インターネットから入手した次のコードを使用して、自己署名証明書を生成しようとしています。
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.x509.X509V1CertificateGenerator;
//import org.bouncycastle.x509.X509V1CertificateGenerator;
import com.google.common.base.Strings;
/**
* Demo of a generation of a X509 Self Signed Certificate using <a
* href="http://www.bouncycastle.org/">Bouncy Castle</a> library.
*
* @author <a href="mailto:cyrille@cyrilleleclerc.com">Cyrille Le Clerc</a>
*/
public class SelfSignedX509CertificateGeneratorDemo {
static {
// adds the Bouncy castle provider to java security
Security.addProvider(new BouncyCastleProvider());
}
/**
* <p>
* Generate a self signed X509 certificate .
* </p>
* <p>
* TODO : do the same with
* {@link org.bouncycastle.cert.X509v1CertificateBuilder} instead of the
* deprecated {@link org.bouncycastle.x509.X509V1CertificateGenerator}.
* </p>
*/
@SuppressWarnings("deprecation")
static void generateSelfSignedX509Certificate() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException,
SignatureException, InvalidKeyException, IOException {
// yesterday
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
// in 2 years
Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);
// GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// GENERATE THE X509 CERTIFICATE
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=John Doe");
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
// DUMP CERTIFICATE AND KEY PAIR
System.out.println(Strings.repeat("=", 80));
System.out.println("CERTIFICATE TO_STRING");
System.out.println(Strings.repeat("=", 80));
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println(Strings.repeat("=", 80));
System.out.println("CERTIFICATE PEM (to store in a cert-johndoe.pem file)");
System.out.println(Strings.repeat("=", 80));
System.out.println();
PEMWriter pemWriter1 = new PEMWriter(new PrintWriter(System.out));
pemWriter1.writeObject(cert);
pemWriter1.flush();
System.out.println();
System.out.println(Strings.repeat("=", 80));
System.out.println("PRIVATE KEY PEM (to store in a priv-johndoe.pem file)");
System.out.println(Strings.repeat("=", 80));
System.out.println();
pemWriter1.writeObject(keyPair.getPrivate());
pemWriter1.flush();
System.out.println();
}
public static void main(String[] args) {
try {
generateSelfSignedX509Certificate();
} catch (Exception e) {
e.printStackTrace();
}
}
}
しかし、このようにpemファイルに証明書を書き込んでいるときに例外がスローされます。
Exception in thread "main" java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMWriter, method: writeObject signature: (Ljava/lang/Object;Ljava/lang/String;[CLjava/security/SecureRandom;)V) Incompatible argument to function
at cryptool.SelfSignedX509CertificateGeneratorDemo.generateSelfSignedX509Certificate(SelfSignedX509CertificateGeneratorDemo.java:106)
at cryptool.SelfSignedX509CertificateGeneratorDemo.main(SelfSignedX509CertificateGeneratorDemo.java:151)
トレースすると、
pemWriter = new PEMWriter(new PrintWriter(System.out));
コードで。問題はpemwriterを使用して証明書を書き込むことにあることを理解しました(間違っている場合は修正してください)。「 x509証明書をJavaでPEM形式の文字列に書き込む」のコードを参照して使用してみましたか?しかし、成功はありません。どんな助けでも大歓迎です。