Warning: file_get_contents(/data/phpspider/zhask/data//catemap/3/android/223.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Android 将PKCS10CertificationRequest转换为X509证书_Android_Bouncycastle_X509_Csr - Fatal编程技术网
Fatal编程技术网
  • android/
  • Android 将PKCS10CertificationRequest转换为X509证书

Android 将PKCS10CertificationRequest转换为X509证书

android

Android 将PKCS10CertificationRequest转换为X509证书,android,bouncycastle,x509,csr,Android,Bouncycastle,X509,Csr,我想知道是否可以使用Bouncy Castle将PKCS10CertificationRequest转换为X509证书 类似于openssl中的X509_REQ_到X509 以下是我创建请求的方式: public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException { Strin

我想知道是否可以使用Bouncy Castle将PKCS10CertificationRequest转换为X509证书

类似于openssl中的X509_REQ_到X509

以下是我创建请求的方式:

public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException {
    String principal = "CA=" getCA();

    AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
    AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
    ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);

    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
    extensionsGenerator.addExtension(X509Extension.keyUsage, true, keyUsage);
    csrBuilder.addAttribute(PKCSObjectIdentifiers.x509Certificate, extensionsGenerator.generate());
    PKCS10CertificationRequest csr = csrBuilder.build(signer);
    return csr;
}
我远非OpenSSL专家,但根据我发现的一些文档:

X509请求到X509(X509请求,整数天,执行副总裁) 创建一个X509证书,其主题和颁发者与 请求r中的主题,有效期为天,pkey用于签名 (以md5为摘要)

以下是Bouncycastle的等效项:

public X509Certificate x509ReqToX509(PKCS10CertificationRequest csr, int days, PrivateKey pKey) 
{
  Date notBefore = new Date();
  Calendar cal = Calendar.getInstance();
  cal.add(Calendar.DATE, days);
  Date notAfter = cal.getTime();
  BigInteger serialNumber = generateCertSerialNumber(); // No implemented here

  X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

  certGen.setSerialNumber(serialNumber);
  certGen.setIssuerDN(csr.getCertificationRequestInfo().getSubject());
  certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
  certGen.setNotBefore(notBefore);
  certGen.setNotAfter(notAfter);
  certGen.setPublicKey(csr.getPublicKey());
  certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

  return certGen.generate(pKey, "BC");
}
请注意:

  • 我在签名算法中将MD5替换为SHA-256
  • 根据证书目标,此短代码示例可能需要一些更新(例如,添加一些强制扩展)
    • 非常感谢!工作起来像个符咒……:)