Android 的csr证书及p12证书的生成以及导入秘钥库
Android 鉴权证书问题
前一段时间公司要做关于ssl方面的模块,于是总结一下,直接上代码
写的不好,如果有错误的地方还请多指教
生成csr请求证书:
Security.insertProviderAt (new BouncyCastleProvider (), 1);
X509Name dn = onSubject();
KeyPairGenerator keyGen = KeyPairGenerator.getInstance (“RSA”);
keyGen.initialize (2048);
kp = keyGen.generateKeyPair ();
PKCS10CertificationRequest p10 = new PKCS10CertificationRequest (“SHA1WithRSA”, dn, kp.getPublic (),
new DERSet (), kp.getPrivate ());
byte[] der = p10.getEncoded ();
String code = "-----BEGIN CERTIFICATE REQUEST-----\n";
code += getStringByEnter(64, new String (Base64.encode (der)));
code += "\n-----END CERTIFICATE REQUEST-----\n";
CertificationRequestInfo csrinfo = p10
.getCertificationRequestInfo ();
对code内容需要做base64格式,如果超出64位进行换行,接下来是请求服务进行加签,这里不在多说
生成p12证书,内部包含私钥,二级证书和签名证书
PEMReader reader = new PEMReader (new FileReader (signFilePath));
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) reader.readObject();
PEMReader readerMid = new PEMReader (new FileReader (signCaFilePath));
java.security.cert.X509Certificate certMid = (java.security.cert.X509Certificate) readerMid.readObject();
KeyStore ks = KeyStore.getInstance("PKCS12", "SC");
ks.load(null, null);
java.security.cert.Certificate[] chain = new java.security.cert.Certificate[2];
chain[0] = cert;chain[1] = certMid;
此处涉及证书链,需要先导入证书在导入ca签名证书。。。,然后用跟证书进行校验
if(kp != null)
ks.setKeyEntry (alias, kp.getPrivate (),null, chain);
FileOutputStream fOut = new FileOutputStream(p12FilePath);
ks.store(fOut, pw.toCharArray());
将p12证书导入秘钥库
KeyStore store = KeyStore.getInstance (“PKCS12”);
FileInputStream is = new FileInputStream (cerPath);
store.load (is, cerPw.toCharArray ());
is.close ();