1. 首页
  2. 问答
  3. BouncyCastle的X509证书链生成与有效根证书:未知物体在的getInstance

BouncyCastle的X509证书链生成与有效根证书:未知物体在的getInstance

2014-01-25 101 views
2

试图产生与BouncyCastle的API一个X509。这是我的一段代码。BouncyCastle的X509证书链生成与有效根证书:未知物体在的getInstance

try { 
     Security.addProvider(new BouncyCastleProvider()); // adding provider to 
     String pathtoSave = "D://sureshtest.cer"; 

     KeyPair keyPair = generateKeypair(); 
     PublicKey publicKey = keyPair.getPublic(); 
     PrivateKey privateKey = keyPair.getPrivate(); 
     X509Certificate trustCert = createCertificate(null,"CN=DigiCorp", 
       "CN=Nextenders", publicKey, privateKey); 
     // Create an input stream from the file containing the certificate. 
     InputStream is =new FileInputStream(new File("D://validcertFormCa.pfx")); 
     /* 
     * CertificateFactory object is used for reading Certificates, CRL and 
     * CertPaths. Create a factory object using the standard SPI pattern 
     * used in JCA. 
     */ 
     CertificateFactory factory = 
       CertificateFactory.getInstance("X.509", "BC"); 

     /* 
     * Generate a X509 Certificate initialized with the data read from the 
     * input stream. 
     */ 
     X509Certificate mastercert = 
       (X509Certificate) factory.generateCertificate(is); 
     java.security.cert.Certificate[] outChain = { trustCert,mastercert }; 
     trustCert.checkValidity(); 
     mastercert.checkValidity(); 
     KeyStore outStore = KeyStore.getInstance("PKCS12"); 
     outStore.load(null, null); 
     outStore.setKeyEntry("my own certificate", privateKey, 
       "admin123".toCharArray(), outChain); 

     OutputStream outputStream = new FileOutputStream(pathtoSave); 
     outStore.store(outputStream, "admin123".toCharArray()); 
     outputStream.flush(); 
     outputStream.close(); 
    } catch (Exception e) { 
     e.printStackTrace(); 
    }

碰上例外

org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException 
    at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(Unknown Source) 
    at java.security.cert.CertificateFactory.generateCertificate(Unknown Source) 
    at com.nextenders.certificategeenrator.CertificateGenerator.testGenerateSignCertWithKeyStore(CertificateGenerator.java:119) 
    at com.nextenders.facadeimplementation.facade.JUnitFacade.main(JUnitFacade.java:11) 
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.ASN1Integer 
    at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source) 
    at org.bouncycastle.asn1.x509.TBSCertificate.getInstance(Unknown Source) 
    at org.bouncycastle.asn1.x509.Certificate.<init>(Unknown Source) 
    at org.bouncycastle.asn1.x509.Certificate.getInstance(Unknown Source) 
    at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(Unknown Source) 
    ... 4 more

来源

2014-01-25 ꜱᴜʀᴇꜱʜ ᴀᴛᴛᴀ

回答

2

什么是mastercert应该是什么?

根据generateCertificate()的文档,它期望“inStream中提供的证书必须是DER编码的,并且可以以二进制或可打印(Base64)编码提供”。换句话说,DER或PEM编码的X509证书。

您是通过说的InputStream提供这什么是PFX文件(PKCS#12文件),而不是DER或PEM编码的证书。

我的建议是使用openssl pkcs12从PKCS#12文件中提取必要的证书,并将其放入单独的文件中,然后更改代码以加载代码,而不是您的PFX文件。

来源

2014-01-25 07:56:13 mpontillo

+0

我想我明白你现在想要做什么。你想创建一个由'mastercert'信任的新证书吗?如果是这样,您需要从该PFX文件中提取私钥,然后使用它来签署使用* new *键签名的CSR。至少,这就是你如何从概念上做到这一点。我不知道Java/Bouncy Castle是否有捷径。 – mpontillo

+0

查看[此问题](http://stackoverflow.com/questions/7230330/sign-csr-using-bouncy-castle)了解有关如何签署CSR的详细信息。 – mpontillo

+0

感谢迈克的宝贵意见。将通过这些。最近进入加密:) –

相关问题

 相关问题