大家好,又见面了,我是你们的朋友全栈君。
importjava.io.File;importjava.io.FileInputStream;importjava.io.FileOutputStream;importjava.io.FileWriter;importjava.io.IOException;importjava.math.BigInteger;importjava.security.InvalidKeyException;importjava.security.Key;importjava.security.KeyPair;importjava.security.KeyPairGenerator;importjava.security.KeyStore;importjava.security.KeyStoreException;importjava.security.NoSuchAlgorithmException;importjava.security.NoSuchProviderException;importjava.security.SecureRandom;importjava.security.Security;importjava.security.SignatureException;importjava.security.cert.CertificateEncodingException;importjava.security.cert.CertificateException;importjava.security.cert.CertificateFactory;importjava.security.cert.X509Certificate;importjava.util.Date;importjava.util.Enumeration;importorg.bouncycastle.asn1.x509.X509Name;importorg.bouncycastle.jce.X509V3CertificateGenerator;importorg.bouncycastle.jce.provider.BouncyCastleProvider;importsun.misc.BASE64Encoder;public classDataCertCreate {private String path = “D:/”;/*** 公钥方法*/
static{
Security.addProvider(newBouncyCastleProvider());
}/*** 产生数字公钥证书 String[]
* info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}
*
*@throwsSignatureException
*@throwsSecurityException
*@throwsNoSuchProviderException
*@throwsInvalidKeyException*/
publicX509Certificate generateCert(String[] info, KeyPair keyPair_root, KeyPair keyPair_user)throwsInvalidKeyException, NoSuchProviderException, SecurityException, SignatureException {
X509V3CertificateGenerator certGen= newX509V3CertificateGenerator();
X509Certificate cert= null;
certGen.setSerialNumber(new BigInteger(info[8]));
certGen.setIssuerDN(new X509Name(“CN=huahua, OU=hnu, O=university , C=china”));
certGen.setNotBefore(new Date(Long.parseLong(info[6])));
certGen.setNotAfter(new Date(Long.parseLong(info[7])));
certGen.setSubjectDN(new X509Name(“C=” + info[0] + “,OU=” + info[1] + “,O=” + info[2] + “,C=” + info[3] + “,L=”
+ info[4] + “,ST=” + info[3]));
certGen.setPublicKey(keyPair_user.getPublic());
certGen.setSignatureAlgorithm(“SHA1WithRSA”);
cert= certGen.generateX509Certificate(keyPair_root.getPrivate(), “BC”);returncert;
}/*** 私钥方法*/
private String KEYSTORE_PASSWORD = “2078888”;/*** 创建空的jks文件 String[]
* info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}*/
public voidgenerateJKS(String[] info) {try{
KeyStore keyStore= KeyStore.getInstance(“jks”);
keyStore.load(null, null);
keyStore.store(new FileOutputStream(“D:/” + info[0] + “.jks”), KEYSTORE_PASSWORD.toCharArray());
}catch (KeyStoreException | NoSuchAlgorithmException | CertificateException |IOException e) {
e.printStackTrace();
}
}/*** 使用空的jks创建自己的jks String[]
* info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}*/
public voidstoreJKS(String[] info, KeyPair keyPair_root, KeyPair keyPair_user) {
KeyStore keyStore;try{//use exited jks file
keyStore = KeyStore.getInstance(“JKS”);
keyStore.load(new FileInputStream(“D:/” + info[0] + “.jks”), KEYSTORE_PASSWORD.toCharArray());//generate user’s keystore by info[8] —–keypair
X509V3CertificateGenerator certGen = newX509V3CertificateGenerator();
certGen.setSerialNumber(new BigInteger(info[8]));
certGen.setIssuerDN(new X509Name(“CN=huahua, OU=hnu, O=university , C=china”));
certGen.setNotBefore(new Date(Long.parseLong(info[6])));
certGen.setNotAfter(new Date(Long.parseLong(info[7])));
certGen.setSubjectDN(new X509Name(“C=” + info[0] + “,OU=” + info[1] + “,O=” + info[2] + “,C=” + info[3]+ “,L=” + info[4] + “,ST=” + info[3]));
certGen.setPublicKey(keyPair_user.getPublic());
certGen.setSignatureAlgorithm(“SHA1WithRSA”);
X509Certificate cert= null;
Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());
cert= certGen.generateX509Certificate(keyPair_root.getPrivate(), “BC”);
X509Certificate[] chain= new X509Certificate[1];
chain[0] =cert;
keyStore.setKeyEntry(“mykey”, keyPair_user.getPrivate(), KEYSTORE_PASSWORD.toCharArray(), chain);
keyStore.setCertificateEntry(“single_cert”, cert);
keyStore.store(new FileOutputStream(“D:/” + info[0] + “.jks”), KEYSTORE_PASSWORD.toCharArray());
}catch(Exception e) {
e.printStackTrace();
}
}/*** 公私钥公共方法*/
/*** 根据seed产生密钥对
*
*@paramseed
*@return*@throwsNoSuchAlgorithmException*/
public KeyPair generateKeyPair(int seed) throwsNoSuchAlgorithmException {
KeyPairGenerator kpg= KeyPairGenerator.getInstance(“RSA”);
kpg.initialize(1024, new SecureRandom(new byte[seed]));
KeyPair keyPair=kpg.generateKeyPair();returnkeyPair;
}public static final String PKCS12 = “PKCS12”;/*** 转换成pfx格式
*
*@paraminfo*/
publicBoolean toPFX(String[] info) {try{
String pfx_keystore_file= “D:/” + info[0] + “.pfx”;
String jkx_keystore_file= “D:/” + info[0] + “.jks”;
KeyStore inputKeyStore= KeyStore.getInstance(“JKS”);
FileInputStream fis= newFileInputStream(jkx_keystore_file);char[] nPassword = null;if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(“”)) {
nPassword= null;
}else{
nPassword=KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore= KeyStore.getInstance(“PKCS12”);
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums=inputKeyStore.aliases();while(enums.hasMoreElements()) {
String keyAlias=(String) enums.nextElement();
System.out.println(“alias=[” + keyAlias + “]”);if(inputKeyStore.isKeyEntry(keyAlias)) {
Key key=inputKeyStore.getKey(keyAlias, nPassword);
java.security.cert.Certificate[] certChain=inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out= newFileOutputStream(pfx_keystore_file);
outputKeyStore.store(out, nPassword);
out.close();return true;
}catch(Exception e) {
e.printStackTrace();
System.out.println(“toPFX :” +e.getMessage());return false;
}
}public booleancreatePublicKey(String[] info) {try{
KeyPair keyPair_root= generateKeyPair(10);
KeyPair keyPair_user= generateKeyPair(100);
X509Certificate cert=generateCert(info, keyPair_root, keyPair_user);
String certPath= path + info[0] + “.cer”;
FileOutputStream fos= newFileOutputStream(certPath);
BASE64Encoder encoder= newBASE64Encoder();
String string=encoder.encode(cert.getEncoded());
System.out.println(string);
fos.write(cert.getEncoded());
fos.close();return true;
}catch(Exception e) {
e.printStackTrace();
System.out.println(“public key :” +e.getMessage());return false;
}
}public booleancreatePublicKeyBYDecode(String[] info) {try{
KeyPair keyPair_root= generateKeyPair(10);
KeyPair keyPair_user= generateKeyPair(100);
X509Certificate cert=generateCert(info, keyPair_root, keyPair_user);
String certPath= path + info[0] + “_base.cer”;
FileWriter wr= new java.io.FileWriter(newFile(certPath));
String encode= newBASE64Encoder().encode(cert.getEncoded());
String strCertificate= “—–BEGIN CERTIFICATE—–\r\n” + encode + “\r\n—–END CERTIFICATE—–\r\n”;
wr.write(strCertificate);//给证书编码
wr.flush();
wr.close();return true;
}catch(Exception e) {
e.printStackTrace();
System.out.println(“public key :” +e.getMessage());return false;
}
}publicX509Certificate fromString(String cert) {try{
CertificateFactory certificateFactory= CertificateFactory.getInstance(“X.509”);
String strCertificate= “—–BEGIN CERTIFICATE—–\n” + cert + “\n—–END CERTIFICATE—–\n”;
java.io.ByteArrayInputStream streamCertificate= newjava.io.ByteArrayInputStream(
strCertificate.getBytes(“UTF-8”));return(X509Certificate) certificateFactory.generateCertificate(streamCertificate);
}catch(Exception ex) {
System.out.println(ex.getMessage());
}return null;
}public booleancreatePrivateKey(String[] info) {try{
KeyPair keyPair_root= generateKeyPair(10);
KeyPair keyPair_user= generateKeyPair(100);
generateJKS(info);
storeJKS(info, keyPair_root, keyPair_user);return true;
}catch(NoSuchAlgorithmException e) {
e.printStackTrace();
System.out.println(“private key :” +e.getMessage());return false;
}
}public static void main(String[] args) throwsNoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SecurityException, SignatureException, CertificateEncodingException, IOException {
DataCertCreate dataCertCreate= newDataCertCreate();
String[] info= { “huahua_user”, “hnu”, “university”, “china”, “hunan”, “changsha”, “111111”, “11111111”, “1”};//生成公钥
boolean createPublicKey =dataCertCreate.createPublicKey(info);
System.out.println(“PUBLIC KEY CREATE OK, result==” +createPublicKey);boolean createPublicKeyBYDecode =dataCertCreate.createPublicKeyBYDecode(info);
System.out.println(“PUBLIC KEY BY BASE64Encoder CREATE OK, result==” +createPublicKeyBYDecode);boolean createPrivateKey =dataCertCreate.createPrivateKey(info);
System.out.println(“PRIVATE KEY CREATE OK, result==” +createPrivateKey);
Boolean pfx=dataCertCreate.toPFX(info);
System.out.println(“transToPFX OK, result==” +pfx);
}
}
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/139701.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...