对于想了解由于密码原因无法打开PKCS12存储的读者,本文将提供新的信息,我们将详细介绍可能是由于密码已过期,并且为您提供关于AES128/ECB/PKCS5Padding的实现、ie无法打开php怎
对于想了解由于密码原因无法打开PKCS12存储的读者,本文将提供新的信息,我们将详细介绍可能是由于密码已过期,并且为您提供关于AES128/ECB/PKCS5Padding 的实现、ie无法打开php怎么办、ios – 如何使SecPKCS12Import正确导入有效的p12文件、java PKCS12 证书生成的有价值信息。
本文目录一览:- 由于密码原因无法打开PKCS12存储(可能是由于密码已过期)
- AES128/ECB/PKCS5Padding 的实现
- ie无法打开php怎么办
- ios – 如何使SecPKCS12Import正确导入有效的p12文件
- java PKCS12 证书生成
由于密码原因无法打开PKCS12存储(可能是由于密码已过期)
在充气城堡的示例中,我找到了以下代码:
package crypto;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.bc.BcDefaultDigestProvider;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBagFactory;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilderProvider;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
import org.bouncycastle.util.io.Streams;
public class PKCS12 {
public static void main(String[] args)
throws Exception
{
Security.addProvider(new BouncyCastleProvider());
KeyStore credentials = JcaUtils.createCredentials();
PrivateKey key = (PrivateKey)credentials.getKey(JcaUtils.END_ENTITY_ALIAS,JcaUtils.KEY_PASSWD);
Certificate[] chain = credentials.getCertificateChain(JcaUtils.END_ENTITY_ALIAS);
createPKCS12File(new FileOutputStream("id.p12"),key,chain);
//
// first do a "blow by blow" read of the PKCS#12 file.
//
PKCS12PfxPdu pfx = readPKCS12File(new FileInputStream("id.p12"));
//
// or alternately just load it up using a KeyStore
//
KeyStore pkcs12Store = KeyStore.getInstance("PKCS12","BC");
pkcs12Store.load(new FileInputStream("id.p12"),JcaUtils.KEY_PASSWD);
System.out.println("########## KeyStore Dump");
for (Enumeration en = pkcs12Store.aliases(); en.hasMoreElements();)
{
String alias = (String)en.nextElement();
if (pkcs12Store.isCertificateEntry(alias))
{
System.out.println("Certificate Entry: " + alias + ",Subject: " + (((X509Certificate)pkcs12Store.getCertificate(alias)).getSubjectDN()));
}
else if (pkcs12Store.isKeyEntry(alias))
{
System.out.println("Key Entry: " + alias + ",Subject: " + (((X509Certificate)pkcs12Store.getCertificate(alias)).getSubjectDN()));
}
}
System.out.println();
}
private static void createPKCS12File(OutputStream pfxOut,PrivateKey key,Certificate[] chain)
throws Exception
{
OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).setProvider("BC").build(JcaUtils.KEY_PASSWD);
PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate)chain[2]);
taCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute,new DERBMPString("Bouncy Primary Certificate"));
PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate)chain[1]);
caCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute,new DERBMPString("Bouncy Intermediate Certificate"));
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate)chain[0]);
eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute,new DERBMPString("Eric's Key"));
SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(chain[0].getPublicKey());
eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute,pubKeyId);
PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(key,encOut);
keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute,new DERBMPString("Eric's Key"));
keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute,pubKeyId);
PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
builder.addData(keyBagBuilder.build());
builder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(JcaUtils.KEY_PASSWD),new PKCS12SafeBag[]{eeCertBagBuilder.build(),caCertBagBuilder.build(),taCertBagBuilder.build()});
PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256),JcaUtils.KEY_PASSWD);
// make sure we don't include indefinite length encoding
pfxOut.write(pfx.getEncoded(ASN1Encoding.DL));
pfxOut.close();
}
private static PKCS12PfxPdu readPKCS12File(InputStream pfxIn)
throws Exception
{
PKCS12PfxPdu pfx = new PKCS12PfxPdu(Streams.readAll(pfxIn));
if (!pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE),JcaUtils.KEY_PASSWD))
{
System.err.println("PKCS#12 MAC test failed!");
}
ContentInfo[] infos = pfx.getContentInfos();
Map certMap = new HashMap();
Map certKeyIds = new HashMap();
Map privKeyMap = new HashMap();
Map privKeyIds = new HashMap();
InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
.setProvider("BC").build(JcaUtils.KEY_PASSWD);
JcaX509CertificateConverter jcaConverter = new JcaX509CertificateConverter().setProvider("BC");
for (int i = 0; i != infos.length; i++)
{
if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
{
PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i],inputDecryptorProvider);
PKCS12SafeBag[] bags = dataFact.getSafeBags();
for (int b = 0; b != bags.length; b++)
{
PKCS12SafeBag bag = bags[b];
X509CertificateHolder certHldr = (X509CertificateHolder)bag.getBagValue();
X509Certificate cert = jcaConverter.getCertificate(certHldr);
Attribute[] attributes = bag.getAttributes();
for (int a = 0; a != attributes.length; a++)
{
Attribute attr = attributes[a];
if (attr.getAttrType().equals(PKCS12SafeBag.friendlyNameAttribute))
{
certMap.put(((DERBMPString)attr.getAttributeValues()[0]).getString(),cert);
}
else if (attr.getAttrType().equals(PKCS12SafeBag.localKeyIdAttribute))
{
certKeyIds.put(attr.getAttributeValues()[0],cert);
}
}
}
}
else
{
PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
PKCS12SafeBag[] bags = dataFact.getSafeBags();
PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
KeyFactory keyFact = KeyFactory .getInstance(info.getPrivateKeyAlgorithm().getAlgorithm().getId(),"BC");
PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(info.getEncoded()));
Attribute[] attributes = bags[0].getAttributes();
for (int a = 0; a != attributes.length; a++)
{
Attribute attr = attributes[a];
if (attr.getAttrType().equals(PKCS12SafeBag.friendlyNameAttribute))
{
privKeyMap.put(((DERBMPString)attr.getAttributeValues()[0]).getString(),privKey);
}
else if (attr.getAttrType().equals(PKCS12SafeBag.localKeyIdAttribute))
{
privKeyIds.put(privKey,attr.getAttributeValues()[0]);
}
}
}
}
System.out.println("########## PFX Dump");
for (Iterator it = privKeyMap.keySet().iterator(); it.hasNext();)
{
String alias = (String)it.next();
System.out.println("Key Entry: " + alias + ",Subject: " + (((X509Certificate)certKeyIds.get(privKeyIds.get(privKeyMap.get(alias)))).getSubjectDN()));
}
for (Iterator it = certMap.keySet().iterator(); it.hasNext();)
{
String alias = (String)it.next();
System.out.println("Certificate Entry: " + alias + ",Subject: " + (((X509Certificate)certMap.get(alias)).getSubjectDN()));
}
System.out.println();
return pfx;
}
}
当我使用此代码编写p12时,我尝试使用openssl或钥匙串将其打开,并提示我输入密码。我用他们的密码
public static char[] KEY_PASSWD = "keyPassword".toCharArray();
尝试打开P12,但是它不起作用。此外,当我按原样运行此主要功能时,将执行此行
System.err.println("PKCS#12 MAC test failed!");
为了正确地在p12上输入密码,他们的示例有问题吗?我基本上是想做相当于
openssl pkcs12 -export -des3
如果有其他想法,也可以使用Bouncy Castle在Java中使用。
编辑
看NISTObjectIdentifiers可供选择,我看不到p12pbmac / sha1。这是我看到的:
public interface NISTObjectIdentifiers {
ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4");
ASN1ObjectIdentifier hashAlgs = nistAlgorithm.branch("2");
ASN1ObjectIdentifier id_sha256 = hashAlgs.branch("1");
ASN1ObjectIdentifier id_sha384 = hashAlgs.branch("2");
ASN1ObjectIdentifier id_sha512 = hashAlgs.branch("3");
ASN1ObjectIdentifier id_sha224 = hashAlgs.branch("4");
ASN1ObjectIdentifier id_sha512_224 = hashAlgs.branch("5");
ASN1ObjectIdentifier id_sha512_256 = hashAlgs.branch("6");
ASN1ObjectIdentifier id_sha3_224 = hashAlgs.branch("7");
ASN1ObjectIdentifier id_sha3_256 = hashAlgs.branch("8");
ASN1ObjectIdentifier id_sha3_384 = hashAlgs.branch("9");
ASN1ObjectIdentifier id_sha3_512 = hashAlgs.branch("10");
ASN1ObjectIdentifier id_shake128 = hashAlgs.branch("11");
ASN1ObjectIdentifier id_shake256 = hashAlgs.branch("12");
ASN1ObjectIdentifier id_hmacWithSHA3_224 = hashAlgs.branch("13");
ASN1ObjectIdentifier id_hmacWithSHA3_256 = hashAlgs.branch("14");
ASN1ObjectIdentifier id_hmacWithSHA3_384 = hashAlgs.branch("15");
ASN1ObjectIdentifier id_hmacWithSHA3_512 = hashAlgs.branch("16");
ASN1ObjectIdentifier aes = nistAlgorithm.branch("1");
ASN1ObjectIdentifier id_aes128_ECB = aes.branch("1");
ASN1ObjectIdentifier id_aes128_CBC = aes.branch("2");
ASN1ObjectIdentifier id_aes128_OFB = aes.branch("3");
ASN1ObjectIdentifier id_aes128_CFB = aes.branch("4");
ASN1ObjectIdentifier id_aes128_wrap = aes.branch("5");
ASN1ObjectIdentifier id_aes128_GCM = aes.branch("6");
ASN1ObjectIdentifier id_aes128_CCM = aes.branch("7");
ASN1ObjectIdentifier id_aes128_wrap_pad = aes.branch("8");
ASN1ObjectIdentifier id_aes192_ECB = aes.branch("21");
ASN1ObjectIdentifier id_aes192_CBC = aes.branch("22");
ASN1ObjectIdentifier id_aes192_OFB = aes.branch("23");
ASN1ObjectIdentifier id_aes192_CFB = aes.branch("24");
ASN1ObjectIdentifier id_aes192_wrap = aes.branch("25");
ASN1ObjectIdentifier id_aes192_GCM = aes.branch("26");
ASN1ObjectIdentifier id_aes192_CCM = aes.branch("27");
ASN1ObjectIdentifier id_aes192_wrap_pad = aes.branch("28");
ASN1ObjectIdentifier id_aes256_ECB = aes.branch("41");
ASN1ObjectIdentifier id_aes256_CBC = aes.branch("42");
ASN1ObjectIdentifier id_aes256_OFB = aes.branch("43");
ASN1ObjectIdentifier id_aes256_CFB = aes.branch("44");
ASN1ObjectIdentifier id_aes256_wrap = aes.branch("45");
ASN1ObjectIdentifier id_aes256_GCM = aes.branch("46");
ASN1ObjectIdentifier id_aes256_CCM = aes.branch("47");
ASN1ObjectIdentifier id_aes256_wrap_pad = aes.branch("48");
ASN1ObjectIdentifier sigAlgs = nistAlgorithm.branch("3");
ASN1ObjectIdentifier id_dsa_with_sha2 = sigAlgs;
ASN1ObjectIdentifier dsa_with_sha224 = sigAlgs.branch("1");
ASN1ObjectIdentifier dsa_with_sha256 = sigAlgs.branch("2");
ASN1ObjectIdentifier dsa_with_sha384 = sigAlgs.branch("3");
ASN1ObjectIdentifier dsa_with_sha512 = sigAlgs.branch("4");
ASN1ObjectIdentifier id_dsa_with_sha3_224 = sigAlgs.branch("5");
ASN1ObjectIdentifier id_dsa_with_sha3_256 = sigAlgs.branch("6");
ASN1ObjectIdentifier id_dsa_with_sha3_384 = sigAlgs.branch("7");
ASN1ObjectIdentifier id_dsa_with_sha3_512 = sigAlgs.branch("8");
ASN1ObjectIdentifier id_ecdsa_with_sha3_224 = sigAlgs.branch("9");
ASN1ObjectIdentifier id_ecdsa_with_sha3_256 = sigAlgs.branch("10");
ASN1ObjectIdentifier id_ecdsa_with_sha3_384 = sigAlgs.branch("11");
ASN1ObjectIdentifier id_ecdsa_with_sha3_512 = sigAlgs.branch("12");
ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_224 = sigAlgs.branch("13");
ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_256 = sigAlgs.branch("14");
ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_384 = sigAlgs.branch("15");
ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_512 = sigAlgs.branch("16");
}
AES128/ECB/PKCS5Padding 的实现
AES的相关基础知识直接看WikiPedia:高级加密标准
附上 C/C++ 可用代码:AES_Cipher
ie无法打开php怎么办
ie无法打开php的解决办法:1、添加环境变量;2、配置php.ini;3、开启web服务扩展;4、编写正确的php文件;5、重启web服务。
本文操作环境:windows7系统、ie11&&PHP7.1版,DELL G3电脑
ie无法打开php怎么办?
在IIS上配置PHP应注意以下几点:
1.确定环境变量是否添加;
立即学习“PHP免费学习笔记(深入)”;
2.PHP.INI文件是否配置正确;
3.Web 服务扩展是是否正确,并设置扩展状态为允许;
4.编写正确的PHP文件,放到站点目录下,并确认站点目录的权限;
5.重启WEB服务
推荐学习:《PHP视频教程》
以上就是ie无法打开php怎么办的详细内容,更多请关注php中文网其它相关文章!
ios – 如何使SecPKCS12Import正确导入有效的p12文件
我解决了将
XML RSA私钥转换为PEM文件的前提问题,但是遇到另一个问题,导入P12私钥时会得到空数据.以下是我的步骤:
>将PEM文件转换为P12文件
openssl> pkcs12 -export -in rsa.pem -inkey rsa.pem -out rsa.p12 -nocerts
>将P12文件读入iOS项目
Nsstring *path = [[NSBundle bundleForClass:[self class]]
pathForResource:@"MyPrivateKey" ofType:@"p12"];
NSData *p12data = [NSData dataWithContentsOfFile:path];
if (![self getPrivateKeyRef])
RSAPrivateKey = getPrivateKeywithRawKey(p12data);
>导入P12私钥
SecKeyRef getPrivateKeywithRawKey(NSData *pfxkeydata)
{
NSMutableDictionary * options = [[[NSMutableDictionary alloc] init] autorelease];
// Set the public key query dictionary
//change to your .pfx password here
[options setobject:@"MyPassword" forKey:(id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL,NULL);
Osstatus securityError = SecPKCS12Import((CFDataRef) pfxkeydata,(CFDictionaryRef)options,&items);
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items,0);
SecIdentityRef identityApp =
(SecIdentityRef)CFDictionaryGetValue(identityDict,kSecImportItemIdentity);
//NSLog(@"%@",securityError);
assert(securityError == noErr);
SecKeyRef privateKeyRef;
SecIdentitycopyPrivateKey(identityApp,&privateKeyRef);
return privateKeyRef;
}
认为没有错误(Osstatus值为0),但是items数组没有获取任何身份数据.我想知道如果我没有得到正确的p12文件格式由于OpenSSl使用错误.有没有人成功导入p12文件?我已经在这个问题上停留了几天,请给我建议,如果你有线索,谢谢!
休伯特
解决方法
我从互联网获得了一些提示,以下是获取iOS可接受的p12密钥和认证文件的步骤:
>将XML转换为PEM
外壳>编译XMLSpec2PEM.java
外壳> XMLSpec2PEM rsa.xml
将输出结果保存到rsa.pem
(借款here)
>将PEM转换为RSA私钥
OpenSSL的> rsa -in rsa.pem -out rsaPrivate.key
>生成认证请求
OpenSSL的> req -new -key rsaPrivate.key -out rsacertreq.crt
(输入一些基本认证资料)
>请求认证的请求
OpenSSL的> x509 -req -days 3650 -in rsacertreq.crt -signkey rsaPrivate.key -out rsaCert.crt
>将认证文件格式转换为DER(iOS可接受格式)
OpenSSL的> x509 -outform der -in rsaCert.crt -out rsaCert.der
>生成PKCS12私钥(iOS可接受格式)
OpenSSL的> pkcs12 -export -out rsaPrivate.pfx -inkey rsaPrivate.key -in rsaCert.crt
没有进一步的步骤,现在可以在iOS中使用步骤5和6中生成的文件!
OpenSSL指令的参考:
http://blogs.yaclife.com/?tag=ios%E3%80%80seckeyref%E3%80%80raw%E3%80%80key%E3%80%80rsa%E3%80%803des
http://devsec.org/info/ssl-cert.html
java PKCS12 证书生成
引入依赖
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.49</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.49</version>
</dependency>
直接上代码
package test; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.*; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import java.io.*; import java.math.BigInteger; import java.security.*; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.*; /** * 成都一方思致科技有限公司 * * @author 蒋昌宝 * @version 1.0 * @date 2019/8/23 9:26 * @description 证书生成工具类 * ========================================================================= * 变更履历: * ------------------------------------------------------------------------- * 变更编号 变更时间 变更人 变更原因 变更内容 * ------------------------------------------------------------------------- */
public class GenerateCertificateUtil {
private static KeyPair getKey() throws NoSuchAlgorithmException {
// 密钥对 生成器,RSA算法 生成的 提供者是 BouncyCastle
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA",new BouncyCastleProvider());
// 密钥长度 1024
generator.initialize(1024);
// 证书中的密钥 公钥和私钥
KeyPair keyPair = generator.generateKeyPair();
return keyPair;
}
/**
* @param password 密码
* @param issuerStr 颁发机构信息
* @param subjectStr 使用者信息
* @param certificateCRL 颁发地址
* @return
*/
public static Map<String,byte[]> createCert(String password,String issuerStr,String subjectStr,String certificateCRL) {
Map<String,byte[]> result = new HashMap<String,byte[]>();
ByteArrayOutputStream out = null;
try {
// 生成JKS证书
// KeyStore keyStore = KeyStore.getInstance("JKS");
// 标志生成PKCS12证书
KeyStore keyStore = KeyStore.getInstance("PKCS12",new BouncyCastleProvider());
keyStore.load(null,null);
KeyPair keyPair = getKey();
// issuer与 subject相同的证书就是CA证书
Certificate cert = generateCertificateV3(issuerStr,subjectStr,keyPair,result,certificateCRL,null);
// cretkey随便写,标识别名
keyStore.setKeyEntry("cretkey",keyPair.getPrivate(),password.tochararray(),new Certificate[] { cert });
out = new ByteArrayOutputStream();
cert.verify(keyPair.getPublic());
keyStore.store(out,password.tochararray());
byte[] keyStoreData = out.toByteArray();
result.put("keyStoreData",keyStoreData);
return result;
} catch (Exception e) {
e.printstacktrace();
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
}
}
}
return result;
}
/**
* @param issuerStr
* @param subjectStr
* @param keyPair
* @param result
* @param certificateCRL
* @param extensions
* @return
*/
public static Certificate generateCertificateV3(String issuerStr,KeyPair keyPair,Map<String,byte[]> result,String certificateCRL,List<Extension> extensions) {
ByteArrayInputStream bout = null;
X509Certificate cert = null;
try {
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
Date notBefore = new Date();
Calendar rightNow = Calendar.getInstance();
rightNow.setTime(notBefore);
// 日期加1年
rightNow.add(Calendar.YEAR,1);
Date notAfter = rightNow.getTime();
// 证书序列号
BigInteger serial = BigInteger.probablePrime(256,new Random());
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name(issuerStr),serial,notBefore,notAfter,new X500Name(subjectStr),publicKey);
JcaContentSignerBuilder jBuilder = new JcaContentSignerBuilder( "SHA1withRSA");
Secur删除eRandom secur删除eRandom = new Secur删除eRandom();
jBuilder.setSecur删除eRandom(secur删除eRandom);
ContentSigner singer = jBuilder.setProvider( new BouncyCastleProvider()).build(privateKey);
// 分发点
ASN1ObjectIdentifier cRLdistributionPoints = new ASN1ObjectIdentifier( "2.5.29.31");
GeneralName generalName = new GeneralName( GeneralName.uniformResourceIdentifier,certificateCRL);
GeneralNames seneralNames = new GeneralNames(generalName);
distributionPointName distributionPoint = new distributionPointName( seneralNames);
distributionPoint[] points = new distributionPoint[1];
points[0] = new distributionPoint(distributionPoint,null,null);
CRLdistPoint cRLdistPoint = new CRLdistPoint(points);
builder.addExtension(cRLdistributionPoints,true,cRLdistPoint);
// 用途
ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier( "2.5.29.15");
// | KeyUsage.nonRepudiation | KeyUsage.keyCertSign
builder.addExtension(keyUsage,new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
// 基本限制 X509Extension.java
ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
builder.addExtension(basicConstraints,new BasicConstraints(true));
// privKey:使用自己的私钥进行签名,CA证书
if (extensions != null){
for (Extension ext : extensions) {
builder.addExtension(
new ASN1ObjectIdentifier(ext.getoid()),ext.isCritical(),ASN1Primitive.fromByteArray(ext.getValue()));
}
}
X509CertificateHolder holder = builder.build(singer);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
bout = new ByteArrayInputStream(holder.toASN1Structure() .getEncoded());
cert = (X509Certificate) cf.generateCertificate(bout);
byte[] certBuf = holder.getEncoded();
SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
// 证书数据
result.put("certificateData",certBuf);
//公钥
result.put("publicKey",publicKey.getEncoded());
//私钥
result.put("privateKey",privateKey.getEncoded());
//证书有效开始时间
result.put("notBefore",format.format(notBefore).getBytes("utf-8"));
//证书有效结束时间
result.put("notAfter",format.format(notAfter).getBytes("utf-8"));
} catch (Exception e) {
e.printstacktrace();
} finally {
if (bout != null) {
try {
bout.close();
} catch (IOException e) {
}
}
}
return cert;
}
class Extension {
private String oid;
private boolean critical;
private byte[] value;
public String getoid() {
return oid;
}
public void setoid(String oid) {
this.oid = oid;
}
public boolean isCritical() {
return critical;
}
public void setCritical(boolean critical) {
this.critical = critical;
}
public byte[] getValue() {
return value;
}
public void setValue(byte[] value) {
this.value = value;
}
}
/**
- 测试证书生成
- @throws Exception
*/
public static void main(String[] args) throws Exception{
// CN: 名字与姓氏 OU : 组织单位名称
// O :组织名称 L : 城市或区域名称 E : 电子邮件
// ST: 州或省份名称 C: 单位的两字母国-家代码
String issuerStr = "CN=jcb凭证,OU=研发部,O=jcb有限公司,C=CN,[email protected],L=北京,ST=北京";
String subjectStr = "CN=jcb有限公司,OU=用户,O=test,[email protected],ST=北京";
String certificateCRL = "https://jcb.cn";
Map<String,byte[]> result = GenerateCertificateUtil.createCert("123456",issuerStr,certificateCRL);
// 生成.p12
FileOutputStream outPutStream = new FileOutputStream("d:/keystore_jcb.p12");
outPutStream.write(result.get("keyStoreData"));
outPutStream.flush();
outPutStream.close();
//生成.cer颁发给用户的证书
// FileOutputStream fos = new FileOutputStream(new File("d:/zheng.cer"));
// fos.write(result.get("certificateData"));
// fos.flush();
// fos.close();
}
}
关于由于密码原因无法打开PKCS12存储和可能是由于密码已过期的介绍现已完结,谢谢您的耐心阅读,如果想了解更多关于AES128/ECB/PKCS5Padding 的实现、ie无法打开php怎么办、ios – 如何使SecPKCS12Import正确导入有效的p12文件、java PKCS12 证书生成的相关知识,请在本站寻找。
本文标签:
![[转帖]Ubuntu 安装 Wine方法(ubuntu如何安装wine)](https://www.gvkun.com/zb_users/cache/thumbs/4c83df0e2303284d68480d1b1378581d-180-120-1.jpg)
