package com.ljt.ca;
import java.io.BufferedInputStream;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.*;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
public class RootCA {
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, CertificateException {
//Security.addProvider(new BouncyCastleProvider());
//rootCA();
readCA();
}
private static void readCA() throws IOException, CertificateException {
String filepath = "E:/BouncyCastle_JCE/ljtTest1.cer";
CertificateFactory certificate_factory = CertificateFactory.getInstance("X.509");
FileInputStream file_inputstream = new FileInputStream(filepath);
X509Certificate x509certificate = (X509Certificate) certificate_factory.generateCertificate(file_inputstream);
String Field = x509certificate.getType();
Date nobefore = x509certificate.getNotAfter();
System.out.println("nobefore:"+nobefore);
}
public static void rootCA() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, IOException {
KeyPairGenerator kpg=KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.generateKeyPair();
X509Certificate x509ca = generateV1SelfSignedCertificate(kp,"ljtTest");
byte[] caByte = x509ca.getEncoded();
String filePath = "E:/BouncyCastle_JCE/ljtTest1.cer";
File f = new File(filePath);
if (!f.exists()) {
f.createNewFile();
}
FileOutputStream fos = new FileOutputStream(f);
fos.write(caByte);
fos.flush();
fos.close();
}
//Generate version 3 self signed X509Certificate
private static X509Certificate generateV1SelfSignedCertificate(KeyPair kp, String subject) {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(subjectDN, serialNumber, startDate,
endDate, subjectDN, subPubKeyInfo);
X509CertificateHolder holder = builder.build(createSigner(kp.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(holder);
} catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e);
}
}
private static ContentSigner createSigner(PrivateKey privKey) throws OperatorCreationException {
return new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);
}
}
Bouncy Castlet生成证书(一)
最新推荐文章于 2024-06-25 08:36:01 发布