`

RSA对称秘钥创建文件证书以及测试

阅读更多
package com.company.util.test;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;

import sun.security.x509.AlgorithmId;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
/**
 * <p>
 * Title: 证书读取
 * </p>
 * 
 * <p>
 * Description: 
 * </p>
 * 
 * <p>
 * Copyright: xxx技术有限公司 2015
 * </p>
 * 
 * @author smallbee
 * @version 1.0
 * @date 2015-7-15
 *
 */
public class X509CertTest {
	private SecureRandom secureRandom;
	public X509CertTest() {
		try {
			secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			e.printStackTrace();
		}
	}
	/**
	 * 颁布证书
	 * 
	 * @param issue
	 * @param subject
	 * @param issueAlias
	 * @param issuePfxPath
	 * @param issuePassword
	 * @param issueCrtPath
	 * @param subjectAlias
	 * @param subjectPfxPath
	 * @param subjectPassword
	 * @param subjectCrtPath
	 * @throws NoSuchAlgorithmException
	 * @throws NoSuchProviderException
	 * @throws InvalidKeyException
	 * @throws CertificateException
	 * @throws IOException
	 * @throws KeyStoreException
	 * @throws UnrecoverableKeyException
	 * @throws SignatureException
	 */
	public void createIssueCert(X500Name issue, X500Name subject,
			String issueAlias, String issuePfxPath, String issuePassword,
			String issueCrtPath, String subjectAlias, String subjectPfxPath,
			String subjectPassword, String subjectCrtPath)
			throws NoSuchAlgorithmException, NoSuchProviderException,
			InvalidKeyException, CertificateException, IOException,
			KeyStoreException, UnrecoverableKeyException, SignatureException {
		CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "MD5WithRSA",
				null);
		certAndKeyGen.setRandom(secureRandom);
		certAndKeyGen.generate(1024);
		String sigAlg = "MD5WithRSA";
		// 1年
		long validity = 3650 * 24L * 60L * 60L;
		Date firstDate = new Date();
		Date lastDate;
		lastDate = new Date();
		lastDate.setTime(firstDate.getTime() + validity * 1000);
		CertificateValidity interval = new CertificateValidity(firstDate,
				lastDate);
		X509CertInfo info = new X509CertInfo();
		// Add all mandatory attributes
		info.set(X509CertInfo.VERSION, new CertificateVersion(
				CertificateVersion.V3));
		info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
				new java.util.Random().nextInt() & 0x7fffffff));
		AlgorithmId algID = AlgorithmId.get(sigAlg);
		info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
		info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
		info.set(X509CertInfo.KEY, new CertificateX509Key(certAndKeyGen
				.getPublicKey()));
		info.set(X509CertInfo.VALIDITY, interval);
		info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issue));
		PrivateKey privateKey = readPrivateKey(issueAlias, issuePfxPath,
				issuePassword);
		X509CertImpl cert = new X509CertImpl(info);
		cert.sign(privateKey, sigAlg);
		X509Certificate certificate = (X509Certificate) cert;
		X509Certificate issueCertificate = readX509Certificate(issueCrtPath);
		X509Certificate[] X509Certificates = new X509Certificate[] {
				certificate, issueCertificate };
		createKeyStore(subjectAlias, certAndKeyGen.getPrivateKey(),
				subjectPassword.toCharArray(), X509Certificates, subjectPfxPath);
		FileOutputStream fos = new FileOutputStream(new File(subjectCrtPath));
		fos.write(certificate.getEncoded());
		fos.close();
	}

	/**
	 * 创建根证书(证书有效期10年,私钥保存密码“123456”,公钥算法“RSA”,签名算法“MD5WithRSA”)
	 * 
	 * @param rootPfxPath
	 *            Personal Information Exchange 路径
	 * @param rootCrtPath
	 *            证书路径
	 * @param issue
	 *            颁发者&接收颁发者
	 * @throws NoSuchAlgorithmException
	 * @throws NoSuchProviderException
	 * @throws InvalidKeyException
	 * @throws IOException
	 * @throws CertificateException
	 * @throws SignatureException
	 * @throws KeyStoreException
	 */
	public void createRootCert(String issuePfxPath, String issueCrtPath,
			X500Name issue) throws NoSuchAlgorithmException,
			NoSuchProviderException, InvalidKeyException, IOException,
			CertificateException, SignatureException, KeyStoreException {
		CertAndKeyGen rootCertAndKeyGen = new CertAndKeyGen("RSA",
				"MD5WithRSA", null);
		rootCertAndKeyGen.setRandom(secureRandom);
		rootCertAndKeyGen.generate(1024);
		X509Certificate rootCertificate = rootCertAndKeyGen.getSelfCertificate(
				issue, 3650 * 24L * 60L * 60L);
		X509Certificate[] X509Certificates = new X509Certificate[] { rootCertificate };
		String password = "123456";
		createKeyStore("RootCA", rootCertAndKeyGen.getPrivateKey(), password
				.toCharArray(), X509Certificates, issuePfxPath);
		FileOutputStream fos = new FileOutputStream(new File(issueCrtPath));
		fos.write(rootCertificate.getEncoded());
		fos.close();
	}

	/**
	 * 证书私钥存储设施
	 * 
	 * @param alias
	 *            KeyStore别名
	 * @param key
	 *            密钥(这里是私钥)
	 * @param password
	 *            保存密码
	 * @param chain
	 *            证书链
	 * @param filePath
	 *            PFX文件路径
	 * @throws KeyStoreException
	 * @throws NoSuchAlgorithmException
	 * @throws CertificateException
	 * @throws IOException
	 */
	private void createKeyStore(String alias, Key key, char[] password,
			Certificate[] chain, String filePath) throws KeyStoreException,
			NoSuchAlgorithmException, CertificateException, IOException {
		KeyStore keyStore = KeyStore.getInstance("pkcs12");
		keyStore.load(null, password);
		keyStore.setKeyEntry(alias, key, password, chain);
		FileOutputStream fos = new FileOutputStream(filePath);
		keyStore.store(fos, password);
		fos.close();
	}

	/**
	 * 读取PFX文件中的私钥
	 * 
	 * @param alias
	 *            别名
	 * @param pfxPath
	 *            PFX文件路径
	 * @param password
	 *            密码
	 * @return
	 * @throws KeyStoreException
	 * @throws NoSuchAlgorithmException
	 * @throws CertificateException
	 * @throws IOException
	 * @throws UnrecoverableKeyException
	 */
	public PrivateKey readPrivateKey(String alias, String pfxPath,
			String password) throws KeyStoreException,
			NoSuchAlgorithmException, CertificateException, IOException,
			UnrecoverableKeyException {
		KeyStore keyStore = KeyStore.getInstance("pkcs12");
		FileInputStream fis = null;
		fis = new FileInputStream(pfxPath);
		keyStore.load(fis, password.toCharArray());
		fis.close();
		return (PrivateKey) keyStore.getKey(alias, password.toCharArray());
	}

	/**
	 * 读取X.509证书
	 * 
	 * @param crtPath
	 *            证书路径
	 * @return
	 * @throws CertificateException
	 * @throws IOException
	 */
	public X509Certificate readX509Certificate(String crtPath)
			throws CertificateException, IOException {
		InputStream inStream = null;
		inStream = new FileInputStream(crtPath);
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		X509Certificate cert = (X509Certificate) cf
				.generateCertificate(inStream);
		inStream.close();
		return cert;
	}

	/**
	 * 读取公钥证书中的公钥(字符串形式)
	 * 
	 * @param crtPath
	 * @return
	 * @throws CertificateException
	 * @throws IOException
	 */
	public String readX509CertificatePublicKey(String crtPath)
			throws CertificateException, IOException {
		X509Certificate x509Certificate = readX509Certificate(crtPath);
		PublicKey publicKey = x509Certificate.getPublicKey();
		return publicKey.toString().replace(" ", "");

	}

	/**
	 * 读取KeyStore里面的私钥(字符串形式)
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 * @throws UnrecoverableKeyException
	 * @throws KeyStoreException
	 * @throws NoSuchAlgorithmException
	 * @throws CertificateException
	 * @throws IOException
	 */
	public String readPrivateKeyStr(String alias, String pfxPath,
			String password) throws UnrecoverableKeyException,
			KeyStoreException, NoSuchAlgorithmException, CertificateException,
			IOException {
		PrivateKey privateKey = readPrivateKey(alias, pfxPath, password);
		return privateKey.toString().replace(" ", "");
	}

	/**
	 * 根据证书读取 读取模数N
	 * 
	 * @param crtPath
	 * @return
	 */
	public String getModulusByCrt(String crtPath) {
		String crt = "";
		try {
			crt = readX509CertificatePublicKey(crtPath);
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = crt.substring(crt.indexOf("modulus:")
				+ "modulus:".length(), crt.indexOf("publicexponent:"));
		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据证书读取公钥e
	 * 
	 * @param crtPath
	 * @return
	 */
	public String getPubExponentByCrt(String crtPath) {
		String crt = "";
		try {
			crt = readX509CertificatePublicKey(crtPath);
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String pubExponent = crt.substring(crt.indexOf("publicexponent:")
				+ "publicexponent:".length(), crt.length());
		return pubExponent.trim().replace(" ", "");

	}

	/**
	 * 根据KeyStore读取模数N
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getModulusByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("modulus:")
				+ "modulus:".length(), pfx.indexOf("publicexponent:"));
		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据KeyStore读取公钥e
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getPubExponentByPfx(String alias, String pfxPath,
			String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("publicexponent:")
				+ "publicexponent:".length(), pfx.indexOf("privateexponent:"));

		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据KeyStore读取私钥d
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getPriExponentByPfx(String alias, String pfxPath,
			String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("privateexponent:")
				+ "privateexponent:".length(), pfx.indexOf("primep:"));

		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据KeyStore读取p
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getpByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("primep:")
				+ "primep:".length(), pfx.indexOf("primeq:"));

		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据KeyStore读取q
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getqByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("primeq:")
				+ "primeq:".length(), pfx.indexOf("primeexponentp:"));

		return modulus.trim().replace(" ", "");

	}

	/**
	 * 根据KeyStore读取dp
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getdpByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("primeexponentp:")
				+ "primeexponentp:".length(), pfx.indexOf("primeexponentq:"));

		return modulus.trim().replace(" ", "");

	}

	/**
	 * 根据KeyStore读取dq
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getdqByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("primeexponentq:")
				+ "primeexponentq:".length(), pfx.indexOf("crtcoefficient:"));
		return modulus.trim().replace(" ", "");
	}

	/**
	 * 根据KeyStore读取qInv
	 * 
	 * @param alias
	 * @param pfxPath
	 * @param password
	 * @return
	 */
	public String getqInvByPfx(String alias, String pfxPath, String password) {
		String pfx = "";
		try {
			pfx = readPrivateKeyStr(alias, pfxPath, password);
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		String modulus = pfx.substring(pfx.indexOf("crtcoefficient:")
				+ "crtcoefficient:".length(), pfx.length());
		return modulus.trim().replace(" ", "");

	}

	public static void main(String args[]) throws IOException {
		// CN commonName 一般名字
		// L localityName 地方名
		// ST stateOrProvinceName 州省名
		// O organizationName 组织名
		// OU organizationalUnitName 组织单位名
		// C countryName 国家
		// STREET streetAddress 街道地址
		// DC domainComponent 领域
		// UID user id 用户ID
		X500Name issue = new X500Name(
				"CN=RootCA,OU=ISI,O=BenZeph,L=CD,ST=SC,C=CN");

		X500Name subject = new X500Name(
				"CN=subject,OU=ISI,O=BenZeph,L=CD,ST=SC,C=CN");

		String issuePfxPath = "D://temp//cert//ROOTCA.pfx";
		String issueCrtPath = "D://temp//cert//ROOTCA.crt";

		String subjectPfxPath = "D://temp//cert//ISSUE.pfx";
		String subjectCrtPath = "D://temp//cert//ISSUE.crt";

		String issueAlias = "RootCA";
		String subjectAlias = "subject";

		String issuePassword = "123456";
		String subjectPassword = "123456";

		X509CertTest test = new X509CertTest();

		try {
			System.out.println(test.readX509CertificatePublicKey(issueCrtPath));
		} catch (CertificateException e) {
			e.printStackTrace();
		}
		System.out.println("");
		System.out.println(test.getModulusByCrt(issueCrtPath));
		System.out.println(test.getPubExponentByCrt(issueCrtPath));
		System.out.println("");
		try {
			System.out.println(test.readPrivateKeyStr(issueAlias, issuePfxPath,
					issuePassword));
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		}
		System.out.println("");
		System.out.println(test.getModulusByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getPubExponentByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getPriExponentByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getpByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getqByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getdpByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getdqByPfx(issueAlias, issuePfxPath,
				issuePassword));
		System.out.println(test.getqInvByPfx(issueAlias, issuePfxPath,
				issuePassword));
	}
}

 

package com.company.util.test;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;

import sun.security.x509.AlgorithmId;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
/**
 * <p>
 * Title: 创建根证书,颁发子证书 
 * </p>
 * 
 * <p>
 * Description: 
 * </p>
 * 
 * <p>
 * Copyright: xxx技术有限公司 2015
 * </p>
 * 
 * @author smallbee
 * @version 1.0
 * @date 2015-7-15
 *
 */
public class X509CertTest1 {
	private SecureRandom secureRandom;
	public X509CertTest1() {
		try {
			secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			e.printStackTrace();
		}
	}
	/**
	 * 颁布证书
	 * 
	 * @param issue
	 * @param subject
	 * @param issueAlias
	 * @param issuePfxPath
	 * @param issuePassword
	 * @param issueCrtPath
	 * @param subjectAlias
	 * @param subjectPfxPath
	 * @param subjectPassword
	 * @param subjectCrtPath
	 * @throws NoSuchAlgorithmException
	 * @throws NoSuchProviderException
	 * @throws InvalidKeyException
	 * @throws CertificateException
	 * @throws IOException
	 * @throws KeyStoreException
	 * @throws UnrecoverableKeyException
	 * @throws SignatureException
	 */
	public void createIssueCert(X500Name issue, X500Name subject,
			String issueAlias, String issuePfxPath, String issuePassword,
			String issueCrtPath, String subjectAlias, String subjectPfxPath,
			String subjectPassword, String subjectCrtPath)
			throws NoSuchAlgorithmException, NoSuchProviderException,
			InvalidKeyException, CertificateException, IOException,
			KeyStoreException, UnrecoverableKeyException, SignatureException {
		CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "MD5WithRSA",
				null);
		certAndKeyGen.setRandom(secureRandom);
		certAndKeyGen.generate(1024);
		String sigAlg = "MD5WithRSA";
		// 1年
		long validity = 3650 * 24L * 60L * 60L;
		Date firstDate = new Date();
		Date lastDate;
		lastDate = new Date();
		lastDate.setTime(firstDate.getTime() + validity * 1000);
		CertificateValidity interval = new CertificateValidity(firstDate,
				lastDate);
		X509CertInfo info = new X509CertInfo();
		// Add all mandatory attributes
		info.set(X509CertInfo.VERSION, new CertificateVersion(
				CertificateVersion.V3));
		info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
				new java.util.Random().nextInt() & 0x7fffffff));
		AlgorithmId algID = AlgorithmId.get(sigAlg);
		info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
		info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
		info.set(X509CertInfo.KEY,
				new CertificateX509Key(certAndKeyGen.getPublicKey()));
		info.set(X509CertInfo.VALIDITY, interval);
		info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issue));
		PrivateKey privateKey = readPrivateKey(issueAlias, issuePfxPath,
				issuePassword);
		X509CertImpl cert = new X509CertImpl(info);
		cert.sign(privateKey, sigAlg);
		X509Certificate certificate = (X509Certificate) cert;
		X509Certificate issueCertificate = readX509Certificate(issueCrtPath);
		X509Certificate[] X509Certificates = new X509Certificate[] {
				certificate, issueCertificate };
		createKeyStore(subjectAlias, certAndKeyGen.getPrivateKey(),
				subjectPassword.toCharArray(), X509Certificates, subjectPfxPath);
		FileOutputStream fos = new FileOutputStream(new File(subjectCrtPath));
		fos.write(certificate.getEncoded());
		fos.close();
	}

	/**
	 * 创建根证书(证书有效期10年,私钥保存密码“123456”,公钥算法“RSA”,签名算法“MD5WithRSA”)
	 * 
	 * @param rootPfxPath
	 *            Personal Information Exchange 路径
	 * @param rootCrtPath
	 *            证书路径
	 * @param issue
	 *            颁发者&接收颁发者
	 * @throws NoSuchAlgorithmException
	 * @throws NoSuchProviderException
	 * @throws InvalidKeyException
	 * @throws IOException
	 * @throws CertificateException
	 * @throws SignatureException
	 * @throws KeyStoreException
	 */
	public void createRootCert(String issuePfxPath, String issueCrtPath,
			X500Name issue) throws NoSuchAlgorithmException,
			NoSuchProviderException, InvalidKeyException, IOException,
			CertificateException, SignatureException, KeyStoreException {
		CertAndKeyGen rootCertAndKeyGen = new CertAndKeyGen("RSA",
				"MD5WithRSA", null);
		rootCertAndKeyGen.setRandom(secureRandom);
		rootCertAndKeyGen.generate(1024);
		X509Certificate rootCertificate = rootCertAndKeyGen.getSelfCertificate(
				issue, 3650 * 24L * 60L * 60L);
		X509Certificate[] X509Certificates = new X509Certificate[] { rootCertificate };
		String password = "123456";
		createKeyStore("RootCA", rootCertAndKeyGen.getPrivateKey(),
				password.toCharArray(), X509Certificates, issuePfxPath);
		FileOutputStream fos = new FileOutputStream(new File(issueCrtPath));
		fos.write(rootCertificate.getEncoded());
		fos.close();
	}

	/**
	 * 证书私钥存储设施
	 * 
	 * @param alias
	 *            KeyStore别名
	 * @param key
	 *            密钥(这里是私钥)
	 * @param password
	 *            保存密码
	 * @param chain
	 *            证书链
	 * @param filePath
	 *            PFX文件路径
	 * @throws KeyStoreException
	 * @throws NoSuchAlgorithmException
	 * @throws CertificateException
	 * @throws IOException
	 */
	private void createKeyStore(String alias, Key key, char[] password,
			Certificate[] chain, String filePath) throws KeyStoreException,
			NoSuchAlgorithmException, CertificateException, IOException {
		KeyStore keyStore = KeyStore.getInstance("pkcs12");
		keyStore.load(null, password);
		keyStore.setKeyEntry(alias, key, password, chain);
		FileOutputStream fos = new FileOutputStream(filePath);
		keyStore.store(fos, password);
		fos.close();
	}

	/**
	 * 读取PFX文件中的私钥
	 * 
	 * @param alias
	 *            别名
	 * @param pfxPath
	 *            PFX文件路径
	 * @param password
	 *            密码
	 * @return
	 * @throws KeyStoreException
	 * @throws NoSuchAlgorithmException
	 * @throws CertificateException
	 * @throws IOException
	 * @throws UnrecoverableKeyException
	 */
	public PrivateKey readPrivateKey(String alias, String pfxPath,
			String password) throws KeyStoreException,
			NoSuchAlgorithmException, CertificateException, IOException,
			UnrecoverableKeyException {
		KeyStore keyStore = KeyStore.getInstance("pkcs12");
		FileInputStream fis = null;
		fis = new FileInputStream(pfxPath);
		keyStore.load(fis, password.toCharArray());
		fis.close();
		return (PrivateKey) keyStore.getKey(alias, password.toCharArray());
	}

	/**
	 * 读取X.509证书
	 * 
	 * @param crtPath
	 *            证书路径
	 * @return
	 * @throws CertificateException
	 * @throws IOException
	 */
	public X509Certificate readX509Certificate(String crtPath)
			throws CertificateException, IOException {
		InputStream inStream = null;
		inStream = new FileInputStream(crtPath);
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		X509Certificate cert = (X509Certificate) cf
				.generateCertificate(inStream);
		inStream.close();
		return cert;
	}

	public static void main(String args[]) throws IOException {
		// CN commonName 一般名字
		// L localityName 地方名
		// ST stateOrProvinceName 州省名
		// O organizationName 组织名
		// OU organizationalUnitName 组织单位名
		// C countryName 国家
		// STREET streetAddress 街道地址
		// DC domainComponent 领域
		// UID user id 用户ID
		X500Name issue = new X500Name(
				"CN=RootCA,OU=ISI,O=BenZeph,L=CD,ST=SC,C=CN");

		X500Name subject = new X500Name(
				"CN=subject,OU=ISI,O=BenZeph,L=CD,ST=SC,C=CN");
		String issuePfxPath = "D://temp//cert//ROOTCA.pfx";
		String issueCrtPath = "D://temp//cert//ROOTCA.crt";
		String subjectPfxPath = "D://temp//cert//ISSUE.pfx";
		String subjectCrtPath = "D://temp//cert//ISSUE.crt";
		String issueAlias = "RootCA";
		String subjectAlias = "subject";
		String issuePassword = "123456";
		String subjectPassword = "123456";
		X509CertTest1 test = new X509CertTest1();
		try {
			test.createRootCert(issuePfxPath, issueCrtPath, issue);
			test.createIssueCert(issue, subject, issueAlias, issuePfxPath,
					issuePassword, issueCrtPath, subjectAlias, subjectPfxPath,
					subjectPassword, subjectCrtPath);
		} catch (Exception e1) {
			e1.printStackTrace();
		} 
	}
}

 

 

 

 

 

 

 

 

 

分享到:
评论

相关推荐

    秘钥生成工具.rar

    OpenSSL是一个强大的安全套接字层密码库,包含各种主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议,并提供丰富的应用程序用于测试或其他目的。在RSA密钥生成方面,OpenSSL提供了命令行工具`openssl rsa`...

    OpenSSL免安装RSA密钥生成工具

    在IT领域,OpenSSL广泛应用于服务器证书的创建、管理和加密解密,其中RSA算法是其核心的一部分。 RSA是一种非对称加密算法,由Ron Rivest、Adi Shamir和Leonard Adleman于1977年提出。它的主要特点是公钥和私钥不同...

    openssl生成秘钥工具

    在IT行业中,加密技术是确保数据安全的重要手段之一,而OpenSSL是一个强大的安全套接字层(SSL)密码库,包含各种主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议,并提供丰富的应用程序供测试或其他目的...

    openssl详细使用教程

    使用 OpenSSL 创建证书签名请求文件,命令为:`openssl req -new -key rsa.key -out rsa.csr` 4.3 生成自签名证书 使用 OpenSSL 生成自签名证书,命令为:`openssl x509 -req -days 365 -in rsa.csr -signkey rsa....

    openssl-win32绿色版

    1. **生成私钥**:使用`openssl genpkey`命令生成RSA私钥,如`openssl genpkey -algorithm RSA -out private_key.pem`,这将创建一个名为`private_key.pem`的私钥文件。 2. **设置密钥长度**:默认密钥长度是2048位...

    openssl.zip

    5. **命令行工具**: OpenSSL附带了一套强大的命令行工具,如`openssl genpkey`用于生成密钥,`openssl req`用于创建证书请求,`openssl x509`用于处理X.509证书,以及`openssl s_client`和`s_server`用于测试SSL连接...

    openssl-0.9.8h-1-bin

    此外,它还可以用于创建X.509数字证书,这对于建立SSL/TLS连接、电子邮件加密以及代码签名等用途至关重要。 `man`目录通常包含OpenSSL命令的手册页,用户可以通过阅读这些文档了解如何使用OpenSSL的各种功能。`test...

    生成公钥密钥工具(Openssl) 64位

    OpenSSL是一款强大的安全套接字层密码库,包含了各种主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议,并提供丰富的应用程序供测试或其他目的使用。在IT行业中,OpenSSL是构建网络安全基础设施的重要工具...

    Win64OpenSSL-1_0_2h.rar

    例如,`openssl genrsa` 命令可以生成RSA私钥,`openssl req` 可以创建证书请求。 3. **SSL/TLS 协议**:OpenSSL 实现了 SSLv2、SSLv3、TLSv1.0、TLSv1.1、TLSv1.2(1.0.2h版本不包含TLSv1.3)等多个版本的协议,...

    安卓开发-支付SDK.zip.zip

    - **安全机制**:为了保护用户信息和交易安全,支付SDK通常包含加密算法和证书管理,如SSL/TLS协议、RSA非对称加密等。 - **UI组件**:一些SDK提供预设的支付界面,开发者可以自定义或直接使用,以保持应用的一致...

Global site tag (gtag.js) - Google Analytics