Java Generate digital Certificate series (iv) Generate digital certificates (cont.)

Order
The previous article talked about Java generating digital certificates, using third-party component BC. This article also introduces the generation of digital certificates, but unlike the previous one, this article uses the KeyStore storage method, the exported certificate file format is PFX, this format of the certificate contains not only the public key, but also contains a private key. The private key can be read from the certificate.

Body
nonsense not much to say, directly on the content.

as in the previous article, here is also the use of bouncy Castle provided by the components, the difference is that the certificate is used in public key cryptography 12th standard generated, abbreviated PKCS12. Specific content here is no longer detailed introduction, the need for children's shoes directly Google on the line. Directly below the code.
Pkcs12test (Test certificate Class)

<span style= "Font-family:comic Sans ms;font-size:12px;" >package Com.cacss.jsceu.core;import Org.bouncycastle.jce.provider.bouncycastleprovider;import Org.bouncycastle.x509.x509v3certificategenerator;import Javax.security.auth.x500.x500principal;import Java.io.fileoutputstream;import Java.io.ioexception;import Java.math.biginteger;import Java.security.*;import Java.security.cert.certificate;import Java.security.cert.certificateexception;import Java.security.cert.x509certificate;import java.util.date;/** * Created with IntelliJ idea. * @author: Lee * @group: Sic-ca * @Date: 2014/12/30 * @Comments: Test Certificate class * @Version: 1.0.0 */public class Pkcs12test {static {//] the algorithm called in the system after the addition of the BC encryption algorithm is the BC algorithm Security.addprovider (New Bouncycastleprovider ());}  public static void Main (String args[]) throws NoSuchAlgorithmException, InvalidKeyException, SecurityException, Signatureexception, Keystoreexception, Certificateexception, IOException {String Certpath = "d:/jason.pfx";//Create KeyStore KeyStore store = keystore.getinstance ("PKCS12"); Store.load (null, NULL);/* The RSA algorithm generates a public and private key */keypairgenerator KPG = Keypairgenerator.getinstance ("RSA"); Kpg.initialize ( 2048); KeyPair KeyPair = Kpg.generatekeypair ();//assembly certificate String issuer = "C=cn,st=bj,l=bj,o=sicca,ou=sc,cn=sicca"; String subject = issuer; X509v3certificategenerator Certgen = new X509v3certificategenerator (); Certgen.setserialnumber (BigInteger.valueOf ( System.currenttimemillis ())); Certgen.setissuerdn (new X500principal (issuer)); Certgen.setnotbefore (New Date ( System.currenttimemillis ()-50000); Certgen.setnotafter (New Date (System.currenttimemillis () + 50000)); Certgen.setsubjectdn (new X500principal (subject)); Certgen.setpublickey (Keypair.getpublic ()); Certgen.setsignaturealgorithm ("Sha256withrsaencryption"); X509Certificate cert = certgen.generatex509certificate (Keypair.getprivate ()); System.out.println (Cert.tostring ());//system.out.println (Keypair.getprivate ());//store.setcertificateentry ( Alias, cert); Store.setkeyentry ("Atlas", Keypair.getprivate ()," Atlas ". ToCharArray (), new certificate[] {cert});  FileOutputStream fout =new FileOutputStream (Certpath); Store.store (Fout, "Atlas". ToCharArray ()); Fout.close (); }/** * Get key Store * * @return * @throws Exception */private KeyStore Getkeystore () throws Exception {KeyStore store = Ke Ystore.getinstance ("PKCS12"); Store.load (null, NULL); return store;}} </span>

The following is the generated certificate, as well as the certificate exported to PFX format.

<span style= "Font-family:microsoft yahei;font-size:12px;" >version:3 serialnumber:1420002634985 issuerdn:cn=sicca,ou=sc,o=sicca,l=bj,st=bj,c=cn Start date:wed Dec 31 13:09  : CST Final date:wed Dec 13:11:25 CST 2014SUBJECTDN:CN=SICCA,OU=SC,O=SICCA,L=BJ,ST=BJ,C=CN public Key:rsa Public Keymodulus: Bafbed3edf15d483b8392c7f71af4b4921af7e251ab6a34c316686dafc1d658babcd549bc0dd1324448bfcf6e604f1860d3661ad19e172e37703540c1 967a4cce969eb6b9890de67a9c830b873a88f51200a4262ae2b5ff54b1dc4c377a26ab3aa7af6dc7525ffc88fd839b0feaa3d761cba036bfdb93c98f9 D41e975f5ed2339075b7abaa9bb262d60ce93d424568c9a3f417a4d7da20092e144fd1f62ac9e1f3d40a3179b84f19763bbb49a945e896c4f5e3d5f30 Bf8b456b42279d381a1568b0eb7a653e932eda9e16218318e51985e5a53685600a15e6e256092692209909641a0eae99054ea56f53e0a3d6eef0cb2ee 261363e056f0a26725b4043189c9public exponent:10001signature algorithm:sha256withrsasignature: 3302CF3493D1B8BEB1A1400081FF4B5D2A995CDC fff2f26401d7e8cb90e042edfabcb29e2fe5d70e a2ad288475e43D275787E2481C4DA60302E2EBC7 F897bbd0f6019c6b557678d84044607b9b9d8bd5 f22e1dc75deae1bf17a393b75c8bf5bafda05b86   ec9fa180af896d994c9765d02d3bd4426ce5036c 6BD90B5C2A1CA5789A6AF1599A7BBADE68F85DC3   E99bdf3f6893d8c22e0d72995a323c54b9f25b81 ae6dfc6f9363b7b7b428fb490dec6b734ede7dbe   cc7720e7c6429e4427beb989dcf00b4ef74fb01f 945120555a4b6f3f7d709aaa41f9a689f8719b6d d617f2d96b9b27f7ae346883b6d5b1d33d3c7302 b6b83b89d57324a455517443296e135a</span>

Conclusion
If only look at the certificate file, there is no difference, but, in Windows under the two kinds of certificate open way is not the same, we can go to experience.
It is worth pointing out that the use of KeyStore storage certificate is a good solution, of course, if it involves security issues, you can encrypt the KeyStore, when the certificate is written, set a more secure encryption method, the generated certificate will have access restrictions, need to provide access password. A person without a password cannot access it. Of course, the example I provide is not encrypted. Children's shoes with this requirement can be seen in the Java API.
Finally, I wish you a happy new Year in advance, by the means, now is the last day of 2014.

Java Generate digital Certificate series (iv) Generate digital certificates (cont.)