文章目录
- 前言
- BouncyCastleProvider 对 X.509 证书的生成
- 1. demo
前言
如果您觉得有用的话,记得给博主点个赞,评论,收藏一键三连啊,写作不易啊^ _ ^。
而且听说点赞的人每天的运气都不会太差,实在白嫖的话,那欢迎常来啊!!!
BouncyCastleProvider 对 X.509 证书的生成
在这里说一下,为什么要用BouncyCastleProvider 来对证书的生成。
看下面截图:
keytool -list -v -keystore yzy.p12 -storetype PKCS12 -storepass yzy@yzy
win10 系统
linux系统
相同的p12证书在不同的环境,不一定都可以用,对于我这边的java服务来说,如果用BouncyCastleProvider 生成,基本上就不会有问题。
1. demo
package org.example.controller;import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;public class Test {static {Security.addProvider(new BouncyCastleProvider());}public static void main(String[] args) throws Exception {String certFile = "F:/中间件/docker_p12/window/yzy.crt";String keyFile = "F:/中间件/docker_p12/window/yzy.key";String p12File = "F:/中间件/docker_p12/window/yzy.p12";String password = "yzy@yzy";// Load certificateCertificateFactory cf = CertificateFactory.getInstance("X.509");try (FileReader certInputStream = new FileReader(certFile);PemReader certPemReader = new PemReader(certInputStream)) {PemObject certPemObject = certPemReader.readPemObject();X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certPemObject.getContent()));// Load private keyPemReader keyPemReader = new PemReader(new FileReader(keyFile));Object pemObject = new PEMParser(keyPemReader).readObject();PrivateKey privateKey = null;if (pemObject instanceof PEMKeyPair) {PEMKeyPair pemKeyPair = (PEMKeyPair) pemObject;privateKey = new JcaPEMKeyConverter().getPrivateKey(pemKeyPair.getPrivateKeyInfo());} else if (pemObject instanceof PKCS8EncryptedPrivateKeyInfo) {PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObject;privateKey = new JcaPEMKeyConverter().getPrivateKey(encryptedPrivateKeyInfo.decryptPrivateKeyInfo(null));} else if (pemObject instanceof PrivateKeyInfo) {PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pemObject;privateKey = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);} else if (pemObject instanceof PemObject) {PemObject pem = (PemObject) pemObject;String type = pem.getType();System.out.println("PemObject type: " + type);if ("PRIVATE KEY".equals(type)) {PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pem.getContent());KeyFactory keyFactory = KeyFactory.getInstance("RSA");privateKey = keyFactory.generatePrivate(keySpec);} else {throw new IllegalArgumentException("Unknown private key format");}} else {System.out.println("PemObject class: " + pemObject.getClass().getName());throw new IllegalArgumentException("Unknown private key format");}// Create PKCS12 keystoreKeyStore pkcs12Store = KeyStore.getInstance("PKCS12", "BC");pkcs12Store.load(null, null);pkcs12Store.setKeyEntry("yzy", privateKey, password.toCharArray(), new Certificate[]{cert});// Save to .p12 filetry (FileOutputStream fos = new FileOutputStream(p12File)) {pkcs12Store.store(fos, password.toCharArray());}} catch (PKCSException e) {System.err.println("Error decrypting private key info: " + e.getMessage());} catch (IOException e) {System.err.println("IO error: " + e.getMessage());}}
}
测试: