Certificate 在Android中声明证书用途<；23_Certificate_Android

Certificate 在Android中声明证书用途<；23

certificate android

Certificate 在Android中声明证书用途<；23,certificate,android,Certificate,Android,在android api 22中，我只能使用此函数创建密钥和证书： Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(Calendar.YEAR, 2); KeyPairGeneratorSpec spec = ne

在android api 22中，我只能使用此函数创建密钥和证书：

Calendar notBefore = Calendar.getInstance();
                Calendar notAfter = Calendar.getInstance();
                notAfter.add(Calendar.YEAR, 2);
                
                KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(getApplicationContext())
                        .setAlias(KEY_ALIAS_CSR)
                        .setKeySize(2048)
                        .setSubject(new X500Principal(
                                "CN=Your Company ," +
                                " O=Your Organization" +
                                " C=Your Coountry"))
                        .setSerialNumber(BigInteger.ONE)
                        .setStartDate(notBefore.getTime())
                        .setEndDate(notAfter.getTime())
                        .build();

                KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                generator.initialize(spec);
                generator.generateKeyPair();

我是否有可能设定本证书的目的

在Api>23中，很容易：

 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
 keyPairGenerator.initialize(
         new KeyGenParameterSpec.Builder(
                 "key1",
                 KeyProperties.PURPOSE_SIGN)
                 .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
                 .build());

解决了

String principal = String.format(CN_PATTERN, cn); ContentSigner signer = new JCESigner((PrivateKey) keyStore.getKey(KEY_ALIAS_TLS, null), DEFAULT_SIGNATURE_ALGORITHM); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(principal), keyStore.getCertificate(KEY_ALIAS_TLS).getPublicKey()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); **extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints( true)); extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment )); extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));** csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer);

解决了

String principal = String.format(CN_PATTERN, cn); ContentSigner signer = new JCESigner((PrivateKey) keyStore.getKey(KEY_ALIAS_TLS, null), DEFAULT_SIGNATURE_ALGORITHM); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(principal), keyStore.getCertificate(KEY_ALIAS_TLS).getPublicKey()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); **extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints( true)); extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment )); extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));** csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer);