【发布时间】:2016-10-31 21:09:08
【问题描述】:
我需要将现有的 csr 和密钥对附加到密钥库。下面给出的是一个使用 GUI(java swing) 获取用户输入的实现,例如密钥库名称、别名、通用名称、组织等。
我尝试使用 keystore.setkeyentry(...) 将 csr 链接到密钥库,但是密钥库仍然是空的。
我在下面附上了我的代码,任何帮助都会非常有用:
下面这段代码是用来创建csr的
public String getCSR(String cn, String ou, String o, String l,String s) throws Exception {
byte[] csr = generatePKCS10(cn, ou, o, l,s,"US");
return new String(csr);
}
private static byte[] generatePKCS10(String CN, String OU, String O,
String L, String S, String C) throws Exception {
// generate PKCS10 certificate request
String sigAlg = "MD5WithRSA";
PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
// common, orgUnit, org, locality, state, country
X500Principal principal = new X500Principal( "CN=Ole Nordmann, OU=ACME, O=Sales, C=NO");
// pkcs10CertificationRequest kpGen = new PKCS10CertificationRequest(sigAlg, principal, publicKey, null, privateKey);
// byte[] c = kpGen.getEncoded();
X500Name x500name=null;
x500name= new X500Name(principal.getEncoded());
pkcs10.encodeAndSign(x500name, signature);
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
pkcs10.print(ps);
byte[] c = bs.toByteArray();
try {
if (ps != null)
ps.close();
if (bs != null)
bs.close();
} catch (Throwable th) {
}
return c;
}
public static X509Certificate generateX509Certificate(String certEntry) throws IOException {
InputStream in = null;
X509Certificate cert = null;
try {
byte[] certEntryBytes = certEntry.getBytes();
in = new ByteArrayInputStream(certEntryBytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) certFactory.generateCertificate(in);
} catch (CertificateException ex) {
} finally {
if (in != null) {
in.close();
}
}
return cert;
}
在主要方法中,我执行以下操作来创建密钥库并将其附加到 csr
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] pass = password.toCharArray();
ks.load(null, pass);
ks.store(fos, pass);
fos.close();
GenerateCSR gcsr = GenerateCSR.getInstance();
System.out.println("Public Key:\n"+gcsr.getPublicKey().toString());
System.out.println("Private Key:\n"+gcsr.getPrivateKey().toString());
String csr = gcsr.getCSR(CN,OU,O,L,S);
System.out.println("CSR Request Generated!!");
System.out.println(csr);
X509Certificate[] certChain = new X509Certificate[1];
// certChain[0]= gcsr.generateX509Certificate(csr);
X509Certificate myCert = (X509Certificate) CertificateFactory
.getInstance("X509")
.generateCertificate(
// string encoded with default charset
new ByteArrayInputStream(csr.getBytes())
);
certChain[0]= myCert;
ks.setKeyEntry("alias", (Key)gcsr.getPrivateKey(), pass, certChain);
当我检查密钥库的内容时,它是空的。 任何建议将不胜感激
谢谢你!!!
【问题讨论】:
-
您可能会从示例中删除所有导入语句,并完全删除 GUI 配对器,只留下一个生成 keyPair 和 CSR 并演示使用 '.setKeyEntry()' 如何失败的示例将密钥添加到商店。 (这将使回答问题更容易:))
-
很好的建议!!谢谢
标签: java security bouncycastle keytool csr