java x509certificate_在JAVA中生成x509certificate certpath (Generate x509certificate certpath in JAVA)...

最新推荐文章于 2024-04-24 17:07:39 发布
最新推荐文章于 2024-04-24 17:07:39 发布
阅读量1.6k 收藏 2
点赞数
文章标签: java x509certificate
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_33985453/article/details/114565374
版权

2012-12-02 16:57:43

0

I successfully make X.509 certificate from certificate request.

However, I need to insert CERT Path informatin in the X.509 certificate.

I know that I have to use CertPathBuilder method but I don't know how to use it.

could you give me an code example that suitable for the following code?

import java.io.FileInputStream;

import java.io.FileWriter;

import java.io.InputStreamReader;

import java.io.OutputStreamWriter;

import java.math.BigInteger;

import java.security.KeyPair;

import java.security.SecureRandom;

import java.security.cert.X509Certificate;

import java.util.Date;

import java.util.Enumeration;

import org.bouncycastle.asn1.ASN1Set;

import org.bouncycastle.asn1.DERObjectIdentifier;

import org.bouncycastle.asn1.pkcs.Attribute;

import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

import org.bouncycastle.asn1.x509.BasicConstraints;

import org.bouncycastle.asn1.x509.ExtendedKeyUsage;

import org.bouncycastle.asn1.x509.KeyPurposeId;

import org.bouncycastle.asn1.x509.KeyUsage;

import org.bouncycastle.asn1.x509.X509Extension;

import org.bouncycastle.asn1.x509.X509Extensions;

import org.bouncycastle.jce.PKCS10CertificationRequest;

import org.bouncycastle.openssl.PEMReader;

import org.bouncycastle.openssl.PEMWriter;

import org.bouncycastle.x509.X509V3CertificateGenerator;

import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;

import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

import chapter6.X509V1CreateExample;

//example of a basic CA

public class PKCS10CertCreateExample

{

public static X509Certificate[] buildChain() throws Exception

{

PEMReader pRd = new PEMReader(

new InputStreamReader(

new FileInputStream("pkcs10.req")));

PKCS10CertificationRequest request = (PKCS10CertificationRequest)pRd.readObject();

//create a root certificate

KeyPair rootPair=chapter6.Utils.generateRSAKeyPair();

X509Certificate rootCert = X509V1CreateExample.generateV1Certificate(rootPair);

//validate the certification request

if(!request.verify("BC"))

{

System.out.println("request failed to verify!");

System.exit(1);

}

//create the certificate using the information in the request

X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));

certGen.setIssuerDN(rootCert.getSubjectX500Principal());

certGen.setNotBefore(new Date(System.currentTimeMillis()));

certGen.setNotAfter(new Date(System.currentTimeMillis()+50000));

certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());

certGen.setPublicKey(request.getPublicKey("BC"));

certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert));

certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));

certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));

//certGen.addExtension(X509Extensions.KeyUsage, true, new BasicConstraints(false));

certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));

//extract the extension request attribute

ASN1Set attributes = request.getCertificationRequestInfo().getAttributes();

for(int i=0;i!=attributes.size();i++)

{

Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));

//process extension request

if(attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest))

{

X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));

Enumeration> e = extensions.oids();

while(e.hasMoreElements())

{

DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();

X509Extension ext = extensions.getExtension(oid);

certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());

}

}

}

X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate());

return new X509Certificate[]{issuedCert, rootCert};

}

public static void pemEncodeToFile(String filename, Object obj, char[] password) throws Exception{

PEMWriter pw = new PEMWriter(new FileWriter(filename));

if (password != null && password.length > 0) {

pw.writeObject(obj, "DESEDE", password, new SecureRandom());

} else {

pw.writeObject(obj);

}

pw.flush();

pw.close();

}

public static void main(String[] args) throws Exception

{

X509Certificate[] chain = buildChain();

PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));

pemWrt.writeObject(chain[0]);

pemEncodeToFile("pkcs10.pem", chain[0], null);

pemWrt.close();

}

}

卖旺sellerwant
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
X.509证书与java
qq_41644069的博客
11-14 7705
1. X.509证书简介 X.509是密码学里公钥证书的格式标准。X.509证书己应用在包括TLS/SSL(WWW万维网安全浏览的基石)在内的众多Internet协议里。同时它也用在很多非在线应用场景里,比如电子签名服务。X.509证书里含有公钥、身份信息(比如网络主机名,组织的名称或个体名称等)和签名信息(可以是证书签发机构CA的签名,也可以是自签名)。对于一份经由可信的证书签发机构签名或者可以通过其它方式验证的证书,证书的拥有者就可以用证书及相应的私钥来创建安全的通信,对文档进行数字签名。-百度百科
InstallCert.java工具及使用方法.zip
07-29
解决方法: ...
Java生成CSR创建证书
热门推荐
Jinhill's Blog
12-27 2万+
Java生成CSR,签发证书package com.jinhill.cert; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; im
深入解析 X509Certificate:成员变量与方法详解
最新发布
一起coding,一起嗨。
04-24 614
深入解析 X509Certificate:成员变量与方法详解
java x509certificate javax_使用Java生成带有BouncyCastle的X509Certificate
weixin_40005887的博客
03-02 472
这就是我现在生成的数字证书.现在我能够生成一个密码保护私钥的数字证书.public static void main(String[] args) throws Exception {Security.addProvider(new BouncyCastleProvider());testKeyStore();}public static void testKeyStore() throws Ex...
x509 java_X509Certificate
weixin_39851887的博客
02-21 296
从 SubjectAltName 扩展 (OID = 2.5.29.17) 获得一个主体替换名称的不可变集合。SubjectAltName 扩展的 ASN.1 定义如下:SubjectAltName ::= GeneralNamesGeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralNameGeneralName ::= CHOICE {othe...
X509证书以及相关java常用接口
学习不止境的博客
04-17 6091
例如,如果getNotAfter()返回的值是1649992800000,那么证书的过期日期是2023年4月14日23:59:59 GMT。例如,如果getNotBefore()返回的值是1618476000000,那么证书的生效日期是2021年4月15日00:00:00 GMT。例如,.pem格式的证书是以Base64编码的ASCII文本格式,.crt格式的证书通常是PEM编码的,而.cer格式的证书可以是DER编码或PEM编码。和之前的getIssueDn不同的是,前者是证书持有者,后者是证书颁发者。
Java 数字签名、数字证书生成源码.rar
05-17
Java,`java.security.cert.Certificate`接口代表了这样的证书,而`java.security.cert.CertPath`类则用于处理证书路径,通常用于验证证书链的完整性和有效性。`java.security.cert.CertificateFactory`则用来从...
Java安全性.docx
05-09
1. 无指针:Java 程序不能对地址空间的任意内存位置寻址,从而减少了缓冲区溢出攻击的风险。 2. 字节码验证器:在编译成 .class 文件之后运行,在执行之前检查安全性问题。 3. 对资源访问的细颗粒度控制:用于控制...
Java加密技术(技巧与实例) pdf.rar
07-10
Java,`java.security.cert.Certificate` 类代表数字证书,`java.security.cert.CertPath` 类用于处理证书路径验证,确保证书链的完整性和有效性。 在Java开发,理解并掌握这些加密技术至关重要。例如,你...
InstallCert.jar
08-13
解决jdk证书问题 生成jssecacerts PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilde... 具体操作可参考:https://blog.csdn.net/Asia1752/article/details/119675793
Java 生成证书工具类 https
04-10
java生成https安全证书,解决httpClient访问https出错 编译:javac InstallCert.java 运行:java InstallCert 要访问的网址 结果:Enter certificate to add to trusted keystore or 'q' to quit: [1] 输入1确认生成jssecacerts文件,将证书copy到$JAVA_HOME/jre/lib/security目录下
java生成X509证书jar包
03-08
基于BC已封装完成,导入项目直接调用RcertUtil工具类的方法即可使用制作x509证书,可导出到文件也可以返回证书对象
java+创建+x509,如何使用Java创建X509证书?
weixin_29475917的博客
02-26 844
I want to create a X509 certificate using Java language and then extract public key from it.I have searched the internet and found many code examples, but all of them have errors (unknown variable or ...
certificate java_Javajava.security.cert.X509Certificate的实例源码 - 编程字典
weixin_39963523的博客
02-20 717
/*** Verify that the signing certificate used to sign {@link #SIGNED_FILE_NAME}* matches the signing stored in the database for this repo. {@link #repo} and* {@code repo.signingCertificate} must be p...
生成SAML所需X509证书
horncui的博客
07-16 3141
这里写自定义目录标题欢迎使用Markdown编辑器新的改变功能快捷键 欢迎使用Markdown编辑器 你好! 这是你第一次使用 Markdown编辑器 所展示的欢迎页。如果你想学习如何使用Markdown编辑器, 可以仔细阅读这篇文章,了解一下Markdown的基本语法知识。 新的改变 我们对Markdown编辑器进行了一些功能拓展与语法支持,除了标准的Markdown编辑器功能,我们增加了如下几...
java 生成证书,使用Java生成证书,公钥和私钥
weixin_29689845的博客
02-12 523
I'm looking for a java library or code to generate certificates, public and private keyson the fly without to use third party programs (such as openssl).I think something that is doeing keytool+openss...
java byte生成cer证书_java如何解读证书里的内容(通过string 来生成X509Certificate对象)...
weixin_34541572的博客
02-16 2013
我可以读到证书文件里的内容,如下:假如证书为zyj.crtFilefile=newFile("D:\\zyj.crt");InputStreaminStream=newFileInputStream(file);CertificateFactorycf=CertificateFactory.ge...我可以读到证书文件里的内容,如下:假如证书为zyj.crtFile file = new File...
Java使用X509Certificate获取证书详情
yyb1369584682的博客
08-02 2199
Java使用X509Certificate获取证书详情
PKIX path building failed: sun.security.provider.certpath.
01-28
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException是Java的一个错误,表示构建PKIX路径失败,无法找到有效的证书路径。这个错误通常发生在使用SSL连接时,由于Java不信任SSL证书导致的。 解决这个问题的方法有多种,其一种是手动导入证书到本地的信任库。这种方法比较复杂,需要按照一定的步骤进行操作。另一种方法是信任SSL证书,可以通过以下步骤解决该问题: 1. 创建一个TrustManager,用于信任所有的SSL证书。可以使用X509TrustManager接口的实现类,如下所示: ```java import javax.net.ssl.X509TrustManager; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; public class TrustAllManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } ``` 2. 在使用SSL连接之前,将TrustManager设置为信任所有SSL证书。可以使用以下代码片段实现: ```java import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; // 创建SSL上下文 SSLContext sslContext = SSLContext.getInstance("TLS"); // 创建TrustManager数组,只包含一个TrustAllManager TrustManager[] trustManagers = {new TrustAllManager()}; // 初始化SSL上下文 sslContext.init(null, trustManagers, null); // 设置默认的SSLSocketFactory和HostnameVerifier HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); ``` 通过以上步骤,你可以解决PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException错误。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值