在我的应用程序中,我正在创建证书并使用自签名CA进行签名。从代码我可以看到所有细节,如发行人的详细信息,有效性。 但是,在“证书路径”选项卡下的Windows证书资源管理器中查看时,颁发的证书不会显示颁发者详细信息。我在这做错了什么。
提前致谢。
public void issueCertificate(KeyPair keypair, String cn, int days,
KeyPurposeId purposeId) throws Exception {
if (keypair != null) {
this.issuedKeyPair = keypair;
} else {
this.issuedKeyPair = generateRSAKeyPair();
}
PKCS10CertificationRequest request = generateCSR(issuedKeyPair, cn);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(caCertificate.getSubjectX500Principal());
certGen.setNotBefore(new Date(System.currentTimeMillis()));
certGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * days)));
certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
certGen.setPublicKey(request.getPublicKey("BC"));
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCertificate));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(purposeId));
ASN1Set attributes = request.getCertificationRequestInfo()
.getAttributes();
if (attributes != null) {
for (int i = 0; i != attributes.size(); i++) {
org.bouncycastle.asn1.pkcs.Attribute attr = org.bouncycastle.asn1.pkcs.Attribute
.getInstance(attributes.getObjectAt(i));
if (attr.getAttrType().equals(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
X509Extensions extensions = X509Extensions.getInstance(attr
.getAttrValues().getObjectAt(0));
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e
.nextElement();
X509Extension ext = extensions.getExtension(oid);
certGen.addExtension(oid, ext.isCritical(), ext
.getValue().getOctets());
}
}
}
}
this.issuedCertificate = certGen.generate(caKeyPair.getPrivate());
}