颁发的证书不显示发行人的详细信息

时间:2014-10-26 13:53:18

标签: java security ssl x509certificate bouncycastle

在我的应用程序中,我正在创建证书并使用自签名CA进行签名。从代码我可以看到所有细节,如发行人的详细信息,有效性。 但是,在“证书路径”选项卡下的Windows证书资源管理器中查看时,颁发的证书不会显示颁发者详细信息。我在这做错了什么。

提前致谢。

public void issueCertificate(KeyPair keypair, String cn, int days,
        KeyPurposeId purposeId) throws Exception {

    if (keypair != null) {
        this.issuedKeyPair = keypair;
    } else {
        this.issuedKeyPair = generateRSAKeyPair();
    }

    PKCS10CertificationRequest request = generateCSR(issuedKeyPair, cn);

    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(caCertificate.getSubjectX500Principal());
    certGen.setNotBefore(new Date(System.currentTimeMillis()));
    certGen.setNotAfter(new Date(System.currentTimeMillis()
            + (1000L * 60 * 60 * 24 * days)));
    certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
    certGen.setPublicKey(request.getPublicKey("BC"));
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCertificate));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
    certGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    certGen.addExtension(X509Extensions.ExtendedKeyUsage, true,
            new ExtendedKeyUsage(purposeId));

    ASN1Set attributes = request.getCertificationRequestInfo()
            .getAttributes();

    if (attributes != null) {
        for (int i = 0; i != attributes.size(); i++) {
            org.bouncycastle.asn1.pkcs.Attribute attr = org.bouncycastle.asn1.pkcs.Attribute
                    .getInstance(attributes.getObjectAt(i));

            if (attr.getAttrType().equals(
                    PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                X509Extensions extensions = X509Extensions.getInstance(attr
                        .getAttrValues().getObjectAt(0));

                Enumeration e = extensions.oids();
                while (e.hasMoreElements()) {
                    DERObjectIdentifier oid = (DERObjectIdentifier) e
                            .nextElement();
                    X509Extension ext = extensions.getExtension(oid);

                    certGen.addExtension(oid, ext.isCritical(), ext
                            .getValue().getOctets());
                }
            }
        }
    }

    this.issuedCertificate = certGen.generate(caKeyPair.getPrivate());

}

0 个答案:

没有答案