您的位置: 首页  >  技术问答  >  如何在Android中动态创建BKS密钥库+证书

如何在Android中动态创建BKS密钥库+证书

分类: 技术问答 2022-08-31 12:17:00
问题描述:

我在动态创建(不使用keytool)android中的BKS密钥库+证书时遇到问题。如何在Android中动态创建BKS密钥库+证书

我已经在我的桌面应用程序创建一个BKS密钥库与BouncyCastle的: SEE:

public class KeyStoreGenerator { 

public static void main(String[] args){ 
    generateKeyStore("1234567", "Burcu Cinarci", "TU Dortmund", "Informatik", "Dortmund", "NRW", "DE"); 
} 
public static void generateKeyStore(String password, String cn, String o, String ou, String l, String st, String c) { 
    try { 
     Security.addProvider(new BouncyCastleProvider()); 
     final java.security.KeyPairGenerator rsaKeyPairGenerator = java.security.KeyPairGenerator.getInstance("RSA"); 
     rsaKeyPairGenerator.initialize(2048); 
     final KeyPair rsaKeyPair = 
rsaKeyPairGenerator.generateKeyPair(); 

     // Generate the key store de type JCEKS 
     Provider[] ps = Security.getProviders(); 
     for (int i = 0; i < ps.length; i++) 
      System.out.println("" + ps[i].getName()); 

     final KeyStore ks = KeyStore.getInstance("BKS"); 
     ks.load(null); 

     final RSAPublicKey rsaPublicKey = (RSAPublicKey) rsaKeyPair.getPublic(); 

     System.out.println("LOG: format "+rsaPublicKey.getFormat()); 
     char[] pw = password.toCharArray(); 

     final RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); 
     final java.security.cert.X509Certificate certificate = makeCertificate(rsaPrivateKey, rsaPublicKey, cn, o, ou, l, st, c); 
     final java.security.cert.X509Certificate[] certificateChain = { certificate }; 

certificateChain); 
     ks.setKeyEntry("operator", rsaKeyPair.getPrivate(), pw, certificateChain); 

     File keyStoreFile= new File("keyStore.ks"); 
     final FileOutputStream fos = new FileOutputStream(
       keyStoreFile); 
     ks.store(fos, pw); 
     fos.close(); 
     System.out.println(keyStoreFile.getAbsolutePath()); 

     System.setProperty("javax.net.ssl.keyStore", 
       keyStoreFile.getAbsolutePath()); 
     System.setProperty("javax.net.ssl.keyStorePassword", "1234567"); 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
} 

public static X509Certificate makeCertificate(PrivateKey issuerPrivateKey, 
     PublicKey subjectPublicKey, String cn, String o, String ou, String l, String st, String c) throws Exception { 

    final org.bouncycastle.asn1.x509.X509Name issuerDN = new org.bouncycastle.asn1.x509.X509Name(
      "CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c); 

    final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name(
      "CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c); 
    final int daysTillExpiry = 10 * 365; 

    final Calendar expiry = Calendar.getInstance(); 
    expiry.add(Calendar.DAY_OF_YEAR, daysTillExpiry); 

    final org.bouncycastle.x509.X509V3CertificateGenerator certificateGenerator = new org.bouncycastle.x509.X509V3CertificateGenerator(); 

    certificateGenerator.setSerialNumber(java.math.BigInteger 
      .valueOf(System.currentTimeMillis())); 
    certificateGenerator.setIssuerDN(issuerDN); 

    certificateGenerator.setSubjectDN(subjectDN); 
    certificateGenerator.setPublicKey(subjectPublicKey); 
    certificateGenerator.setNotBefore(new Date()); 
    certificateGenerator.setNotAfter(expiry.getTime()); 

    certificateGenerator.setSignatureAlgorithm("MD5WithRSA"); 

    return certificateGenerator.generate(issuerPrivateKey); 
} 

}

但在我的Android SDK中,我不能老是添加BouncyCastle的-jar文件,因为它已经包含在android中。 (作为供应商已经存在bouncycastle)

但为什么我找不到“org.bouncycastle ...”包?

在梅索德makeCertificate,其中动态生成的证书下面的代码,不起作用,因为日食无法找到特定的封装:

final org.bouncycastle.asn1.x509.X509Name subjectDN = new org.bouncycastle.asn1.x509.X509Name("CN="+cn+", OU="+ou+", O="+o+", L="+l+", 
ST="+st+", C="+c);

我试图增加额外的bouncycastle.jar文件,但它没有工作,因为充气城堡的冗余。

感谢您的帖子..问题依旧,那Android的不`吨知道类 X509V3CertificateGenerator和 X509Principal。

Android不知道任何类型的bouncycastle。我可以改变类X509Principal以X500Principal的,它存在于包装javax.security.auth.x500中,但我不能代替任何类的CertificateGenerator

THX

+0

org.bouncycastle.asn1.x509.X509Name是在bcprov-jdk.jar – Cratylus 2012-01-09 21:35:00

+0

我知道,类是在jar文件中,但我不能将jar文件添加到我的android sdk,因为它已经存在了作为提供者在Android SDK:S – 2012-01-13 10:45:38

我不知道为什么你说异常,后是难以阅读由于格式错误,但如果你的问题是该行:

final org.bouncycastle.asn1.x509.X509Name issuerDN = new org.bouncycastle.asn1.x509.X509Name( "CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c);

你不需要这一点。

执行以下操作:

String dn = "CN="+cn+", OU="+ou+", O="+o+", L="+l+", ST="+st+", C="+c; 
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); 
certificateGenerator.setSubjectDN(new X509Principal(dn));

这应该为你工作正常。

+0

谢谢你的帖子..问题仍然是,Android不知道类X509V3CertificateGenerator和X509Principal。 Android不知道任何类型的bouncycastle。我可以将类X509Principal更改为X500Principal,它存在于包javax.security.auth中。X500但我不能代替任何类的CertificateGenerator THX – 2012-01-13 11:16:11

+0

但我并不是说要改变不同的'certificateGenerator'.The唯一的代码是您在证书发生器做'setSubjectDN' – Cratylus 2012-01-13 16:44:22

Android中包含的bouncycastle“已瘫痪”。如果您想在桌面应用程序中使用完整的bouncycastle库,请参阅the spongycastle library

它与Bouncycastle基本相同,除了所有包名已从org.bouncycastle。*移至org.spongycastle。*。

因此,在你的代码中,包含海绵堡垒库,并用org.spongycastle。*替换每个org.bouncycastle。*,并且它应该像魅力一样工作。

相关推荐