package com.ylsoft.cert;
import java.io.file;
import java.io.fileinputstream;
import java.io.fileoutputstream;
import java.io.ioexception;
import java.security.invalidkeyexception;
import java.security.keypair;
import java.security.keypairgenerator;
import java.security.keystore;
import java.security.keystoreexception;
import java.security.nosuchalgorithmexception;
import java.security.nosuchproviderexception;
import java.security.privatekey;
import java.security.securerandom;
import java.security.signature;
import java.security.signatureexception;
import java.security.unrecoverablekeyexception;
import java.security.cert.certificate;
import java.security.cert.certificateexception;
import java.security.cert.x509certificate;
import java.util.date;
import java.util.vector;
import sun.misc.base64encoder;
import sun.security.util.objectidentifier;
import sun.security.x509.algorithmid;
import sun.security.x509.certandkeygen;
import sun.security.x509.certificatealgorithmid;
import sun.security.x509.certificateextensions;
import sun.security.x509.certificateserialnumber;
import sun.security.x509.certificatevalidity;
import sun.security.x509.certificateversion;
import sun.security.x509.certificatex509key;
import sun.security.x509.extendedkeyusageextension;
import sun.security.x509.extension;
import sun.security.x509.keyidentifier;
import sun.security.x509.keyusageextension;
import sun.security.x509.subjectkeyidentifierextension;
import sun.security.x509.x500name;
import sun.security.x509.x500signer;
import sun.security.x509.x509certimpl;
import sun.security.x509.x509certinfo;
/**
* 首先生成ca的根证书,然后有ca的根证书签署生成scriptx的证书
*
* @author administrator
*
*/
public class genx509cert {
/** 提供强加密随机数生成器 (rng)* */
private securerandom sr;
public genx509cert() throws nosuchalgorithmexception,
nosuchproviderexception {
// 返回实现指定随机数生成器 (rng) 算法的 securerandom 对象。
sr = securerandom.getinstance("sha1prng", "sun");
}
public void createcert(x509certificate certificate, privatekey rootprivkey,
keypair kp) throws certificateexception, ioexception,
invalidkeyexception, nosuchalgorithmexception,
nosuchproviderexception, signatureexception {
// x.509 v1 证书的抽象类。此类提供了一种访问 x.509 v1 证书所有属性的标准方式。
byte certbytes[] = certificate.getencoded();
// the x509certimpl class represents an x.509 certificate.
x509certimpl x509certimpl = new x509certimpl(certbytes);
// the x509certinfo class represents x.509 certificate information.
x509certinfo x509certinfo = (x509certinfo) x509certimpl
.get("x509.info");
// this class defines the x509key attribute for the certificate.
x509certinfo.set("key", new certificatex509key(kp.getpublic()));
// this class defines the extensions attribute for the certificate
certificateextensions certificateextensions = new c