Java Tutorial/Security/KeyPairGenerator

Материал из Java эксперт
Перейти к: навигация, поиск

Adding Extensions to a Certification Request

   <source lang="java">

import java.io.OutputStreamWriter; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.SecureRandom; import java.security.Security; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.openssl.PEMWriter; public class MainClass { 

 public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
   GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.rfc822Name,
       "test@test.test"));
   Vector oids = new Vector();
   Vector values = new Vector();
   oids.add(X509Extensions.SubjectAlternativeName);
   values.add(new X509Extension(false, new DEROctetString(subjectAltName)));
   X509Extensions extensions = new X509Extensions(oids, values);
   Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
       new DERSet(extensions));
   return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
       "CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair
       .getPrivate());
 }
 public static void main(String[] args) throws Exception {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
   kpGen.initialize(1024, new SecureRandom());
   KeyPair pair = kpGen.generateKeyPair();
   PKCS10CertificationRequest request = generateRequest(pair);
   PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
   pemWrt.writeObject(request);
   pemWrt.close();
 }

} /*-----BEGIN CERTIFICATE REQUEST----- MIIBkDCB+gIBADAlMSMwIQYDVQQDExpSZXF1ZXN0ZWQgVGVzdCBDZXJ0aWZpY2F0 ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArbtf7LlFX+hg/kYX0a6dLmLW UHHpiHH6UW4CF0X240kAsThW8xpFe+rHMDW0NlpHCotQ6NVAJqNm+y6FInvu0+fO 4tq4GKJVw0ewEL//IsD+1lBWBDSmeUq3P2ONRDft7gyW5R3NAja3ihoTJaSd3SWZ GBdhFZdx75WsomPMmtkCAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIw EIEOdGVzdEB0ZXN0LnRlc3QwDQYJKoZIhvcNAQELBQADgYEAbDa0nbtl57NDYyc8 yxuXLrDNrcG9qaDXR9bcWsvk6dR9zg1aTr9KtBT8iKoS41xW25ndRN/xH0ft2oWN UzD4ADDUu48Jtc9lk52ei44w4u2pQk4BhY1lgO8eZY9y4SCuT6C28mqxNZ4Jq8lb wQzxBmdTgd8873ebGdi5ZdpIlMI=

END CERTIFICATE REQUEST-----
  • /</source>





Asymmetric Key Maker

   <source lang="java">

import java.security.KeyPair; import java.security.KeyPairGenerator; public class Main { 

 public static void main(String[] args) throws Exception {
   String algorithm = "";
   KeyPair keyPair = KeyPairGenerator.getInstance(algorithm).generateKeyPair();
   System.out.println(keyPair.getPublic());
   System.out.println(keyPair.getPrivate());
 }

}</source>





Creating a Certificate from a Certification Request

   <source lang="java">

import java.io.OutputStreamWriter; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.ExtendedKeyUsage; import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.openssl.PEMWriter; import org.bouncycastle.x509.X509V1CertificateGenerator; import org.bouncycastle.x509.X509V3CertificateGenerator; import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure; import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure; public class MainClass { 

 public static KeyPair generateRSAKeyPair() throws Exception {
   KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
   kpGen.initialize(1024, new SecureRandom());
   return kpGen.generateKeyPair();
 }
 public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
   return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
       "CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate());
 }
 public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException,
     NoSuchProviderException, SignatureException {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
   certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
   certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
   certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
   certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
   certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
   certGen.setPublicKey(pair.getPublic());
   certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
   return certGen.generateX509Certificate(pair.getPrivate(), "BC");
 }
 public static X509Certificate[] buildChain() throws Exception {
   KeyPair pair = generateRSAKeyPair();
   PKCS10CertificationRequest request = generateRequest(pair);
   KeyPair rootPair = generateRSAKeyPair();
   X509Certificate rootCert = generateV1Certificate(rootPair);
   X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
   certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
   certGen.setIssuerDN(rootCert.getSubjectX500Principal());
   certGen.setNotBefore(new Date(System.currentTimeMillis()));
   certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
   certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
   certGen.setPublicKey(request.getPublicKey("BC"));
   certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
   certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
       new AuthorityKeyIdentifierStructure(rootCert));
   certGen.addExtension(X509Extensions.SubjectKeyIdentifier,
   false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
   certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
   certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
       | KeyUsage.keyEncipherment));
   certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(
       KeyPurposeId.id_kp_serverAuth));
   ASN1Set attributes = request.getCertificationRequestInfo().getAttributes();
   for (int i = 0; i != attributes.size(); i++) {
     Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));
     if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
       X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
       Enumeration e = extensions.oids();
       while (e.hasMoreElements()) {
         DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
         X509Extension ext = extensions.getExtension(oid);
         certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
       }
     }
   }
   X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate());
   return new X509Certificate[] { issuedCert, rootCert };
 }
 public static void main(String[] args) throws Exception {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   X509Certificate[] chain = buildChain();
   PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
   pemWrt.writeObject(chain[0]);
   pemWrt.writeObject(chain[1]);
   pemWrt.close();
 }

}</source>





Creating a Certification Request

   <source lang="java">

import java.io.OutputStreamWriter; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.SecureRandom; import java.security.Security; import javax.security.auth.x500.X500Principal; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.openssl.PEMWriter; public class MainClass { 

 public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
   return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
       "CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate());
 }
 public static void main(String[] args) throws Exception {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
   kpGen.initialize(1024, new SecureRandom());
   KeyPair pair = kpGen.generateKeyPair();
   PKCS10CertificationRequest request = generateRequest(pair);
   PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
   pemWrt.writeObject(request);
   pemWrt.close();
 }

} /*-----BEGIN CERTIFICATE REQUEST----- MIIBYjCBzAIBADAlMSMwIQYDVQQDExpSZXF1ZXN0ZWQgVGVzdCBDZXJ0aWZpY2F0 ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnIGtHELGBMJe9LUTDfMktFOG 2mlu9QKuCqpOB3lwsOg1AK4MkD+Bez6KVSOASvbjWCqqdmHAJsGWcpUpjJqm4tfg r9KGSjDN4LJzR6cd0RZTHWzgud9t7peUBlowVZVJen0962wx6AeYNr8RG9jbcBPe Ma4mbA3EeWvmZCo4aQcCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCPRr5QBLH0Zfz5 j+MUO7NN+vZMu0bPxQiiZEAWiSbJ63Zp6UK6TV8SYTxjmSGS27KILY+oSHR7lSz0 XNEkLSCuJRRdtAF0GSz7MmSWFt8mwMr0i0ntbSWDVpZShH3pRi/8E+J3KnqT+Cs5 oVhUVFYBLncrinDPgDzVR98CapCI6g==

END CERTIFICATE REQUEST-----*/</source>





Generate a 576-bit DH key pair

   <source lang="java">

import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; public class Main { 

 public static void main(String[] argv) throws Exception {
   KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
   keyGen.initialize(576);
   KeyPair keypair = keyGen.genKeyPair();
   PrivateKey privateKey = keypair.getPrivate();
   PublicKey publicKey = keypair.getPublic();
 }

}</source>





Generating a Public/Private Key Pair

   <source lang="java">

import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; public class Main { 

 public static void main(String[] argv) throws Exception {
   // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
   KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
   keyGen.initialize(1024);
   KeyPair keypair = keyGen.genKeyPair();
   PrivateKey privateKey = keypair.getPrivate();
   System.out.println(privateKey);
   PublicKey publicKey = keypair.getPublic();
   System.out.println(publicKey);
 }

}</source>





Getting the Bytes of a Generated Key Pair

   <source lang="java">

import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; public class Main { 

 public static void main(String[] argv) throws Exception {
   String algorithm = "DSA"; // or RSA, DH, etc.
   // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
   KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
   keyGen.initialize(1024);
   KeyPair keypair = keyGen.genKeyPair();
   PrivateKey privateKey = keypair.getPrivate();
   PublicKey publicKey = keypair.getPublic();
 }

}</source>





The bytes can be converted back to public and private key objects

   <source lang="java">

import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.spec.EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; public class Main { 

 public static void main(String[] argv) throws Exception {
   String algorithm = "DSA"; // or RSA, DH, etc.
   // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
   KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
   keyGen.initialize(1024);
   KeyPair keypair = keyGen.genKeyPair();
   PrivateKey privateKey = keypair.getPrivate();
   PublicKey publicKey = keypair.getPublic();
   byte[] privateKeyBytes = privateKey.getEncoded();
   byte[] publicKeyBytes = publicKey.getEncoded();
   
   KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
   EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
   PrivateKey privateKey2 = keyFactory.generatePrivate(privateKeySpec);
   EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);
   PublicKey publicKey2 = keyFactory.generatePublic(publicKeySpec);
   // The orginal and new keys are the same
   boolean same = privateKey.equals(privateKey2); 
   same = publicKey.equals(publicKey2); 
 }

}</source>


Источник — «http://jexp.ru/index.php?title=Java_Tutorial/Security/KeyPairGenerator&oldid=4286»