Certificate getKey()返回NULL
我想用自己生成的证书签署PDF。在这个过程中,我需要一个密钥库和私钥。通过使用类Certificate getKey()返回NULL,certificate,key,keystore,Certificate,Key,Keystore,我想用自己生成的证书签署PDF。在这个过程中,我需要一个密钥库和私钥。通过使用类CreateSignature() 要使用自行生成的证书生成密钥库,我使用以下方法: public KeyStore generateSampleKeyStoreWith509Certificate() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, Unrecovera
CreateSignature()
要使用自行生成的证书生成密钥库,我使用以下方法:
public KeyStore generateSampleKeyStoreWith509Certificate() throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException, UnrecoverableEntryException {
X509Certificate cert;
PrivateKey caKey;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
caKey = keyPair.getPrivate();
Date notBefore = new Date();
Date notAfter = new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24 * 365);
SubjectPublicKeyInfo spkInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder newGen = new X509v3CertificateBuilder(new X500Name(issuer), serial, notBefore,
notAfter, new X500Name(subject), spkInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC")
.build(caKey);
X509CertificateHolder certHolder = newGen.build(sigGen);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream is1 = new ByteArrayInputStream(certHolder.getEncoded());
cert = (X509Certificate) cf.generateCertificate(is1);
is1.close();
} catch (OperatorCreationException | CertificateException | IOException | NoSuchProviderException
| NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, password);
keyStore.setCertificateEntry("SelfSigned", cert);
return keyStore;
}
证书输入正确,但不应该也有密钥吗?还是我错了,密钥库应该持有一把钥匙
我只是在想这个问题,所以我很感谢你的每一点帮助
X509Certificate[] certChain = new X509Certificate[1];
certChain[0] = cert;
keyStore.setKeyEntry("SelfSigned",caKey, password, certChain);
在底部添加上面的代码,输入先前创建到密钥库的privateKey。互联网上的大多数示例似乎都假设加载一个密钥库时已经输入了privatekey。根据
getKey()
的javadoc,“该密钥必须通过调用setKeyEntry或调用带有PrivateKeyEntry或SecretKeyEntry的setEntry与别名相关联。”,我看到了这一点,同时我添加了这一行,它的工作。但是当我在网上看到一些没有它的例子时,我想知道我是否遗漏了什么,或者是否有这么多的例子是错误的。那么请你自己回答你的问题。我觉得有一些工作代码是很有趣的。