java openssl 证书_openssl 制作证书和签名java方法

最新推荐文章于 2023-12-04 00:55:24 发布

weixin_39707478

最新推荐文章于 2023-12-04 00:55:24 发布

阅读量311

点赞数

文章标签： java openssl 证书

本文链接：https://blog.csdn.net/weixin_39707478/article/details/114082078

版权

Win32OpenSSL_Light-0_9_8k.exe

1. 生成不含密码保护的私钥：

openssl genrsa -out private-rsa.key 1024

2. 生成证书

openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer

3. 生成Keystore

3.1. 生成PKCS12 格式Keystore

openssl pkcs12 -export -name test-alias -in public-rsa.cer -inkey private-rsa.key -out 99bill-rsa.pfx

pfx格式证书转换为pem格式命令

openssl pkcs12 -in 99bill-rsa.pfx -passin pass:生成证书设置的密码 -nodes -out 99bill-rsa.pem

private-rsa.pfx

public-rsa.cer

附：签名方法

package com.verify.cert;

public class CertUtil {

/**

* 对字符串进行签名

* @param TobeSigned

* 需要进行签名的字符串

* @param KeyFile

* PFX证书文件路径

* @param PassWord

* 私钥保护密码

* @return 签名成功返回true(从LastResult属性获取结果)，失败返回false(从LastErrMsg属性获取失败原因)

public static String SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {

CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();

cryptNoRestrict.SignMsg(TobeSigned, KeyFile, PassWord);

return cryptNoRestrict.lastSignMsg;

}

/**

* 验证签名

* @param TobeVerified

* 待验证签名的密文

* @param PlainText

* 待验证签名的明文

* @param CertFile

* 签名者公钥证书

* @return 验证成功返回true，失败返回false(从LastErrMsg属性获取失败原因)

public static boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {

CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();

return cryptNoRestrict.VerifyMsg(TobeVerified, PlainText, CertFile);

}

public static void main(String[] args) {

try {

String a = "100|123123122222222222222";

String b = SignMsg(a, "com/verify/cert/private-rsa.pfx", "123456");

System.err.println(b);

System.err.println(VerifyMsg(b, a, "com/verify/cert/public-rsa.cer"));

} catch (Exception e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

package com.verify.cert;

public interface CryptInf {

public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception;

public boolean SignMsg(String TobeSigned, String KeyFile, String PassWord) throws Exception;

public String getLastSignMsg();

}

/**

package com.verify.cert;

import java.io.InputStream;

import java.security.KeyStore;

import java.security.Provider;

import java.security.Signature;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.interfaces.RSAPrivateCrtKey;

import java.security.interfaces.RSAPublicKey;

import java.util.Enumeration;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

/**

* @author Administrator

public class CryptNoRestrict implements CryptInf {

public static Provider provider = new BouncyCastleProvider();

/**

* 构造函数

public CryptNoRestrict() {

}

public CryptNoRestrict(String encoding) {

this.encoding = encoding;

}

private String encoding = "GBK";

/**

* 取出上次调用加密、解密、签名函数成功后的输出结果

protected String lastResult;

/**

* 返回上一次签名结果

protected String lastSignMsg;

/**

* 对字符串进行签名

* @param TobeSigned

* 需要进行签名的字符串

* @param KeyFile

* PFX证书文件路径

* @param PassWord

* 私钥保护密码

* @return 签名成功返回true(从LastResult属性获取结果)，失败返回false(从LastErrMsg属性获取失败原因)

public boolean SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {

ClassLoader cl = CryptNoRestrict.class.getClassLoader();

InputStream fiKeyFile = cl.getResourceAsStream(KeyFile);

// 传入绝对路径

//FileInputStream fiKeyFile = null;

//fiKeyFile = new FileInputStream(KeyFile);

boolean result = false;

this.lastSignMsg = "";

KeyStore ks = KeyStore.getInstance("PKCS12");

try {

ks.load(fiKeyFile, PassWord.toCharArray());

} catch (Exception ex) {

if (fiKeyFile != null)

fiKeyFile.close();

throw ex;

}

Enumeration myEnum = ks.aliases();

String keyAlias = null;

RSAPrivateCrtKey prikey = null;

// keyAlias = (String) myEnum.nextElement();

/* IBM JDK必须使用While循环取最后一个别名，才能得到个人私钥别名 */

while (myEnum.hasMoreElements()) {

keyAlias = (String) myEnum.nextElement();

// System.out.println("keyAlias==" + keyAlias);

if (ks.isKeyEntry(keyAlias)) {

prikey = (RSAPrivateCrtKey) ks.getKey(keyAlias, PassWord.toCharArray());

break;

}

if (prikey == null) {

result = false;

throw new Exception("没有找到匹配私钥");

} else {

Signature sign = Signature.getInstance("SHA1withRSA");

sign.initSign(prikey);

sign.update(TobeSigned.getBytes(encoding));

byte signed[] = sign.sign();

byte sign_asc[] = new byte[signed.length * 2];

Hex2Ascii(signed.length, signed, sign_asc);

this.lastResult = new String(sign_asc);

this.lastSignMsg = this.lastResult;

result = true;

}

return result;

}

/**

* 验证签名

* @param TobeVerified

* 待验证签名的密文

* @param PlainText

* 待验证签名的明文

* @param CertFile

* 签名者公钥证书

* @return 验证成功返回true，失败返回false(从LastErrMsg属性获取失败原因)

public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {

boolean result = false;

ClassLoader cl = CryptNoRestrict.class.getClassLoader();

InputStream certfile = cl.getResourceAsStream(CertFile);

// 传入绝对路径

//FileInputStream certfile = null;

//certfile = new FileInputStream(CertFile);

CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate x509cert = null;

try {

x509cert = (X509Certificate) cf.generateCertificate(certfile);

} catch (Exception ex) {

if (certfile != null)

certfile.close();

throw ex;

}

RSAPublicKey pubkey = (RSAPublicKey) x509cert.getPublicKey();

Signature verify = Signature.getInstance("SHA1withRSA");

verify.initVerify(pubkey);

byte signeddata[] = new byte[TobeVerified.length() / 2];

Ascii2Hex(TobeVerified.length(), TobeVerified.getBytes(encoding), signeddata);

verify.update(PlainText.getBytes(encoding));

if (verify.verify(signeddata)) {

result = true;

} else {

result = false;

// throw new Exception("验签失败");

}

return result;

}

/**

* 返回上次调用加密、解密、签名函数成功后的输出结果

* @return 返回上次调用加密、解密、签名函数成功后的输出结果

public String getLastResult() {

return this.lastResult;

}

/**

* 返回上一次签名结果

* @return 签名结果

public String getLastSignMsg() {

return this.lastSignMsg;

}

/**

* 将十六进制数据转换成ASCII字符串

* @param len

* 十六进制数据长度

* @param data_in

* 待转换的十六进制数据

* @param data_out

* 已转换的ASCII字符串

private static void Hex2Ascii(int len, byte data_in[], byte data_out[]) {

byte temp1[] = new byte[1];

byte temp2[] = new byte[1];

for (int i = 0, j = 0; i < len; i++) {

temp1[0] = data_in[i];

temp1[0] = (byte) (temp1[0] >>> 4);

temp1[0] = (byte) (temp1[0] & 0x0f);

temp2[0] = data_in[i];

temp2[0] = (byte) (temp2[0] & 0x0f);

if (temp1[0] >= 0x00 && temp1[0] <= 0x09) {

(data_out[j]) = (byte) (temp1[0] + '0');

} else if (temp1[0] >= 0x0a && temp1[0] <= 0x0f) {

(data_out[j]) = (byte) (temp1[0] + 0x57);

}

if (temp2[0] >= 0x00 && temp2[0] <= 0x09) {

(data_out[j + 1]) = (byte) (temp2[0] + '0');

} else if (temp2[0] >= 0x0a && temp2[0] <= 0x0f) {

(data_out[j + 1]) = (byte) (temp2[0] + 0x57);

}

j += 2;

}

/**

* 将ASCII字符串转换成十六进制数据

* @param len

* ASCII字符串长度

* @param data_in

* 待转换的ASCII字符串

* @param data_out

* 已转换的十六进制数据

private static void Ascii2Hex(int len, byte data_in[], byte data_out[]) {

byte temp1[] = new byte[1];

byte temp2[] = new byte[1];

for (int i = 0, j = 0; i < len; j++) {

temp1[0] = data_in[i];

temp2[0] = data_in[i + 1];

if (temp1[0] >= '0' && temp1[0] <= '9') {

temp1[0] -= '0';

temp1[0] = (byte) (temp1[0] << 4);

temp1[0] = (byte) (temp1[0] & 0xf0);

} else if (temp1[0] >= 'a' && temp1[0] <= 'f') {

temp1[0] -= 0x57;

temp1[0] = (byte) (temp1[0] << 4);

temp1[0] = (byte) (temp1[0] & 0xf0);

}

if (temp2[0] >= '0' && temp2[0] <= '9') {

temp2[0] -= '0';

temp2[0] = (byte) (temp2[0] & 0x0f);

} else if (temp2[0] >= 'a' && temp2[0] <= 'f') {

temp2[0] -= 0x57;

temp2[0] = (byte) (temp2[0] & 0x0f);

}

data_out[j] = (byte) (temp1[0] | temp2[0]);

i += 2;

}

protected String replaceAll(String strURL, String strAugs) {

// JDK1.3中String类没有replaceAll的方法

/** ********************************************************** */

int start = 0;

int end = 0;

String temp = new String();

while (start < strURL.length()) {

end = strURL.indexOf(" ", start);

if (end != -1) {

temp = temp.concat(strURL.substring(start, end).concat("%20"));

if ((start = end + 1) >= strURL.length()) {

strURL = temp;

break;

}

} else if (end == -1) {

if (start == 0)

break;

if (start < strURL.length()) {

temp = temp.concat(strURL.substring(start, strURL.length()));

strURL = temp;

break;

}

temp = "";

start = end = 0;

while (start < strAugs.length()) {

end = strAugs.indexOf(" ", start);

if (end != -1) {

temp = temp.concat(strAugs.substring(start, end).concat("%20"));

if ((start = end + 1) >= strAugs.length()) {

strAugs = temp;

break;

}

} else if (end == -1) {

if (start == 0)

break;

if (start < strAugs.length()) {

temp = temp.concat(strAugs.substring(start, strAugs.length()));

strAugs = temp;

break;

}

/** **************************************************************** */

return strAugs;

}

weixin_39707478

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
java openssl 证书_openssl 制作证书和签名java方法

Win32OpenSSL_Light-0_9_8k.exe1. 生成不含密码保护的私钥：openssl genrsa -out private-rsa.key 10242. 生成证书openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer3. 生成Keystore3.1. 生成PKCS12 格式Keystor...
复制链接

扫一扫