package com.what21.security05;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Date;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
public class CreateCertificate {
/**
* @param keystoreFile 文件
* @param passwd 密钥库密码
* @param caAlias 别名
* @param caPasswd CA密码
* @param certToSignAlias 签名别名
* @param certPasswd 证书密码
* @param newAlias 别名
* @throws Exception
*/
public static void createCert(String keystoreFile, String passwd,
String caAlias, String caPasswd, String certToSignAlias,
String certPasswd, String newAlias) throws Exception {
// 生成JKS
FileInputStream input = new FileInputStream(keystoreFile);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(input, passwd.toCharArray());
input.close();
// 私钥
PrivateKey caPrivateKey = (PrivateKey) keyStore.getKey(caAlias,
caPasswd.toCharArray());
// 证书
Certificate caCert = keyStore.getCertificate(caAlias);
byte[] encoded = caCert.getEncoded();
X509CertImpl caCertImpl = new X509CertImpl(encoded);
X509CertInfo caCertInfo = (X509CertInfo) caCertImpl
.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name) caCertInfo.get(X509CertInfo.SUBJECT + "."
+ CertificateIssuerName.DN_NAME);
Certificate cert = keyStore.getCertificate(certToSignAlias);
encoded = cert.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded);
// 证书信息
X509CertInfo certInfo = (X509CertInfo) certImpl.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO);
Date firstDate = new Date();
Date lastDate = new Date(firstDate.getTime() + 365 * 24 * 60 * 60 * 1000L);
CertificateValidity interval = new CertificateValidity(firstDate,lastDate);
certInfo.set(X509CertInfo.VALIDITY, interval);
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
(int) (firstDate.getTime() / 1000)));
certInfo.set(X509CertInfo.ISSUER + "." + CertificateSubjectName.DN_NAME, issuer);
AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm);
X509CertImpl newCert = new X509CertImpl(certInfo);
newCert.sign(caPrivateKey, "MD5WithRSA");
// 保存证书
PrivateKey privateKey = (PrivateKey) keyStore.getKey(certToSignAlias,
certPasswd.toCharArray());
keyStore.setKeyEntry(newAlias, privateKey, certPasswd.toCharArray(),
new Certificate[] { newCert });
FileOutputStream output = new FileOutputStream(keystoreFile);
keyStore.store(output, passwd.toCharArray());
output.close();
}
/**
* @param args
*/
public static void main(String[] args) {
String keystoreFile = "c://keyStoreFile.bin";
String passwd = "123456";
String caAlias = "caAlias";
String caPasswd = "123456";
String certToSignAlias = "cert";
String certPasswd = "123456";
String newAlias = "newAlias";
try {
createCert(keystoreFile,passwd,caAlias,caPasswd,certToSignAlias,certPasswd,newAlias);
} catch (Exception e) {
e.printStackTrace();
}
}
}