Topic: Java中能自己生成证书吗? |
 Print this page
|
| 1.Java中能自己生成证书吗? | Copy to clipboard |
|
Posted by: lvjing79 Posted on: 2004-09-12 15:01 比如一张自签名的CA证书。可以吗? | |
| 2.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: linux_china Posted on: 2004-09-12 15:04 可以的,没有问题。以前用cryptix就生成过的。 | |
| 3.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: lvjing79 Posted on: 2004-09-12 17:10 我在《Java 安全》中好像没有看到啊?不知道是在哪个库里面?版主能告诉我吗?多谢了! | |
| 4.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: emarket Posted on: 2004-09-12 22:00 用OpenSSL是可以的 http://www-900.ibm.com/developerWorks/cn/java/j-certgen/ http://www-900.ibm.com/developerWorks/cn/java/j-certgen/index_eng.shtml windows下如何用可以参见 http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html | |
| 5.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: floater Posted on: 2004-09-13 01:25 use keytool in java bin dir | |
| 6.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: lvjing79 Posted on: 2004-09-13 17:40 但keytool只能操作已有的证书啊,并不能用一个根证书给另一个证书请求进行签名啊? | |
| 7.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: menzy Posted on: 2004-09-16 08:25 你是不时向做一个CA系统阿? | |
| 8.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: lvjing79 Posted on: 2004-09-16 14:08 呵呵,是。现在是用keytool生成csr,然后用openssl颁发。 | |
| 9.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: NUAA_SG Posted on: 2004-09-20 15:55 绝对可以,做过! | |
| 10.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: menzy Posted on: 2004-09-21 10:47 需要调用接口库吧! 编程调用System做当然可以,但是不管用什么,都应当公布java API,如果有API就好办 | |
| 11.Re:Java中能自己生成证书吗? [Re: lvjing79] | Copy to clipboard |
|
Posted by: v_gyc Posted on: 2004-11-07 12:29 用 BC, 自己来 ,下面 是 V1 X509的 , V3的 还要麻烦点。 /* * Created on 2004-10-22 * by v_gyc */ package test.certificate.generate; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.X509V1CertificateGenerator; /** * @author Administrator */ public class V1Generator { private static final String sigalg_DSAWITHSHA1 = "DSAWithSHA1"; public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SecurityException, SignatureException, IOException, CertificateEncodingException { String attrs = "C=cn" + ", O=www.neuq.edu.cn" + ",L=QinHuangDao" + ",ST=HeBei" + ",E=****@mail.***.edu.cn" + ",OU=software center" + ",CN=Guanchun"; //first generate a certificate X509Name subjectDN = new X509Name(attrs); X509Name issuerDN = new X509Name(attrs); Date from = new Date(); Date to = new Date(from.getTime() + 86400 * 1000 * 100); BigInteger certSerial = BigInteger.valueOf(123456); //这里 应该 使用 SecureRandom KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "BC"); KeyPair kp = kpg.generateKeyPair(); PublicKey pubk = kp.getPublic(); PrivateKey prik = kp.getPrivate(); X509Certificate result = generateCertificate(issuerDN, certSerial, from, to, subjectDN, pubk, prik, sigalg_DSAWITHSHA1); //output certificate new File("tmp.cer").createNewFile(); java.io.File file = new File("tmp.cer"); FileOutputStream fos = new FileOutputStream(file); byte[] certbytes = result.getEncoded(); fos.write(certbytes); fos.close(); System.out.println("OK!!KO"); System.out.println("OK!!KO"); } /** * @param attrs * /** * @return X509Certificate /** * @throws NoSuchAlgorithmException * /** * @throws NoSuchProviderException * /** * @throws SignatureException * /** * @throws InvalidKeyException * @param issuerDN * @param serial * @param from * @param to * @param subjectDN * @param publicKey * TODO * @param privateKey * TODO * @param algorithm * TODO */ public static X509Certificate generateCertificate(X509Name issuerDN, BigInteger serial, Date from, Date to, X509Name subjectDN, PublicKey publicKey, PrivateKey privateKey, String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException { X509V1CertificateGenerator certGenerator = new X509V1CertificateGenerator(); certGenerator.setIssuerDN(issuerDN); //issue serial certGenerator.setSerialNumber(serial); certGenerator.setSignatureAlgorithm(algorithm); //date certGenerator.setNotBefore(from); certGenerator.setNotAfter(to); //subject DN certGenerator.setSubjectDN(subjectDN); //public key certGenerator.setPublicKey(publicKey); //generate certificate using private key X509Certificate result = certGenerator .generateX509Certificate(privateKey); return result; } } | |
 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |