将充气城堡 X509Certificate 投射到 Java.security.cert.Certificate[]
Casting bouncy castle X509Certificate to Java.security.cert.Certificate[]
我在 java 中使用充气城堡生成了 RSA x509 证书。代码如下:
public static X509Certificate generateCert()
{
try
{
Security.addProvider(new BouncyCastleProvider());
// generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// build a certificate generator
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal dnName = new X500Principal("cn=example");
// add some options
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(new X509Name("dc=name"));
certGen.setIssuerDN(dnName); // use the same
// yesterday
certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000));
// in 2 years
certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000));
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256withRSA");
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
mCurrentRSAKeyPair = keyPair;
// finally, sign the certificate with the private key of the same KeyPair
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
return cert;
}
catch (Exception e)
{
e.printStackTrace();
return null;
}
}
我希望能够将返回的 X509Cerificate 转换为 java.security.cert 证书[],但它说它们不兼容。我需要将此证书数组用于 android 密钥库:
public RSA(char[] password) throws Exception
{
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
Enumeration<String> aliases = ks.aliases();
if(!aliases.hasMoreElements())
{
//mCurrentCertificate is the X509Certificate
mCurrentCertificate = generateCert();
//Store the new keypair
FileInputStream fs = null;
ks.load(fs, password);
KeyStore.ProtectionParameter protParam =
new KeyStore.PasswordProtection(password);
Object cert = mCurrentCertificate.getEncoded();
java.security.cert.Certificate[] myCert = (java.security.cert.Certificate[]) cert; //CAST HERE
KeyStore.PrivateKeyEntry pkEntry =
new KeyStore.PrivateKeyEntry(mCurrentRSAKeyPair.getPrivate(),
myCert);
ks.setEntry("UserKey", pkEntry, protParam);
}
}
myCert 是证书数组,cert 是字节数组(由 getEncoded() 返回)。
您应该将 mCurrentCertificate 变量放在一个数组中:
java.security.cert.Certificate[] myCert = new java.security.cert.Certificate[] { (java.security.cert.Certificate) mCurrentCertificate};
// not sure if needs to cast mCurrentCertificate
我在 java 中使用充气城堡生成了 RSA x509 证书。代码如下:
public static X509Certificate generateCert()
{
try
{
Security.addProvider(new BouncyCastleProvider());
// generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// build a certificate generator
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal dnName = new X500Principal("cn=example");
// add some options
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(new X509Name("dc=name"));
certGen.setIssuerDN(dnName); // use the same
// yesterday
certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000));
// in 2 years
certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000));
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256withRSA");
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
mCurrentRSAKeyPair = keyPair;
// finally, sign the certificate with the private key of the same KeyPair
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
return cert;
}
catch (Exception e)
{
e.printStackTrace();
return null;
}
}
我希望能够将返回的 X509Cerificate 转换为 java.security.cert 证书[],但它说它们不兼容。我需要将此证书数组用于 android 密钥库:
public RSA(char[] password) throws Exception
{
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
Enumeration<String> aliases = ks.aliases();
if(!aliases.hasMoreElements())
{
//mCurrentCertificate is the X509Certificate
mCurrentCertificate = generateCert();
//Store the new keypair
FileInputStream fs = null;
ks.load(fs, password);
KeyStore.ProtectionParameter protParam =
new KeyStore.PasswordProtection(password);
Object cert = mCurrentCertificate.getEncoded();
java.security.cert.Certificate[] myCert = (java.security.cert.Certificate[]) cert; //CAST HERE
KeyStore.PrivateKeyEntry pkEntry =
new KeyStore.PrivateKeyEntry(mCurrentRSAKeyPair.getPrivate(),
myCert);
ks.setEntry("UserKey", pkEntry, protParam);
}
}
myCert 是证书数组,cert 是字节数组(由 getEncoded() 返回)。
您应该将 mCurrentCertificate 变量放在一个数组中:
java.security.cert.Certificate[] myCert = new java.security.cert.Certificate[] { (java.security.cert.Certificate) mCurrentCertificate};
// not sure if needs to cast mCurrentCertificate