Generazione del certificato X509 utilizzando Bouncy Castle Java

Question

Sto cercando un esempio o un'esercitazione per generare certificati X509 utilizzando BC in Java.

Un sacco di esempi stanno avendo/utilizzando API deprecato. Ho dato uno sguardo a BC, ma non mostra quale classe fa cosa o nessun documento/esempio appropriato.

Per favore Se qualcuno ne ha idea, per favore indicami un tutorial in cui posso usare BC per generare i certificati X509. [Generazione e scrittura delle chiavi pubbliche e private per i file]

Answer 1

Il X509v3CertificateBuilder sembra la classe da utilizzare. Esistono alcuni esempi di utilizzo della nuova API su bouncycastle wiki.

Answer 2

Creazione di KeyPairGenerator:

private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier, 
     int bitCount) throws NoSuchProviderException, 
     NoSuchAlgorithmException { 
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(
      algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME); 
    kpg.initialize(bitCount); 
    return kpg; 
} 

Creazione di coppia di chiavi:

private KeyPair createKeyPair(String encryptionType, int byteCount) 
    throws NoSuchProviderException, NoSuchAlgorithmException 
{ 
    KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount); 
    KeyPair keyPair = keyPairGenerator.genKeyPair(); 
    return keyPair; 
} 

KeyPair keyPair = createKeyPair("RSA", 4096); 

Conversione cose da PEM (può essere scritto in un file):

private String convertCertificateToPEM(X509Certificate signedCertificate) throws IOException { 
    StringWriter signedCertificatePEMDataStringWriter = new StringWriter(); 
    JcaPEMWriter pemWriter = new JcaPEMWriter(signedCertificatePEMDataStringWriter); 
    pemWriter.writeObject(signedCertificate); 
    pemWriter.close(); 
    return signedCertificatePEMDataStringWriter.toString(); 
    } 

Creazione di X509Certificate:

X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
    serverCertificate, new BigInteger("1"), 
    new Date(System.currentTimeMillis()), 
    new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L), 
    jcaPKCS10CertificationRequest.getSubject(), 
    jcaPKCS10CertificationRequest.getPublicKey() 
/*).addExtension(
    new ASN1ObjectIdentifier("2.5.29.35"), 
    false, 
    new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/ 
).addExtension(
     new ASN1ObjectIdentifier("2.5.29.19"), 
     false, 
     new BasicConstraints(false) // true if it is allowed to sign other certs 
).addExtension(
     new ASN1ObjectIdentifier("2.5.29.15"), 
     true, 
     new X509KeyUsage(
      X509KeyUsage.digitalSignature | 
       X509KeyUsage.nonRepudiation | 
       X509KeyUsage.keyEncipherment | 
       X509KeyUsage.dataEncipherment)); 

Firma:

ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(signingKeyPair.getPrivate()); 


    X509CertificateHolder x509CertificateHolder = certificateBuilder.build(sigGen); 
    org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure = 
     x509CertificateHolder.toASN1Structure(); 
    return eeX509CertificateStructure; 
    } 

    private X509Certificate readCertificateFromASN1Certificate(
    org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure, 
    CertificateFactory certificateFactory) 
    throws IOException, CertificateException { // 
    // Read Certificate 
    InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); 
    X509Certificate signedCertificate = 
     (X509Certificate) certificateFactory.generateCertificate(is1); 
    return signedCertificate; 
    } 

CertificateFactory:

certificateFactory = CertificateFactory.getInstance("X.509", 
     BouncyCastleProvider.PROVIDER_NAME);