0
我在動態創建(不使用keytool)android中的BKS密鑰庫+證書時遇到問題。如何在Android中動態創建BKS密鑰庫+證書
我已經在我的桌面應用程序創建一個BKS密鑰庫與BouncyCastle的: SEE:
public class KeyStoreGenerator {
public static void main(String[] args){
generateKeyStore("1234567", "Burcu Cinarci", "TU Dortmund", "Informatik", "Dortmund", "NRW", "DE");
}
public static void generateKeyStore(String password, String cn, String o, String ou, String l, String st, String c) {
try {
Security.addProvider(new BouncyCastleProvider());
final java.security.KeyPairGenerator rsaKeyPairGenerator = java.security.KeyPairGenerator.getInstance("RSA");
rsaKeyPairGenerator.initialize(2048);
final KeyPair rsaKeyPair =
rsaKeyPairGenerator.generateKeyPair();
// Generate the key store de type JCEKS
Provider[] ps = Security.getProviders();
for (int i = 0; i < ps.length; i++)
System.out.println("" + ps[i].getName());
final KeyStore ks = KeyStore.getInstance("BKS");
ks.load(null);
final RSAPublicKey rsaPublicKey = (RSAPublicKey) rsaKeyPair.getPublic();
System.out.println("LOG: format "+rsaPublicKey.getFormat());
char[] pw = password.toCharArray();
final RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate();
final java.security.cert.X509Certificate certificate = makeCertificate(rsaPrivateKey, rsaPublicKey, cn, o, ou, l, st, c);
final java.security.cert.X509Certificate[] certificateChain = { certificate };
certificateChain);
ks.setKeyEntry("operator", rsaKeyPair.getPrivate(), pw, certificateChain);
File keyStoreFile= new File("keyStore.ks");
final FileOutputStream fos = new FileOutputStream(
keyStoreFile);
ks.store(fos, pw);
fos.close();
System.out.println(keyStoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.keyStore",
keyStoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.keyStorePassword", "1234567");
} catch (Exception e) {
e.printStackTrace();
}
}
public static X509Certificate makeCertificate(PrivateKey issuerPrivateKey,
PublicKey subjectPublicKey, String cn, String o, String ou, String l, String st, String c) throws Exception {
final org.bouncycastle.asn1.x509.X509Name issuerDN = new org.bouncycastle.asn1.x509.X509Name(
"CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c);
final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name(
"CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c);
final int daysTillExpiry = 10 * 365;
final Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, daysTillExpiry);
final org.bouncycastle.x509.X509V3CertificateGenerator certificateGenerator = new org.bouncycastle.x509.X509V3CertificateGenerator();
certificateGenerator.setSerialNumber(java.math.BigInteger
.valueOf(System.currentTimeMillis()));
certificateGenerator.setIssuerDN(issuerDN);
certificateGenerator.setSubjectDN(subjectDN);
certificateGenerator.setPublicKey(subjectPublicKey);
certificateGenerator.setNotBefore(new Date());
certificateGenerator.setNotAfter(expiry.getTime());
certificateGenerator.setSignatureAlgorithm("MD5WithRSA");
return certificateGenerator.generate(issuerPrivateKey);
}
}
但在我的Android SDK中,我不能老是添加BouncyCastle的-jar文件,因爲它已經包含在android中。 (作爲供應商已經存在bouncycastle)
但爲什麼我找不到「org.bouncycastle ...」包?
在梅索德makeCertificate,其中動態生成的證書下面的代碼,不起作用,因爲日食無法找到特定的封裝:
final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name("CN="+cn+", OU="+ou+", O="+o+", L="+l+",
ST="+st+", C="+c);
我試圖增加額外的bouncycastle.jar文件,但它沒有工作,因爲充氣城堡的冗餘。
感謝您的帖子..問題依舊,那Android的不`噸知道類 X509V3CertificateGenerator和 X509Principal。
Android不知道任何類型的bouncycastle。我可以改變類X509Principal以X500Principal的,它存在於包裝javax.security.auth.x500中,但我不能代替任何類的CertificateGenerator
THX
org.bouncycastle.asn1.x509.X509Name是在bcprov-jdk.jar – Cratylus 2012-01-09 21:35:00
我知道,類是在jar文件中,但我不能將jar文件添加到我的android sdk,因爲它已經存在了作爲提供者在Android SDK:S – 2012-01-13 10:45:38