Android 将PKCS10CertificationRequest转换为X509证书
我想知道是否可以使用Bouncy Castle将PKCS10CertificationRequest转换为X509证书 类似于openssl中的X509_REQ_到X509 以下是我创建请求的方式:Android 将PKCS10CertificationRequest转换为X509证书,android,bouncycastle,x509,csr,Android,Bouncycastle,X509,Csr,我想知道是否可以使用Bouncy Castle将PKCS10CertificationRequest转换为X509证书 类似于openssl中的X509_REQ_到X509 以下是我创建请求的方式: public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException { Strin
public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException {
String principal = "CA=" getCA();
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
extensionsGenerator.addExtension(X509Extension.keyUsage, true, keyUsage);
csrBuilder.addAttribute(PKCSObjectIdentifiers.x509Certificate, extensionsGenerator.generate());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
我远非OpenSSL专家,但根据我发现的一些文档: X509请求到X509(X509请求,整数天,执行副总裁) 创建一个X509证书,其主题和颁发者与 请求r中的主题,有效期为天,pkey用于签名 (以md5为摘要) 以下是Bouncycastle的等效项:
public X509Certificate x509ReqToX509(PKCS10CertificationRequest csr, int days, PrivateKey pKey)
{
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.add(Calendar.DATE, days);
Date notAfter = cal.getTime();
BigInteger serialNumber = generateCertSerialNumber(); // No implemented here
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(csr.getCertificationRequestInfo().getSubject());
certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setPublicKey(csr.getPublicKey());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.generate(pKey, "BC");
}
请注意:
非常感谢!工作起来像个符咒……:)