X509V1CertificateGenerator 迁移到 X509v1CertificateBuilder
X509V1CertificateGenerator emigrate to X509v1CertificateBuilder
您好,我正在使用 class X509V1CertificateGenerator 生成 X509Certificate 类型的证书。
现在 class X509V1CertificateGenerator 已弃用,推荐的替代方案是 X509v1CertificateBuilder 但我不知道如何进行迁移。
这是代码:
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
// set the necessary X500-fields
X500Principal dnName = new X500Principal("CN=MyServerName");
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(dnName);
// expire-date
Calendar expireDate = Calendar.getInstance();
certGen.setNotBefore(expireDate.getTime());
// expires in 25 years
expireDate.add(Calendar.YEAR, 25);
certGen.setNotAfter(expireDate.getTime());
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(pair.getPublic());
// set the right signature-algorithm ->RSA/DSA
if (this.algorithm)
certGen.setSignatureAlgorithm("MD5withRSA");
else
certGen.setSignatureAlgorithm("SHA1withDSA");
// generate the X509-certificate
X509Certificate cert = certGen.generate(pair.getPrivate(), "BC");
我应该怎么做才能进行迁移?
尝试从 keycloak 中提取这个 CertificateUtils
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(
subjectDN,
serialNumber,
validityStartDate,
validityEndDate,
subjectDN,
subPubKeyInfo);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner contentSigner =
new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
.build(PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()));
X509CertificateHolder holder = builder.build(contentSigner);
X509Certificate cert = JcaX509CertificateConverter().getCertificate(holder);
您好,我正在使用 class X509V1CertificateGenerator 生成 X509Certificate 类型的证书。
现在 class X509V1CertificateGenerator 已弃用,推荐的替代方案是 X509v1CertificateBuilder 但我不知道如何进行迁移。
这是代码:
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
// set the necessary X500-fields
X500Principal dnName = new X500Principal("CN=MyServerName");
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(dnName);
// expire-date
Calendar expireDate = Calendar.getInstance();
certGen.setNotBefore(expireDate.getTime());
// expires in 25 years
expireDate.add(Calendar.YEAR, 25);
certGen.setNotAfter(expireDate.getTime());
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(pair.getPublic());
// set the right signature-algorithm ->RSA/DSA
if (this.algorithm)
certGen.setSignatureAlgorithm("MD5withRSA");
else
certGen.setSignatureAlgorithm("SHA1withDSA");
// generate the X509-certificate
X509Certificate cert = certGen.generate(pair.getPrivate(), "BC");
我应该怎么做才能进行迁移?
尝试从 keycloak 中提取这个 CertificateUtils
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(
subjectDN,
serialNumber,
validityStartDate,
validityEndDate,
subjectDN,
subPubKeyInfo);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner contentSigner =
new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
.build(PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()));
X509CertificateHolder holder = builder.build(contentSigner);
X509Certificate cert = JcaX509CertificateConverter().getCertificate(holder);