Java使用CA证书生成二级证书

GenSubCertPlus

package com.tigeriot.mqtt.util;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import java.io.*;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;

@Component
public class GenSubCertPlus {


    @Value("${tiger-cert.certDir}")
    private String certDir;
    @Value("${tiger-cert.opensslDir}")
    private String opensslDir;

    public void genCert(String name) throws Exception {
        String certName = certDir + name;


        String passKeyCmd =opensslDir+" genrsa -out " + certName + ".pem 2048";
        System.out.println(passKeyCmd);

        String csrCmd = opensslDir+" req -new -key " + certName + ".pem -out " + certName + ".csr -subj  \"/CN=" + name + "_iot/OU=tigeriot/O=tigeriotit/L=huludao/ST=liaoning/C=CN\"";
        System.out.println(csrCmd);

        String cerCmd = opensslDir+" x509 -req -in " + certName + ".csr -CA " + certDir + "tigerca.cer -CAkey " + certDir + "tigerca.key -CAcreateserial -out " + certName + ".cer -days 365 ";

        System.out.println(cerCmd);

        ProcessBuilder builder2 = new ProcessBuilder("cmd.exe", "/c", passKeyCmd + "&" + csrCmd + "&" + cerCmd);
        builder2.redirectErrorStream(true);
        Process process2 = builder2.start();

        InputStream is = null;
        InputStreamReader isr =null;
        BufferedReader br = null;
        try {
            is = process2.getInputStream();
            isr = new InputStreamReader(is,"gbk");
            br = new BufferedReader(isr);
            String line;
            while ((line = br.readLine()) != null) {
                System.out.println(line);
            }

        } catch (Exception e) {
            throw new RuntimeException(e);
        } finally {
            if (br!=null){
                br.close();
            }
            if (isr!=null){
                isr.close();
            }
            if (is!=null){
                is.close();
            }

        }


        boolean completed = process2.waitFor(5, TimeUnit.SECONDS);
        if (completed){
            System.out.println("生成证书成功");
        }else {
            throw new RuntimeException("生成证书失败");
        }


    }


    public String getCertContent(String certName){
        String fileName = certDir+certName + ".cer";

        StringBuilder stringBuilder = new StringBuilder();

        try (BufferedReader reader = new BufferedReader(new FileReader(fileName))) {
            String line;
            while ((line = reader.readLine()) != null) {
                stringBuilder.append(line+"\n");
            }
            return stringBuilder.toString();
        } catch (Exception e) {
            System.err.println("Failed to read file: " + e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    public  String getKeyContent(String keyName){
        String fileName = certDir+keyName + ".pem";

        StringBuilder stringBuilder = new StringBuilder();

        try (BufferedReader reader = new BufferedReader(new FileReader(fileName))) {
            String line;
            while ((line = reader.readLine()) != null) {
                stringBuilder.append(line+"\n");
            }
            return stringBuilder.toString();
        } catch (Exception e) {
            System.err.println("Failed to read file: " + e.getMessage());
            e.printStackTrace();
            return null;
        }
    }


    public  void parseCertContent(String certName){
        String certificateFile = certDir+certName + ".cer";

        try (FileInputStream fis = new FileInputStream(certificateFile)) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(fis);

            // 输出证书信息
            System.out.println("版本号: " + certificate.getVersion());
            System.out.println("序列号: " + certificate.getSerialNumber());
            System.out.println("签名算法: " + certificate.getSigAlgName());
            System.out.println("颁发者: " + certificate.getIssuerDN());
            System.out.println("有效期开始日期: " + certificate.getNotBefore());
            System.out.println("有效期结束日期: " + certificate.getNotAfter());
            System.out.println("主体: " + certificate.getSubjectDN());
            System.out.println("公钥: " + certificate.getPublicKey());
            System.out.println("扩展信息: " + certificate.getExtensionValue("Extension OID"));

        } catch (Exception e) {
            e.printStackTrace();
        }

    }


}