具有有效根证书的Bouncycastle X509证书链生成:getInstance中的未知对象

时间:2014-01-25 07:37:17

标签: java security encryption x509certificate bouncycastle

尝试使用BouncyCastle api生成X509。这是我的一段代码。

    try {
        Security.addProvider(new BouncyCastleProvider()); // adding provider to
        String pathtoSave = "D://sureshtest.cer";

        KeyPair keyPair = generateKeypair();
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        X509Certificate trustCert = createCertificate(null,"CN=DigiCorp",
                "CN=Nextenders", publicKey, privateKey);
         // Create an input stream from the file containing the certificate.
        InputStream is =new FileInputStream(new File("D://validcertFormCa.pfx"));
        /*
         * CertificateFactory object is used for reading Certificates, CRL and
         * CertPaths. Create a factory object using the standard SPI pattern
         * used in JCA.
         */
        CertificateFactory factory =
                CertificateFactory.getInstance("X.509", "BC");

        /*
         * Generate a X509 Certificate initialized with the data read from the
         * input stream.
         */
        X509Certificate mastercert =
                (X509Certificate) factory.generateCertificate(is);
        java.security.cert.Certificate[] outChain = { trustCert,mastercert };
        trustCert.checkValidity();
        mastercert.checkValidity();
        KeyStore outStore = KeyStore.getInstance("PKCS12");
        outStore.load(null, null);
        outStore.setKeyEntry("my own certificate", privateKey,
                "admin123".toCharArray(), outChain);

        OutputStream outputStream = new FileOutputStream(pathtoSave);
        outStore.store(outputStream, "admin123".toCharArray());
        outputStream.flush();
        outputStream.close();
    } catch (Exception e) {
        e.printStackTrace();
    }

并遇到异常

    org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException
    at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(Unknown Source)
    at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
    at com.nextenders.certificategeenrator.CertificateGenerator.testGenerateSignCertWithKeyStore(CertificateGenerator.java:119)
    at com.nextenders.facadeimplementation.facade.JUnitFacade.main(JUnitFacade.java:11)
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.ASN1Integer
    at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source)
    at org.bouncycastle.asn1.x509.TBSCertificate.getInstance(Unknown Source)
    at org.bouncycastle.asn1.x509.Certificate.<init>(Unknown Source)
    at org.bouncycastle.asn1.x509.Certificate.getInstance(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(Unknown Source)
    ... 4 more

1 个答案:

答案 0 :(得分:2)

mastercert应该是什么?

根据generateCertificate()的文档,它希望“inStream中提供的证书必须是DER编码的,并且可以以二进制或可打印(Base64)编码提供”。换句话说,DER或PEM编码的X509证书。

您通过InputStream提供的是PFX文件(PKCS#12文件),而不是DER或PEM编码的证书。

我的建议是使用openssl pkcs12从PKCS#12文件中提取必要的证书,并将其放入单独的文件中,然后更改代码以加载而不是PFX文件。

相关问题
最新问题