如何使用Java代码从KEYSTORE生成CSR?
功能影响与(但不使文件染色)
一样KEYTOOL -CERTREQ -ALIAS证书_ALIAS -KEYSTORE JSSECACERTS -STOREPASS CHANGEIT -FILE CLINE.CSR.CSR
我刚刚发现"使用Java API生成证书签名请求"
但是我已经有X.509证书,我如何使用此证书在Java中生成CSR?
KeyStore ts = KeyStore.getInstance("JKS");
FileInputStream is = new FileInputStream(trustStoreFileName);
ts.load(is, trustStorePassword.toCharArray());
is.close();
X509Certificate x509Cert = (X509Certificate)ts.getCertificate("certificate_alias");
如何使用上述信息生成CSR?
我只是解决了〜
分享我的所有代码以生成现有证书的CSR。
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream is = new FileInputStream(trustStoreFileName);
ks.load(is, trustStorePassword.toCharArray());
is.close();
X509Certificate x509Cert = (X509Certificate)ks.getCertificate("certificate_alias");
X500Principal principal = x509Cert.getSubjectX500Principal();
X500Name x500Name = new X500Name( principal.getName() );
PublicKey publicKey = x509Cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) ks.getKey("certificate_alias", trustStorePassword.toCharArray());
String sigAlg = x509Cert.getSigAlgName();
PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
pkcs10.print(ps);
byte[] c = bs.toByteArray();
try {
if (ps != null)
ps.close();
if (bs != null)
bs.close();
} catch (Throwable th) {
}
您需要证书和私钥的公共密钥才能签署CSR。JK可以包含X509证书和钥匙对。因此,请确保您拥有它
PrivateKey privateKey = ts.getPrivateKey("certificate_alias");
签署CSR后,CA将发出新的X509Certificate。但是,重复使用现有密钥(本来可以妥协的)并不是通常的签发新证书。建议生成新的键对