1. 首頁
  2. 問答
  3. 在文件中寫入PEM編碼證書 - java

在文件中寫入PEM編碼證書 - java

2012-11-25 40 views
0

美好的一天。在文件中寫入PEM編碼證書 - java

我最近使用bouncy castle API創建了X.509證書。

我需要保存證書結果而不是顯示結果。

我試圖使用FileOutputStream,但它不起作用。

問候

的結果就像如下

----- BEGIN CERTIFICATE ----- MIICeTCCAeKgAwIBAgIGATs8OWsXMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMT ...

----- END CERTIFICATE ---- -

的代碼是初級講座

import java.io.FileOutputStream; 
//example of a basic CA 


public class PKCS10CertCreateExample 
{ 
    public static X509Certificate[] buildChain() throws Exception 
    { 
     //create the certification request 
     KeyPair pair = chapter7.Utils.generateRSAKeyPair(); 
     PKCS10CertificationRequest request = 
PKCS10ExtensionExample.generateRequest(pair); 

     //create a root certificate 
     KeyPair rootPair=chapter7.Utils.generateRSAKeyPair(); 
     X509Certificate rootCert = X509V1CreateExample.generateV1Certificate 
(rootPair); 

     //validate the certification request 
     if(!request.verify("BC")) 
     { 
      System.out.println("request failed to verify!"); 
      System.exit(1); 
     } 

     //create the certificate using the information in the request 
     X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); 

     certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); 
     certGen.setIssuerDN(rootCert.getSubjectX500Principal()); 
     certGen.setNotBefore(new Date(System.currentTimeMillis())); 
     certGen.setNotAfter(new Date(System.currentTimeMillis()+50000)); 
     certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject()); 
     certGen.setPublicKey(request.getPublicKey("BC")); 
     certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); 

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); 
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); 
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); 
     //certGen.addExtension(X509Extensions.KeyUsage, true, new BasicConstraints(false)); 
     certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); 
     certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); 

     //extract the extension request attribute 
     ASN1Set attributes = request.getCertificationRequestInfo().getAttributes(); 

     for(int i=0;i!=attributes.size();i++) 
     { 
      Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); 

      //process extension request 
      if(attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) 
      { 
        X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); 

        Enumeration<?> e = extensions.oids(); 
        while(e.hasMoreElements()) 
        { 
         DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); 
         X509Extension ext = extensions.getExtension(oid); 

         certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); 
        } 
       }  
      } 
     X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate()); 
     return new X509Certificate[]{issuedCert, rootCert}; 
     } 


     public static void main(String[] args) throws Exception 
     { 
      X509Certificate[] chain = buildChain(); 
      PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out)); 
      pemWrt.writeObject(chain[0]); 
      //pemWrt.writeObject(chain[1]); 
      pemWrt.close(); 

      //write it out 
      //FileOutputStream fOut = new FileOutputStream("pkcs10req.req"); 
      //fOut.write(chain[0].toString()); 
      //fOut.write() 
      //System.out.println(chain[0].toString());   
      //fOut.close(); 


     } 

    }

來源

2012-11-25 user1349407

+1

問題是什麼? 「不起作用」不是對問題的描述。 –

回答

4

插入下面的方法..

public static void pemEncodeToFile(String filename, Object obj, char[] password) throws Exception{ 
    PEMWriter pw = new PEMWriter(new FileWriter(filename)); 
     if (password != null && password.length > 0) { 
      pw.writeObject(obj, "DESEDE", password, new SecureRandom()); 
     } else { 
      pw.writeObject(obj); 
     } 
     pw.flush(); 
     pw.close(); 
    }

,並調用pemEncodeToFile方法是這樣的。

pemEncodeToFile("pkcs10.pem", chain[0], null);

來源

2012-12-02 17:02:01 user1349407

0

根據documentationPEMWriter預計在其構造函數中執行Writer。所以你可能需要一個FileWriter而不是一個FileOutputStream

來源

2012-11-25 21:22:19 DNA

+0

你能給我一個代碼示例嗎? – user1349407

相關問題

 相關問題