2
我正在尝试生成带有证书的密钥库以与JarSigner一起使用它。这里是我的代码:以编程方式为jarsigner创建密钥库
System.out.println("Keystore generation...");
Security.addProvider(new BouncyCastleProvider());
String domainName = "example.org";
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
int serial = new SecureRandom().nextInt();
v3CertGen.setSerialNumber(BigInteger.valueOf(serial < 0 ? -1 * serial : serial));
v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(pair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate PKCertificate = v3CertGen.generateX509Certificate(pair.getPrivate());
FileOutputStream fos = new FileOutputStream("/Users/dmitrysavchenko/testCert.cert");
fos.write(PKCertificate.getEncoded());
fos.close();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = "123".toCharArray();
ks.load(null, password);
ks.setCertificateEntry("hive", PKCertificate);
fos = new FileOutputStream("/Users/dmitrysavchenko/hive-keystore.pkcs12");
ks.store(fos, password);
fos.close();
它的工作原理,但是当我试图让我签字的JAR与此密钥库,我得到以下错误:
jarsigner: Certificate chain not found for: hive. hive must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
我发现,必须有一个私钥,但我不知道如何将其添加到证书。你可以帮我吗?
工程就像一个魅力 – skayred