Java 9-13中生成自签名证书的API是什么?
What is the API for generating self-signed certificates in Java 9-13?
我们有一个生成自签名证书的代码 运行 Java 8(api 已在 java 9 中删除)。似乎会有一个新的 API 用于生成从 JDK 9 开始的自签名证书:https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8165481
是否有与以下操作相同的示例:
class Foo{
public Foo(){
CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA256withRSA", null);
keyGen.generate(2048);
rootPrivateKey = keyGen.getPrivateKey();
rootCertificate = keyGen.getSelfCertificate(new X500Name("CN=FooBar"), (long) 24 * 60 * 60);
CertAndKeyGen subKeyGen =new CertAndKeyGen("RSA","SHA256withRSA",null);
subKeyGen.generate(2048);
subPrivateKey = subKeyGen.getPrivateKey();
subCertificate = subKeyGen.getSelfCertificate(new X500Name("CN=FizzBuzz"), (long) 24 * 60 * 60);
rootCertificate = signCertificate(rootCertificate, rootCertificate, rootPrivateKey);
subCertificate = signCertificate(subCertificate, rootCertificate, rootPrivateKey);
X509Certificate[] certChain = new X509Certificate[]{subCertificate,rootCertificate};
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(null, null);
store.setKeyEntry("FizzBuzz Private Key", subPrivateKey, certificatePassword.toCharArray(), certChain);
}
public X509Certificate signCertificate (X509Certificate inputCertificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey)throws Exception {
X509CertInfo info = new X509CertInfo(inputCertificate.getTBSCertificate());
info.set(X509CertInfo.ISSUER, issuerCertificate.getSubjectDN());
X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerCertificate.getSigAlgName());
return outCert;
}
}
在 Java 11?
===============更新===========
功能请求在这里:
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778
您可以使用 OkHttp 的实用程序 类 来实现此目的
https://github.com/square/okhttp/tree/master/okhttp-tls
A HeldCertificate is a certificate and its private key. Use the builder to create a self-signed certificate that a test server can use for HTTPS:
String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
HeldCertificate localhostCertificate = new HeldCertificate.Builder()
.addSubjectAlternativeName(localhost)
.build();
It seems like there will be a new API for generating self-signed certificates starting from JDK 9.
我不认为这是真的。您链接到的 RFE 被标记为 https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778 的副本。后者是 未解决 截至 Java 13 ...意味着 API 被提议仍然没有被纳入 Java标准库。
所以……
What is the Java API for generating self-signed certificates in Java 11?
没有。
如果您想要一个实用的解决方案来生成自签名证书,您将需要使用(或复制)第三方软件,或者使用 Process 等等来驱动 keytool.
我们有一个生成自签名证书的代码 运行 Java 8(api 已在 java 9 中删除)。似乎会有一个新的 API 用于生成从 JDK 9 开始的自签名证书:https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8165481
是否有与以下操作相同的示例:
class Foo{
public Foo(){
CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA256withRSA", null);
keyGen.generate(2048);
rootPrivateKey = keyGen.getPrivateKey();
rootCertificate = keyGen.getSelfCertificate(new X500Name("CN=FooBar"), (long) 24 * 60 * 60);
CertAndKeyGen subKeyGen =new CertAndKeyGen("RSA","SHA256withRSA",null);
subKeyGen.generate(2048);
subPrivateKey = subKeyGen.getPrivateKey();
subCertificate = subKeyGen.getSelfCertificate(new X500Name("CN=FizzBuzz"), (long) 24 * 60 * 60);
rootCertificate = signCertificate(rootCertificate, rootCertificate, rootPrivateKey);
subCertificate = signCertificate(subCertificate, rootCertificate, rootPrivateKey);
X509Certificate[] certChain = new X509Certificate[]{subCertificate,rootCertificate};
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(null, null);
store.setKeyEntry("FizzBuzz Private Key", subPrivateKey, certificatePassword.toCharArray(), certChain);
}
public X509Certificate signCertificate (X509Certificate inputCertificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey)throws Exception {
X509CertInfo info = new X509CertInfo(inputCertificate.getTBSCertificate());
info.set(X509CertInfo.ISSUER, issuerCertificate.getSubjectDN());
X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerCertificate.getSigAlgName());
return outCert;
}
}
在 Java 11?
===============更新===========
功能请求在这里: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778
您可以使用 OkHttp 的实用程序 类 来实现此目的
https://github.com/square/okhttp/tree/master/okhttp-tls
A HeldCertificate is a certificate and its private key. Use the builder to create a self-signed certificate that a test server can use for HTTPS:
String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
HeldCertificate localhostCertificate = new HeldCertificate.Builder()
.addSubjectAlternativeName(localhost)
.build();
It seems like there will be a new API for generating self-signed certificates starting from JDK 9.
我不认为这是真的。您链接到的 RFE 被标记为 https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778 的副本。后者是 未解决 截至 Java 13 ...意味着 API 被提议仍然没有被纳入 Java标准库。
所以……
What is the Java API for generating self-signed certificates in Java 11?
没有。
如果您想要一个实用的解决方案来生成自签名证书,您将需要使用(或复制)第三方软件,或者使用 Process 等等来驱动 keytool.