Java generated digital certificate series (iii) generating digital certificates

Order
The first two of the basic concepts and composition are roughly said, today's article, mainly about how to use Java code to generate a CA certificate, as well as when generating certificates, you need to set some properties.

Body
Nonsense not much to say, directly on the content.
Here is the Java API, and a third-party component,--BC, (bouncy Castle). A little introduction to the Bc,bouncy Castle is a lightweight, open-source cryptographic package for the Java platform. It supports a large number of cryptographic algorithms and provides the implementation of JCE 1.2.1. And what we're going to use is a very common RSA encryption algorithm for asymmetric algorithms.
Let's take a look at the specific code.
CAConfig (Configuration Interface)

<span style= "Font-family:comic Sans ms;font-size:12px;" >package com.cacss.jsceu.context;/** * Created with IntelliJ idea.  * @author: Lee * @group: Sic-ca * @Date: 2014/12/30 * @Comments: Configure interface * @Version: 1.0.0 */public interface CAConfig {/** * C */string ca_c = "CN";/** * ST */string ca_st = "BJ";/** * */string ca_l = "BJ";/**                                                                                                                                                                                                                                  * * String ca_o = "SICCA";/** * ca_root_issuer */string ca_root_issuer= "C=cn,st=bj,l=bj,o=sicca,ou=sc,cn=sicca";/** * CA_ Default_subject */string ca_default_subject= "c=cn,st=bj,l=bj,o=sicca,ou=sc,cn="; String ca_sha= "Sha256withrsaencryption";} </span>

Basecert (Certificate class)

<span style= "Font-family:comic Sans ms;font-size:12px;" >package Com.cacss.jsceu.test;import Com.cacss.jsceu.context.caconfig;import Com.cacss.jsceu.util.CertUtil; Import Com.cacss.jsceu.util.dateutil;import Org.bouncycastle.jce.provider.bouncycastleprovider;import Org.bouncycastle.x509.x509v3certificategenerator;import Javax.security.auth.x500.x500principal;import Java.security.*;import java.security.cert.x509certificate;/** * Created with IntelliJ idea. * @author: Lee * @group: Sic-ca * @Date: 2014/12/30 * @Comments: Certificate class * @Version: 1.0.0 */@SuppressWarnings ("all") pu Blic class Basecert {/** * bouncycastleprovider */static {security.addprovider (New Bouncycastleprovider ());} /** * */protected static Keypairgenerator KPG = null;/** * */public basecert () {try {//using RSA asymmetric algorithm to encrypt KPG =            Keypairgenerator.getinstance ("RSA"); Initialized to 1023-bit kpg.initialize (1024);} catch (NoSuchAlgorithmException e) {e.printstacktrace ();}} /** * Generate X509 Certificate * @param user * @return*/public x509certificate generatecert (String user) {X509Certificate cert = null;try {KeyPair KeyPair = This.kpg.generateK            Eypair ();            Public key PublicKey PubKey = Keypair.getpublic (); Private key Privatekey Prikey = Keypair.getprivate ();            X509v3certificategenerator Certgen = new X509v3certificategenerator ();            Set the serial number Certgen.setserialnumber (Certutil.getnextserialnumber ());            Set issuer Certgen.setissuerdn (new X500principal (Caconfig.ca_root_issuer));            Set validity period Certgen.setnotbefore (Dateutil.getcurrdate ()); Certgen.setnotafter (Dateutil.getnextyear ()); Set User Certgen.setsubjectdn (new X500principal (caconfig.ca_default_subject + user));//Public Key Certgen.setpublickey (            PubKey); Signature Algorithm Certgen.setsignaturealgorithm (caconfig.ca_sha); cert = Certgen.generatex509certificate (PriKey, "BC");} catch (Exception e) {System.out.println (E.getclass () + e.getmessage ());} return cert;}} </span>

Generateca (Test Class)

<span style= "Font-family:comic Sans ms;font-size:12px;" >package Com.cacss.jsceu.test;import Java.io.filenotfoundexception;import Java.io.fileoutputstream;import Java.io.ioexception;import Java.security.cert.certificateencodingexception;import java.security.cert.x509certificate;/** * Created with IntelliJ idea. * @author: Lee * @group: Sic-ca * @Date: 2014/12/30 * @Comments: Test Certificate class * @Version: 1.0.0 */public class Generateca    {private static String Certpath = "D:/lee.cer";        public static void Main (string[] args) {Basecert Basecert = new Basecert ();        X509Certificate cert = Basecert.generatecert ("Lee");        System.out.println (Cert.tostring ());            Export to CER certificate try {fileoutputstream fos = new FileOutputStream (Certpath);            Fos.write (cert.getencoded ());        Fos.close ();        } catch (FileNotFoundException e) {e.printstacktrace (); } catch (Certificateencodingexception e) {E.printstacktracE ();        } catch (IOException e) {e.printstacktrace (); }}}</span>

The following is the generated certificate and the certificate exported as a CER format.
Console printing

<span style= "Font-family:microsoft yahei;font-size:12px;" >version:3 serialnumber:1419920991041 issuerdn:cn=sicca,ou=sc,o=sicca,l=bj,st=bj,c=cn   Start date:tue Dec 30 14:29:51 CST   Final date:wed Dec 14:29:51 CST 2015SUBJECTDN:CN=LEE,OU=SC,O=SICCA,L=BJ,ST=BJ,C=CN public   Key:rsa Public Keymodulus: a9d5cc7de42c9afb468d7eb493bc69721443c0734edcb170ff13e062cc1b8d12e92edd347403d702288c5094ef2d0b2e811e0ee779a5e0a0cb7d5c75f 30c5063eaa87aae7ba06bb3cf6ce6b0a5b0cd0cc2756255aff91fb09266b5dbbb6af491b5313947529d6a1fc30b9407ba1059bae909226c34e196b53c 757a5826ffe147public exponent:10001signature algorithm:sha256withrsasignature: 8b8b725292147e9dbe8054ed99453386e1e6ba3d   8248b31a2dcb477900005207c039898dd2af4675   310471d3097f1aa3b6ff7e197f2ccf292dcd8ad1   ce6f19204a54a2dc8fe1fe118eaf81004ad06c7c   a04631f8a376272ddda5d4ae4980a1e2a3ee444e   A6b80a8532358f5e1a1b82c6a54ea2e36a02d3ea   8758c799df308d78< /SPAN>

CER certificate





Conclusion
I am using a third-party component of the BC package for encryption, using the RSA encryption algorithm, the certificate has a key length of 1024 bits, of course, you can also set to 2048-bit, according to your own needs to choose. However, it is important to note that the use of the public (PrivateWhen the key is encrypted, the length of the string that needs to be encrypted is required, in terms of 1024-bit key length, the length of the string that needs to be encrypted cannot exceed 117 characters, and the formula is calculated as: 1024/8-11 = 117. Therefore, in the encryption of long strings, you need to use the method of Shard encryption, this need to note, of course, the subsequent encryption of the article, I will also explain this point.

Java generated digital certificate series (iii) generating digital certificates