0
我在动态创建(不使用keytool)android中的BKS密钥库+证书时遇到问题。如何在Android中动态创建BKS密钥库+证书
我已经在我的桌面应用程序创建一个BKS密钥库与BouncyCastle的: SEE:
public class KeyStoreGenerator {
public static void main(String[] args){
generateKeyStore("1234567", "Burcu Cinarci", "TU Dortmund", "Informatik", "Dortmund", "NRW", "DE");
}
public static void generateKeyStore(String password, String cn, String o, String ou, String l, String st, String c) {
try {
Security.addProvider(new BouncyCastleProvider());
final java.security.KeyPairGenerator rsaKeyPairGenerator = java.security.KeyPairGenerator.getInstance("RSA");
rsaKeyPairGenerator.initialize(2048);
final KeyPair rsaKeyPair =
rsaKeyPairGenerator.generateKeyPair();
// Generate the key store de type JCEKS
Provider[] ps = Security.getProviders();
for (int i = 0; i < ps.length; i++)
System.out.println("" + ps[i].getName());
final KeyStore ks = KeyStore.getInstance("BKS");
ks.load(null);
final RSAPublicKey rsaPublicKey = (RSAPublicKey) rsaKeyPair.getPublic();
System.out.println("LOG: format "+rsaPublicKey.getFormat());
char[] pw = password.toCharArray();
final RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate();
final java.security.cert.X509Certificate certificate = makeCertificate(rsaPrivateKey, rsaPublicKey, cn, o, ou, l, st, c);
final java.security.cert.X509Certificate[] certificateChain = { certificate };
certificateChain);
ks.setKeyEntry("operator", rsaKeyPair.getPrivate(), pw, certificateChain);
File keyStoreFile= new File("keyStore.ks");
final FileOutputStream fos = new FileOutputStream(
keyStoreFile);
ks.store(fos, pw);
fos.close();
System.out.println(keyStoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.keyStore",
keyStoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.keyStorePassword", "1234567");
} catch (Exception e) {
e.printStackTrace();
}
}
public static X509Certificate makeCertificate(PrivateKey issuerPrivateKey,
PublicKey subjectPublicKey, String cn, String o, String ou, String l, String st, String c) throws Exception {
final org.bouncycastle.asn1.x509.X509Name issuerDN = new org.bouncycastle.asn1.x509.X509Name(
"CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c);
final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name(
"CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c);
final int daysTillExpiry = 10 * 365;
final Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, daysTillExpiry);
final org.bouncycastle.x509.X509V3CertificateGenerator certificateGenerator = new org.bouncycastle.x509.X509V3CertificateGenerator();
certificateGenerator.setSerialNumber(java.math.BigInteger
.valueOf(System.currentTimeMillis()));
certificateGenerator.setIssuerDN(issuerDN);
certificateGenerator.setSubjectDN(subjectDN);
certificateGenerator.setPublicKey(subjectPublicKey);
certificateGenerator.setNotBefore(new Date());
certificateGenerator.setNotAfter(expiry.getTime());
certificateGenerator.setSignatureAlgorithm("MD5WithRSA");
return certificateGenerator.generate(issuerPrivateKey);
}
}
但在我的Android SDK中,我不能老是添加BouncyCastle的-jar文件,因为它已经包含在android中。 (作为供应商已经存在bouncycastle)
但为什么我找不到“org.bouncycastle ...”包?
在梅索德makeCertificate,其中动态生成的证书下面的代码,不起作用,因为日食无法找到特定的封装:
final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name("CN="+cn+", OU="+ou+", O="+o+", L="+l+",
ST="+st+", C="+c);
我试图增加额外的bouncycastle.jar文件,但它没有工作,因为充气城堡的冗余。
感谢您的帖子..问题依旧,那Android的不`吨知道类 X509V3CertificateGenerator和 X509Principal。
Android不知道任何类型的bouncycastle。我可以改变类X509Principal以X500Principal的,它存在于包装javax.security.auth.x500中,但我不能代替任何类的CertificateGenerator
THX
org.bouncycastle.asn1.x509.X509Name是在bcprov-jdk.jar – Cratylus 2012-01-09 21:35:00
我知道,类是在jar文件中,但我不能将jar文件添加到我的android sdk,因为它已经存在了作为提供者在Android SDK:S – 2012-01-13 10:45:38