我正在尝试移植JXTA以在App Engine上运行。鉴于App Engine尚不支持BouncyCastle“ BC”提供程序,我必须移植现有的JXTA代码以使用白名单类生成X509Certificate。我对Crypto的了解很少,而且我不确定我要实现的目标是否可能。这是来自JXTA项目的PSEUtils.java的原始代码:
有一个包含java.security.cert.X509Certificate的帮助器类:]
public static class IssuerInfo {
public X509Certificate cert; // subject Cert
public PrivateKey subjectPkey; // subject private key
public X509Certificate issuer; // issuer Cert
public PrivateKey issuerPkey; // issuer private key
}
在方法中:
public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo)
我将主题传递为:
new X500Principal("CN="+useCN)
密钥对为(来自原始代码:]
KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
g.initialize(1024, UTILS.srng);
KeyPair keypair = g.generateKeyPair();
和jxta编码的IssuerInfo。
现在,由于我无法拉进bouncycastle.jce软件包,因此我不得不删除JXTA使用的X509Principal和X509V3CertificateGenerator代码,并尝试用符合GAE限制的实现替换它。这是我目前使用org.bouncycastle.X509.X509v3CertificateBuilder的genCert方法的内容。
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded()); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( new X500Name(issuer.getName()), BigInteger.ONE, today, until, new X500Name(subject.getName()), subPubKeyInfo);问题是我无法使
keypair.getPublic().getEncoded()与SubjectPublicKeyInfo.getInstance()方法一起使用。抛出java.lang.IllegalArgumentException:工厂未知对象:[B
检查时似乎填充了公钥:
Sun RSA public key, 1024 bits modulus: 117521430893506212334140912845641570591161279468597426442875306202350445904550279678434051874985419676760802566018092318362676224355315431299979507080364677679613392086245588766565617009250512996843008784370448997729071786062596049780632058501646041736216482596596901215941577208285499619376322050871534546271 public exponent: 65537我发现了以下SO链接,该链接演示了此代码的工作原理:
我尝试转换genCert的方法在下面,但由于某种原因,我无法摆脱从编码的公共密钥创建SubjectPublicKeyInfo吗?
非常感谢您的帮助。
public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo) {
IssuerInfo info = new IssuerInfo();
try {
// set up issuer
PrivateKey signer;
X500Principal issuer;
if (null == issuerinfo) { // self-signed root cert
signer = keypair.getPrivate();
issuer = new X500Principal(subject.getEncoded());
} else { // issuer signed service sert
signer = issuerinfo.subjectPkey;
X500Principal issuer_subject = issuerinfo.cert.getSubjectX500Principal();
issuer = new X500Principal(issuer_subject.getEncoded());
}
// set validity 10 years from today
Date today = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(today);
cal.add(Calendar.YEAR, 10);
Date until = cal.getTime();
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
//**Can't get here so i'm not sure if the rest of this works?**
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
RSAPrivateCrtKeyParameters cps = (RSAPrivateCrtKeyParameters) keypair.getPrivate();
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(cps);
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// Read user Certificate
InputStream is1 = new ByteArrayInputStream(certHolder.getEncoded());
X509Certificate eeCert = (X509Certificate) cf.generateCertificate(is1);
is1.close();
我正在尝试移植JXTA以在App Engine上运行。鉴于App Engine尚不支持BouncyCastle“ BC”提供程序,我必须移植现有的JXTA代码以生成X509Certificate ...
我能够在Rene Mayrhofer的代码的帮助下完成此任务。我提供了仅在本地测试环境中进行过测试的实现,但它似乎可以正常工作: