Java Tutorial/Security/KeyPairGenerator — различия между версиями

Материал из Java эксперт
Перейти к: навигация, поиск
 
м (1 версия)
 
(нет различий)

Текущая версия на 05:01, 1 июня 2010

Adding Extensions to a Certification Request

import java.io.OutputStreamWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.openssl.PEMWriter;
public class MainClass {
  public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
    GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.rfc822Name,
        "test@test.test"));
    Vector oids = new Vector();
    Vector values = new Vector();
    oids.add(X509Extensions.SubjectAlternativeName);
    values.add(new X509Extension(false, new DEROctetString(subjectAltName)));
    X509Extensions extensions = new X509Extensions(oids, values);
    Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
        new DERSet(extensions));
    return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
        "CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair
        .getPrivate());
  }
  public static void main(String[] args) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    kpGen.initialize(1024, new SecureRandom());
    KeyPair pair = kpGen.generateKeyPair();
    PKCS10CertificationRequest request = generateRequest(pair);
    PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
    pemWrt.writeObject(request);
    pemWrt.close();
  }
}
/*-----BEGIN CERTIFICATE REQUEST-----
MIIBkDCB+gIBADAlMSMwIQYDVQQDExpSZXF1ZXN0ZWQgVGVzdCBDZXJ0aWZpY2F0
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArbtf7LlFX+hg/kYX0a6dLmLW
UHHpiHH6UW4CF0X240kAsThW8xpFe+rHMDW0NlpHCotQ6NVAJqNm+y6FInvu0+fO
4tq4GKJVw0ewEL//IsD+1lBWBDSmeUq3P2ONRDft7gyW5R3NAja3ihoTJaSd3SWZ
GBdhFZdx75WsomPMmtkCAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIw
EIEOdGVzdEB0ZXN0LnRlc3QwDQYJKoZIhvcNAQELBQADgYEAbDa0nbtl57NDYyc8
yxuXLrDNrcG9qaDXR9bcWsvk6dR9zg1aTr9KtBT8iKoS41xW25ndRN/xH0ft2oWN
UzD4ADDUu48Jtc9lk52ei44w4u2pQk4BhY1lgO8eZY9y4SCuT6C28mqxNZ4Jq8lb
wQzxBmdTgd8873ebGdi5ZdpIlMI=
-----END CERTIFICATE REQUEST-----
*/





Asymmetric Key Maker

import java.security.KeyPair;
import java.security.KeyPairGenerator;
public class Main {
  public static void main(String[] args) throws Exception {
    String algorithm = "";
    KeyPair keyPair = KeyPairGenerator.getInstance(algorithm).generateKeyPair();
    System.out.println(keyPair.getPublic());
    System.out.println(keyPair.getPrivate());
  }
}





Creating a Certificate from a Certification Request

import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
public class MainClass {
  public static KeyPair generateRSAKeyPair() throws Exception {
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    kpGen.initialize(1024, new SecureRandom());
    return kpGen.generateKeyPair();
  }
  public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
    return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
        "CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate());
  }
  public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException,
      NoSuchProviderException, SignatureException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
    certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
    certGen.setPublicKey(pair.getPublic());
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    return certGen.generateX509Certificate(pair.getPrivate(), "BC");
  }
  public static X509Certificate[] buildChain() throws Exception {
    KeyPair pair = generateRSAKeyPair();
    PKCS10CertificationRequest request = generateRequest(pair);
    KeyPair rootPair = generateRSAKeyPair();
    X509Certificate rootCert = generateV1Certificate(rootPair);
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(rootCert.getSubjectX500Principal());
    certGen.setNotBefore(new Date(System.currentTimeMillis()));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
    certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
    certGen.setPublicKey(request.getPublicKey("BC"));
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
        new AuthorityKeyIdentifierStructure(rootCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier,
    false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
        | KeyUsage.keyEncipherment));
    certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(
        KeyPurposeId.id_kp_serverAuth));
    ASN1Set attributes = request.getCertificationRequestInfo().getAttributes();
    for (int i = 0; i != attributes.size(); i++) {
      Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));
      if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
          DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
          X509Extension ext = extensions.getExtension(oid);
          certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
        }
      }
    }
    X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate());
    return new X509Certificate[] { issuedCert, rootCert };
  }
  public static void main(String[] args) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    X509Certificate[] chain = buildChain();
    PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
    pemWrt.writeObject(chain[0]);
    pemWrt.writeObject(chain[1]);
    pemWrt.close();
  }
}





Creating a Certification Request

import java.io.OutputStreamWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.openssl.PEMWriter;
public class MainClass {
  public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception {
    return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
        "CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate());
  }
  public static void main(String[] args) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    kpGen.initialize(1024, new SecureRandom());
    KeyPair pair = kpGen.generateKeyPair();
    PKCS10CertificationRequest request = generateRequest(pair);
    PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
    pemWrt.writeObject(request);
    pemWrt.close();
  }
}
/*-----BEGIN CERTIFICATE REQUEST-----
MIIBYjCBzAIBADAlMSMwIQYDVQQDExpSZXF1ZXN0ZWQgVGVzdCBDZXJ0aWZpY2F0
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnIGtHELGBMJe9LUTDfMktFOG
2mlu9QKuCqpOB3lwsOg1AK4MkD+Bez6KVSOASvbjWCqqdmHAJsGWcpUpjJqm4tfg
r9KGSjDN4LJzR6cd0RZTHWzgud9t7peUBlowVZVJen0962wx6AeYNr8RG9jbcBPe
Ma4mbA3EeWvmZCo4aQcCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCPRr5QBLH0Zfz5
j+MUO7NN+vZMu0bPxQiiZEAWiSbJ63Zp6UK6TV8SYTxjmSGS27KILY+oSHR7lSz0
XNEkLSCuJRRdtAF0GSz7MmSWFt8mwMr0i0ntbSWDVpZShH3pRi/8E+J3KnqT+Cs5
oVhUVFYBLncrinDPgDzVR98CapCI6g==
-----END CERTIFICATE REQUEST-----*/





Generate a 576-bit DH key pair

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
public class Main {
  public static void main(String[] argv) throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    keyGen.initialize(576);
    KeyPair keypair = keyGen.genKeyPair();
    PrivateKey privateKey = keypair.getPrivate();
    PublicKey publicKey = keypair.getPublic();
  }
}





Generating a Public/Private Key Pair

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
public class Main {
  public static void main(String[] argv) throws Exception {
    // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
    keyGen.initialize(1024);
    KeyPair keypair = keyGen.genKeyPair();
    PrivateKey privateKey = keypair.getPrivate();
    System.out.println(privateKey);
    PublicKey publicKey = keypair.getPublic();
    System.out.println(publicKey);
  }
}





Getting the Bytes of a Generated Key Pair

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
public class Main {
  public static void main(String[] argv) throws Exception {
    String algorithm = "DSA"; // or RSA, DH, etc.
    // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
    keyGen.initialize(1024);
    KeyPair keypair = keyGen.genKeyPair();
    PrivateKey privateKey = keypair.getPrivate();
    PublicKey publicKey = keypair.getPublic();
  }
}





The bytes can be converted back to public and private key objects

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.EncodedKeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
public class Main {
  public static void main(String[] argv) throws Exception {
    String algorithm = "DSA"; // or RSA, DH, etc.
    // Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
    keyGen.initialize(1024);
    KeyPair keypair = keyGen.genKeyPair();
    PrivateKey privateKey = keypair.getPrivate();
    PublicKey publicKey = keypair.getPublic();
    byte[] privateKeyBytes = privateKey.getEncoded();
    byte[] publicKeyBytes = publicKey.getEncoded();
    
    KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
    EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
    PrivateKey privateKey2 = keyFactory.generatePrivate(privateKeySpec);
    EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);
    PublicKey publicKey2 = keyFactory.generatePublic(publicKeySpec);
    // The orginal and new keys are the same
    boolean same = privateKey.equals(privateKey2); 
    same = publicKey.equals(publicKey2); 
  }
}