Bouncy Castle使用备份

最近再使用java代码生成证书和私钥，留个学习备份在这里

 

使用的jar包是：bcprov-jdk15on-1.54.jar

base64使用apache的codec里面的，日期使用的joda-time

 

第一个是以前的bouncy castle版本生成证书的代码，现在可以用，但是已经不推荐了，有些API会显示已经过期了。

 

public class Test1 {
	static {
		Security.addProvider(new BouncyCastleProvider());
	}

	public static void main(String[] args) throws Exception {
		// Hashtable attrs = new Hashtable();
		// Vector order = new Vector();
		//
		// attrs.put(X509Principal.C, "AU");
		// attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
		// attrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");
		// attrs.put(X509Principal.EmailAddress,
		// "[email protected]");
		//
		// order.addElement(X509Principal.C);
		// order.addElement(X509Principal.O);
		// order.addElement(X509Principal.OU);
		// order.addElement(X509Principal.EmailAddress);
		// new X509Principal(order, attrs)
		

		KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
		keyPairGen.initialize(1024);

		KeyPair keyPair = keyPairGen.generateKeyPair();

		PublicKey pubKey = keyPair.getPublic();
		PrivateKey privKey = keyPair.getPrivate();

		X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
		certGen.setSerialNumber(BigInteger.valueOf(1));
		certGen.setIssuerDN(new X509Principal(
				"C=CN,ST=JS,L=SZ,CN=DL,[email protected],O=OR,OU=OU"));
		certGen.setSubjectDN(new X509Principal(
				"C=CN,ST=JS,L=SZ,CN=DL,[email protected],O=OR,OU=OU"));
		certGen.setNotBefore(LocalDate.now().toDate());
		certGen.setNotAfter(LocalDate.now().plusYears(100).toDate());
		certGen.setPublicKey(pubKey);
		// certGen.setSignatureAlgorithm("MD5withRSA");
		certGen.setSignatureAlgorithm("SHA1withRSA");
		Certificate cert = certGen.generateX509Certificate(privKey);
		System.out.println(cert);
		

	}
}

 

在新的bouncy castle版本里，推荐使用的是另一个生成方法

X509v3CertificateBuilder是推荐使用的，需要导入另一个jar包bcpkix-jdk15on-1.54.jar

public class Test2 {
	static {
		Security.addProvider(new BouncyCastleProvider());
	}

	public static void main(String[] args) throws Exception {
		KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC");
		keyPairGen.initialize(1024);

		KeyPair keyPair = keyPairGen.generateKeyPair();

		PublicKey pubKey = keyPair.getPublic();
		PrivateKey privKey = keyPair.getPrivate();

		String mySigAlgo = "Sha1withRSA";
		SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo
				.getInstance(pubKey.getEncoded());

//		X500NameBuilder nameBuilder = new X500NameBuilder();
//		nameBuilder.addRDN(BCStyle.C, "CN");
//		nameBuilder.addRDN(BCStyle.ST, "JS");
//		nameBuilder.addRDN(BCStyle.L, "SZ");
//		nameBuilder.addRDN(BCStyle.CN, "DL");
//		nameBuilder.addRDN(BCStyle.E, "[email protected]");
//		nameBuilder.addRDN(BCStyle.O, "O");
//		nameBuilder.addRDN(BCStyle.OU, "OU");
//
//		X500Name x500Name = nameBuilder.build();
		
		X500Name x500Name = new X500Name("C=CN,ST=JS,L=SZ,CN=DL,[email protected],O=OR,OU=OU");
		LocalDate now = LocalDate.now();
		X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
				x500Name, new BigInteger(64, new SecureRandom()), new Date(
						now.toEpochDay()), new Date(now.plusYears(100)
						.toEpochDay()), x500Name, publicKeyInfo);
		ContentSigner signer = new JcaContentSignerBuilder(mySigAlgo)
				.build(privKey);
		X509CertificateHolder certHolder = certBuilder.build(signer);
		X509Certificate cert = (new JcaX509CertificateConverter())
				.getCertificate(certHolder);
		System.out.println(cert);

	}
}