My java program should sign received X509 certificate requests by using own key.
Certificate requests are in PEM format. The key/certificate for signing is in the local java key store.
I have seek suitable classes from java.security package. But without success.
What classes of Java API should be used for signing X509 certificates?
I can convert PEM to DER, but decoding of DER causes problems.
I have tried the following:
BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(derReq));
CertificateFactory certFact = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = certFact.generateCertificate(bis);
And
javax.security.cert.X509Certificate cer = X509Certificate.getInstance(derReq);
Both will cause the following exception:
javax.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
So, seems that those are only for signed certificates, and not for X509 certificate requests.
解决方案
I haven't done any PKI with Java, but of course it usually remains the same. Check out this link: PKI Java
It covers the necessities for both JCE and BC.