如何在java中创建一个CA证书

Question

我想在java中创建一个CA自签名证书。 我已经使用弹性城堡创建了一个自签名证书，但是如何将此证书的基本约束添加为CA证书。 感谢

Answer 1

您可以使用此代码下面创建一个自签名证书与basicConstraints扩展：

public static Certificate selfSign(KeyPair keyPair, String subjectDN) throws OperatorCreationException, CertificateException, IOException 
{ 
    Provider bcProvider = new BouncyCastleProvider(); 
    Security.addProvider(bcProvider); 

    long now = System.currentTimeMillis(); 
    Date startDate = new Date(now); 

    X500Name dnName = new X500Name(subjectDN); 
    BigInteger certSerialNumber = new BigInteger(Long.toString(now)); // <-- Using the current timestamp as the certificate serial number 

    Calendar calendar = Calendar.getInstance(); 
    calendar.setTime(startDate); 
    calendar.add(Calendar.YEAR, 1); // <-- 1 Yr validity 

    Date endDate = calendar.getTime(); 

    String signatureAlgorithm = "SHA256WithRSA"; // <-- Use appropriate signature algorithm based on your keyPair algorithm. 

    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate()); 

    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, startDate, endDate, dnName, keyPair.getPublic()); 

    // Extensions -------------------------- 

    // Basic Constraint 
    BasicConstraints basicConstraints = new BasicConstraints(true); // <-- true for CA, false for EndEntity 

    certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints); // Basic Constraints is usually marked as critical. 

    // ------------------------------------- 

    return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner)); 
}