb3DQEB
CwUAA4IBAQB4sp8UyWfAv1cdWYY4JqcPOAGqb3IapM8GTTMr6pROXsf3mRMSNhCHoBC0ykPfa5mL
PXlUR2m5zYcXuTBR0CoMR/wtUIsjikzbNThfnKX1DwtvrjxZmq9uaewEfDrez7MizteOMnIHcRFd
E/s4GxSNtjTgf5hRuxN08LG40m7QMr2Mqhl6yCWw4Q9fm+qrKASX9AyMe+r49zarOqMVOpATx0Tq
UCbl+wTekjny6c+N9GgbQlrtvlU0/QxypBkowosdKeuWFvS01wB8SbdOZorOvns3RBO9cRJc3Z8m
vrX/GC9wcrrCM/7MewpDJOzEcq1ycGLobU7I60BLF3jAH00R
-----END NEW CERTIFICATE REQUEST-----
相关代码
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jcajce.provider.keystore.PKCS12;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class StoreUtils {
public KeyPair kp = null;
public String password = "";
public String generateCSR(String alg,int size,String cn) throws NoSuchAlgorithmException, InvalidKeyException, IOException, CertificateException, SignatureException{
Security.addProvider(new BouncyCastleProvider());
String strCSR = "";
String sigAlg = "SHA1WithRSA";
try {
if (alg == null || alg.length() <= 0) {
sigAlg = "SHA1WithRSA";
} else {
sigAlg = alg;
int algSize = 2048;
if (size != 0) {
algSize = size;
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(algSize, new SecureRandom());
this.kp = kpg.generateKeyPair();
PublicKey publicKey = this.kp.getPublic();
PrivateKey privateKey = this.kp.getPrivate();
sun.security.pkcs.PKCS10 pkcs10 = new sun.security.pkcs.PKCS10(
publicKey);
//PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
String CN = "defaultUserName";
if (cn != null && cn.length() > 0) {
CN = cn;
}
String DN = "CN=" + CN + ",C= CN";
@SuppressWarnings("restriction")
sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name(
DN);
pkcs10.encodeAndSign(x500Name, signature);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos);
pkcs10.print(ps);
String strPEMCSR = baos.toString();
strCSR = strPEMCSR.replaceAll("\r|\n", "");
strCSR = strCSR.replaceAll(
"-----BEGIN NEW CERTIFICATE REQUEST-----", "");
strCSR = strCSR.replaceAll(
"-----END NEW CERTIFICATE REQUEST-----", "");
return strCSR;
}
} catch (Exception e) {
System.out.println(e.getMessage());
// TODO: handle exception
}
return strCSR;
}
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException, SignatureException, IOException {
StoreUtils StoreUtils = new StoreUtils();
System.out.println(StoreUtils.generateCSR("SHA1WithRSA",0,""));
}
}
用到的包 bcprov-ext-jdk15on-1.49.jar