以编程方式在Java中生成自签名证书(X509),私钥和公钥的问题

时间:2017-08-02 05:32:45

标签: java android x509certificate bouncycastle self-signed

当我尝试使用BouncyCastle或Sun.Security生成证书时,我遇到了问题。*

要求 - Android API支持 - 适用于API 15和API 8

我尝试了以下方法来实现它。

1)我尝试使用带有以下代码的BouncyCastle jar 

    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();

    v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()));

    v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
    v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
    //        
    v3CertGen.setPublicKey(KPair.getPublic());
    v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); 

    X509Certificate PKCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());

此代码所面临的问题:

  • CertificateGenerator已被删除
  • 未识别X509V3CertificateGenerator类
  • 尝试使用不同版本的bouncycastle罐子(1.45,1.46,1.47和1.57)
  • 尝试使用CertificateBuilder(代码如下)

  • 当我使用此代码时,未识别此类。

        SubjectPublicKeyInfo publicKeyInfo = 
    SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());

    X509v3CertificateBuilder myX509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("c=sree"), BigInteger.valueOf(new Random().nextInt(1000000)), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 *365 * 100)), new X500Name("c=sree"), publicKeyInfo);

    ContentSigner signer = new JcaContentSignerBuilder("Sha256withRSA").build(myCAPrivateKey);
    X509CertificateHolder certHolder = myX509v3CertificateBuilder.build(signer);
    X509Certificate cert = (new JcaX509CertificateConverter().getCertificate(certHolder));

    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
    Certificate certcert = cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));

2) 我尝试使用以下代码的Sun.Security。*包 

import java.security.cert.X509Certificate;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.X500Name;

public class SelfSignedCertificateGeneration {
public static void main(String[] args){
    try{
        CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
        keyGen.generate(1024);

        //Generate self signed certificate
        X509Certificate[] chain=new X509Certificate[1];
        chain[0]=keyGen.getSelfCertificate(new X500Name("CN=ROOT"), (long)365*24*3600);

        System.out.println("Certificate : "+chain[0].toString());
    }catch(Exception ex){
        ex.printStackTrace();
    }
}

}

此代码面临的问题:

  • CertAndKeyGen和其他一些课程无法访问

**

还有其他办法吗?请建议我。

**

1 个答案:

答案 0 :(得分:1)

旧版本的android附带了一个减少版本的bouncycastle。所以你不能相信你需要的功能是完整的。尝试加入https://rtyley.github.io/spongycastle/,重新包装适用于Android的Bouncy Castle。

在gradle中指定依赖项

compile 'com.madgag.spongycastle:core:1.56.0.0'
compile 'com.madgag.spongycastle:prov:1.56.0.0'
compile 'com.madgag.spongycastle:pkix:1.56.0.0'
compile 'com.madgag.spongycastle:pg:1.56.0.0'

软件包名称已从org.bouncycastle.*更改为org.spongycastle.*,提供商名称已从BC更改为SC

这里有一个using spongycastle to create a selfsigned certificate

的例子
相关问题
最新问题