博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Java代码使用BC库中org.bouncycastle.openssl.PEMWriter 的 代码示例
阅读量:6083 次
发布时间:2019-06-20

本文共 18382 字,大约阅读时间需要 61 分钟。

本文为翻译和转载自 :
以下是显示如何使用 org.bouncycastle.openssl.PEMWriter 的最佳投票示例。 这些示例是从开源项目中提取的。 您可以对您喜欢的示例进行投票,您的投票将在我们的系统中使用,以生成更多好的示例。

示例一 保存密钥和证书到文件中

/**     * 保存私钥和证书至文件     * @throws Exception     */    protected void saveKeyPairAndCertificateToFile() throws Exception {        if(localPrivateKeyFile==null){            LOGGER.info("not saving private key nor certificate");            return;        }        //Encode in PEM format, the format prefered by openssl//    if(false){//      PEMWriter pemWriter=new PEMWriter(new FileWriter(localPrivateKeyFile));//      pemWriter.writeObject(localPrivateECKey);//      pemWriter.close();//    }//    else{        String keyText = "-----BEGIN EC PRIVATE KEY-----\n" +                Base64.encode(Unpooled.wrappedBuffer(localPrivateECKey.getEncoded()), true).toString(CharsetUtil.US_ASCII) +                "\n-----END EC PRIVATE KEY-----\n";        Files.write(keyText, localPrivateKeyFile, CharsetUtil.US_ASCII);        Files.write(localId.toString(), new File(localPrivateKeyFile.getParentFile(), "localPublic.hash"), CharsetUtil.US_ASCII);//    }        PEMWriter certificateWriter=new PEMWriter(new FileWriter(localCertificateFile));        certificateWriter.writeObject(cert);        certificateWriter.close();        LOGGER.info("Saved to "+localCertificateFile.getAbsolutePath());    }

示例二 :对私钥进行加密

/**     * 加密私钥     *     * @param key       私钥对象     * @param algorithm 密钥算法     * @throws NoSuchProviderException     * @throws NoSuchAlgorithmException     * @throws IOException     */    private void encryptedTest(PrivateKey key, ASN1ObjectIdentifier algorithm)            throws NoSuchProviderException, NoSuchAlgorithmException, IOException {        ByteArrayOutputStream bOut = new ByteArrayOutputStream();        PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut), "BC");        PKCS8Generator pkcs8 = new PKCS8Generator(key, algorithm, "BC");        pkcs8.setPassword("hello".toCharArray());        pWrt.writeObject(pkcs8);        pWrt.close();        PEMReader pRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())), new PasswordFinder() {            public char[] getPassword() {                return "hello".toCharArray();            }        });        PrivateKey rdKey = (PrivateKey) pRd.readObject();        assertEquals(key, rdKey);    }

示例三 转换 rsa 的私钥为 pem 字符串

/**     * 转换 rsa的私钥为 pem 字符串     *     * @param rsaKeyPair RSA 类型keypair     * @return PEM string     */    public static String getPEMStringFromRSAKeyPair(RSAKeyPair rsaKeyPair) {        StringWriter pemStrWriter = new StringWriter();        PEMWriter pemWriter = new PEMWriter(pemStrWriter);        try {            KeyPair keyPair = new KeyPair(rsaKeyPair.getPublic(), rsaKeyPair.getPrivate());            //pemWriter.writeObject(keyPair);            pemWriter.writeObject(keyPair.getPrivate());            //pemWriter.flush();            pemWriter.close();        } catch (IOException e) {            log.warning("Caught exception:" + e.getMessage());            return "";        }        return pemStrWriter.toString();    }

示例四 将 pem 数据对象转换成 pem 格式文件数据

/**     * 将pem 数据对象转换成 pem格式文件数据     * @param object     * @return     * @throws IOException     */    public static byte[] toPem(Object object) throws IOException {        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();        try (PEMWriter writer = new PEMWriter(new OutputStreamWriter(outputStream))) {            writer.writeObject(object);            writer.flush();            return outputStream.toByteArray();        }    }

示例五 将多份 certificate 对象写入文件

private void writeCertificate(Certificate... certificates)        throws IOException {    final PEMWriter writer = new PEMWriter(new FileWriter(destfile));    for (final Certificate c : certificates) {        writer.writeObject(c);    }    writer.close();}

示例六 将 X509Certificate 转换成 pem 格式数据

public String x509CertificateToPem(final X509Certificate cert) throws IOException {    final StringWriter sw = new StringWriter();    try (final PEMWriter pw = new PEMWriter(sw)) {        pw.writeObject(cert);    }    return sw.toString();}

示例七 将 rsa 私钥对象转换为 PEM 格式数据

public String rsaPrivateKeyToPem(final PrivateKey key) throws IOException {    final PemObject pemObject = new PemObject(CCS_RSA_PRIVATE_KEY, key.getEncoded());    final StringWriter sw = new StringWriter();    try (final PEMWriter pw = new PEMWriter(sw)) {        pw.writeObject(pemObject);    }    return sw.toString();}

示例八 将私钥、证书文件等转换为 PEM 数据

private static byte[] getPemBytes(Object... objects) throws Exception {  ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();  try (PEMWriter pemWriter =      new PEMWriter(new OutputStreamWriter(byteArrayOutputStream, UTF_8))) {    for (Object object : objects) {      pemWriter.writeObject(object);    }  }  return byteArrayOutputStream.toByteArray();}

示例九 将 X509Certificate 转换为 PEM 数据

private static String toPem(X509Certificate certificate) throws IOException {    StringWriter stringWriter = new StringWriter();    PEMWriter pemWriter = new PEMWriter(stringWriter, BouncyCastleProvider.PROVIDER_NAME);    pemWriter.writeObject(certificate);    pemWriter.close();    return stringWriter.toString();}

示例十 将多个 证书数据 写入文件

private void writeCertificate(Certificate... certificates)        throws IOException {    final PEMWriter writer = new PEMWriter(new FileWriter(destfile));    for (final Certificate c : certificates) {        writer.writeObject(c);    }    writer.close();}

示例十一 将 keyPair 转换成 Pem 格式

private String keyPairToString(KeyPair keyPair) {    StringWriter stringWriter = new StringWriter();    PEMWriter pemWriter = new PEMWriter(stringWriter);    try {        pemWriter.writeObject(keyPair);        pemWriter.flush();        pemWriter.close();    } catch (IOException e) {        throw new RuntimeException("Unexpected IOException: "                + e.getMessage(), e);    }    return stringWriter.getBuffer().toString();}

示例十二 将私钥转换为 PEM 格式的 String

private static String getInPemFormat(PrivateKey privateKey)        throws IOException {  final StringWriter stringWriter = new StringWriter();  final PEMWriter pemWriter = new PEMWriter(stringWriter);  pemWriter.writeObject(privateKey);  pemWriter.flush();  pemWriter.close();  return stringWriter.toString();}

示例十三 将 X509Certificate 转换为 PEM 格式的字符串

public String convertToPEMString(X509Certificate x509Cert) throws IOException {   StringWriter sw = new StringWriter();   try (PEMWriter pw = new PEMWriter(sw)) {       pw.writeObject(x509Cert);   }   return sw.toString(); }

示例十四 私钥的读写测试

private void doWriteReadTest(    PrivateKey  akp,    String      provider)    throws IOException{    StringWriter sw = new StringWriter();    PEMWriter pw = new PEMWriter(sw, provider);    pw.writeObject(akp);    pw.close();    String data = sw.toString();    PEMReader pr = new PEMReader(new StringReader(data));    Object o = pr.readObject();    if (o == null || !(o instanceof KeyPair))    {        fail("Didn't find OpenSSL key");    }    KeyPair kp = (KeyPair) o;    PrivateKey privKey = kp.getPrivate();    if (!akp.equals(privKey))    {        fail("Failed to read back test");    }}

示例十五 对私钥进行加密和解密测试

private void encryptedTestNew(PrivateKey key, ASN1ObjectIdentifier algorithm)    throws NoSuchProviderException, NoSuchAlgorithmException, IOException, OperatorCreationException{    ByteArrayOutputStream bOut = new ByteArrayOutputStream();    PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut), "BC");    JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(algorithm);    encryptorBuilder.setProvider("BC");    encryptorBuilder.setPasssword("hello".toCharArray());    PKCS8Generator pkcs8 = new JcaPKCS8Generator(key, encryptorBuilder.build());    pWrt.writeObject(pkcs8);    pWrt.close();    PEMReader pRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())), new PasswordFinder()    {        public char[] getPassword()        {            return "hello".toCharArray();        }    });    PrivateKey rdKey = (PrivateKey)pRd.readObject();    assertEquals(key, rdKey);}

示例十六 生成证书测试

public void test000GenerateCertificate() {        String cn = "www.example.it";        String keystoreFile = "guanxi_idp_cert.jks";        String keystorePassword = "changeit";        String privateKeyPassword = "changeit";        String privateKeyAlias = "www.example.it";        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());        KeyStore ks = null;        try {            ks = KeyStore.getInstance("JKS");            ks.load(null, null);//            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");            keyGen.initialize(1024, new SecureRandom());            KeyPair keypair = keyGen.generateKeyPair();            PrivateKey privkey = keypair.getPrivate();            PublicKey pubkey = keypair.getPublic();            Hashtable
    
      attrs = new Hashtable
     
      ();            Vector
      
        ordering = new Vector
       
        ();            ordering.add(X509Name.CN);            attrs.put(X509Name.CN, cn);            X509Name issuerDN = new X509Name(ordering, attrs);            X509Name subjectDN = new X509Name(ordering, attrs);            Date validFrom = new Date();            validFrom.setTime(validFrom.getTime() - (10 * 60 * 1000));            Calendar cal = Calendar.getInstance();            cal.add(Calendar.YEAR, 10);            Date validTo = new Date();            validTo.setTime(cal.getTime().getTime());//            validTo.setTime(validTo.getTime() + (20 * (24 * 60 * 60 * 1000)));            X509V3CertificateGenerator x509 = new X509V3CertificateGenerator();            //x509.setSignatureAlgorithm("SHA1withDSA");            x509.setSignatureAlgorithm("SHA256withRSA");            x509.setIssuerDN(issuerDN);            x509.setSubjectDN(subjectDN);            x509.setPublicKey(pubkey);            x509.setNotBefore(validFrom);            x509.setNotAfter(validTo);            x509.setSerialNumber(new BigInteger(128, new Random()));            X509Certificate[] cert = new X509Certificate[1];            cert[0] = x509.generate(privkey, "BC");            java.security.cert.Certificate[] chain = new java.security.cert.Certificate[1];            chain[0] = cert[0];            ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), cert);            ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), chain);            ks.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());            String IDP_RFC_CERT = "/tmp/guanxi_idp_cert.txt";            PEMWriter pemWriter = new PEMWriter(new FileWriter(IDP_RFC_CERT));            pemWriter.writeObject(cert[0]);            pemWriter.close();        } catch (Exception se) {            se.printStackTrace(System.err);        }    }

示例十七 获取 PKCS#10 PEM 字符串和加密的 PKCS#8 PEM 字符串

public String[] getPkcs10_Pkcs8_AsPemStrings(X500Name subject, String email, String pw)            throws IOException, NoSuchAlgorithmException,            NoSuchProviderException, OperatorCreationException, PKCSException {        // Create a PKCS10 cert signing request        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");        kpg.initialize(2048);        KeyPair kp = kpg.genKeyPair();        PrivateKey priKey = kp.getPrivate();//        X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);//        x500NameBld.addRDN(BCStyle.C, csrRequestValidationConfigParams.getCountryOID());//        x500NameBld.addRDN(BCStyle.O, csrRequestValidationConfigParams.getOrgNameOID());//        x500NameBld.addRDN(BCStyle.OU, ou);//        x500NameBld.addRDN(BCStyle.L, loc);//        x500NameBld.addRDN(BCStyle.CN, cn);//        X500Name subject = x500NameBld.build();        PKCS10CertificationRequestBuilder requestBuilder                = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());        ExtensionsGenerator extGen = new ExtensionsGenerator();        if(email != null){           extGen.addExtension(Extension.subjectAlternativeName, false,                new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));        }        requestBuilder.addAttribute(                PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());        String sigName = "SHA1withRSA";        PKCS10CertificationRequest req1 = requestBuilder.build(                new JcaContentSignerBuilder(sigName).setProvider("BC").build(kp.getPrivate()));        if (req1.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(kp.getPublic()))) {            //log.info(sigName + ": PKCS#10 request verified.");        } else {            //log.error(sigName + ": Failed verify check.");            throw new RuntimeException(sigName + ": Failed verify check.");        }        StringWriter writer = new StringWriter();        PEMWriter pemWrite = new PEMWriter(writer);        pemWrite.writeObject(req1);        pemWrite.close();        String csr = writer.toString();        JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder                = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);        SecureRandom random = new SecureRandom();        encryptorBuilder.setRandom(random);        encryptorBuilder.setPasssword(pw.toCharArray());        OutputEncryptor oe = encryptorBuilder.build();        JcaPKCS8Generator pkcs8GeneratorEnc = new JcaPKCS8Generator(priKey, oe);        // Output encrypted private key pkcs8 PEM string (todo use later api)        PemObject pkcs8PemEnc = pkcs8GeneratorEnc.generate();        StringWriter writer2 = new StringWriter();        PEMWriter pemWrite2 = new PEMWriter(writer2);        pemWrite2.writeObject(pkcs8PemEnc);        pemWrite2.close();        String pkcs8StrEnc = writer2.toString();        String[] pems = new String[2];        pems[0] = csr;        pems[1] = pkcs8StrEnc;        return pems;    }

示例十八 测试用 ForgeJS 创建的三重 des PKCS8 私钥可以用 BC 解密。

public void decryptForgePkcs8PrivateKeyPem_PBEWithSHA1AndDESede() throws Exception {    // http://bouncy-castle.1462172.n4.nabble.com/Help-with-EncryptedPrivateKeyInfo-td1468363.html    // https://community.oracle.com/thread/1530354?start=0&tstart=0    Security.addProvider(new BouncyCastleProvider());    //PEMParser keyPemParser = new PEMParser(new StringReader(getPkcs8ForgePriKeyPem_PBEWithMD5AndDES()));    //String passwd = "1234567890";    PEMParser keyPemParser = new PEMParser(new StringReader(getPkcs8ForgePriKeyPem_EncryptedWithPBEWithSHA1AndDESede()));    String passwd = "password";    PemObject keyObj = keyPemParser.readPemObject();    byte[] keyBytes = keyObj.getContent();    EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(keyBytes);    // 1.2.840.113549.1.5.13 == PBEWithMD5AndDES    // 1.2.840.113549.1.12.1.3 == PBEWithSHA1AndDESede    String algName = encryptPKInfo.getAlgName();    String algId = encryptPKInfo.getAlgParameters().getAlgorithm();    assertEquals("PBEWithSHA1AndDESede", algName);    assertEquals("1.2.840.113549.1.12.1.3", algId);    assertEquals("1.2.840.113549.1.12.1.3", PKCS8Generator.PBE_SHA1_3DES.getId());    // Decrypt private key    Cipher cipher = Cipher.getInstance(algName);    PBEKeySpec pbeKeySpec = new PBEKeySpec(passwd.toCharArray());    SecretKeyFactory secFac = SecretKeyFactory.getInstance(algName);    Key pbeKey = secFac.generateSecret(pbeKeySpec);    AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();    cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);    KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);    KeyFactory kf = KeyFactory.getInstance("RSA");    PrivateKey priKeyDecryptedBC = kf.generatePrivate(pkcs8KeySpec);    // Compare decrypted private key with a version that was decrypted using    // openssl and assert that they are the same.    JcaPKCS8Generator pkcs8GeneratorNoEnc = new JcaPKCS8Generator(priKeyDecryptedBC, null);    PemObject pkcs8PemDecryptedBC = pkcs8GeneratorNoEnc.generate();    StringWriter writer3 = new StringWriter();    PEMWriter pemWrite3 = new PEMWriter(writer3);    pemWrite3.writeObject(pkcs8PemDecryptedBC);    pemWrite3.close();    String pkcs8StrDecryptedBC = writer3.toString().trim().replaceAll("\\r\\n", "\n");;    String pkcs8StrDecryptedOpenSSL = getPkcs8ForgePriKeyPem_DecryptedWithOpenSSL().trim().replaceAll("\\r\\n", "\n");;    //System.out.println("["+pkcs8StrNoEncBC+"]");    //System.out.println("["+pkcs8StrNoEncOpenssL+"]");    assertTrue(pkcs8StrDecryptedBC.equals(pkcs8StrDecryptedOpenSSL));}

示例十九 生成ECDSA 证书并存为P12格式 和pem格式

public static void main(String[] args)    throws Exception{    if (args.length != 2)    {        System.err.println("Usage: GenTrustAnchorKeyStore keyStoreName keyStorePassword");        System.exit(1);    }    Security.addProvider(new BouncyCastleProvider());    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ECDSA", "BC");    kpGen.initialize(new ECNamedCurveGenParameterSpec("secp256r1"));    KeyPair kp = kpGen.generateKeyPair();    X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);    builder.addRDN(BCStyle.C, "AU");    builder.addRDN(BCStyle.O, "Crypto Workshop Pty Ltd");    builder.addRDN(BCStyle.OU, "Ximix Node Test CA");    builder.addRDN(BCStyle.L, "Melbourne");    builder.addRDN(BCStyle.ST, "Victoria");    builder.addRDN(BCStyle.CN, "Trust Anchor");    Date startDate = new Date(System.currentTimeMillis() - 50000);    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withECDSA").setProvider("BC").build(kp.getPrivate());    X509v1CertificateBuilder certGen1 = new JcaX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), startDate, new Date(System.currentTimeMillis() + 2 * YEAR),builder.build(), kp.getPublic());    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen1.build(sigGen));    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");    keyStore.load(null, null);    keyStore.setKeyEntry("trust", kp.getPrivate(), null, new Certificate[] { cert });    keyStore.store(new FileOutputStream(args[0] + ".p12"), args[1].toCharArray());    PEMWriter pWrt = new PEMWriter(new FileWriter(args[0] + ".pem"));    pWrt.writeObject(cert);    pWrt.close();}
你可能感兴趣的文章
Flex前后台交互,service层调用后台服务的简单封装
查看>>
MySQL入门12-数据类型
查看>>
Windows Azure 保留已存在的虚拟网络外网IP(云服务)
查看>>
修改字符集
查看>>
HackTheGame 攻略 - 第四关
查看>>
js删除数组元素
查看>>
带空格文件名的处理(find xargs grep ..etc)
查看>>
华为Access、Hybrid和Trunk的区别和设置
查看>>
centos使用docker下安装mysql并配置、nginx
查看>>
关于HTML5的理解
查看>>
需要学的东西
查看>>
Internet Message Access Protocol --- IMAP协议
查看>>
Linux 获取文件夹下的所有文件
查看>>
对 Sea.js 进行配置(一) seajs.config
查看>>
第六周
查看>>
解释一下 P/NP/NP-Complete/NP-Hard 等问题
查看>>
javafx for android or ios ?
查看>>
微软职位内部推荐-Senior Software Engineer II-Sharepoint
查看>>
sql 字符串操作
查看>>
【转】Android布局优化之ViewStub
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-01-04 12:47:39   当前IP: 18.225.92.251   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我