Sign CSR with BouncyCastle

前端未结

关注

 1  1846

I have been looking for the past few days for a solution on my Problem and couldn\'t find anything. I am missing something in my Code but i cant figure out what :( Somehow when

相关标签:

1条回答

我寻月下人不归

2021-01-27 06:24

To add the chain, this worked for me

After X509CertificateHolder holder = certGen.build(signer);

  byte[] certencoded = holder.toASN1Structure().getEncoded();
  ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(caPrivateKkey);
  CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
  generator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(signer, cacert));
  generator.addCertificate(new X509CertificateHolder(certencoded));
  generator.addCertificate(new X509CertificateHolder(cacert.getEncoded()));
  CMSTypedData content = new CMSProcessableByteArray(certencoded);
  CMSSignedData signeddata = generator.generate(content, true);

  byte certificateP7b[] = signedData.getEncoded();

With this code you get a Certificate with the full chain in PCKS#7 format. If you prefer to work with X509 format

public static List<X509Certificate> p7BToX509(byte signedCert[]) throws CertificateException{
    ByteArrayInputStream is = new ByteArrayInputStream( signedCert);
    CertificateFactory cf = CertificateFactory.getInstance( "X.509" );

    ArrayList<X509Certificate> certificates = new ArrayList<X509Certificate>();
    Iterator i = cf.generateCertificates( is ).iterator();
    while ( i.hasNext() ){
       X509Certificate c = (X509Certificate)i.next();
       certificates.add(c);

    }
    return certificates;

}

This is the public certificate. In your client you should have the private key. These are all elements you need to perform and ssl handshake

0 讨论(0)