问题
I have the following way of generating a self signed certificate using the class CertandKeyGen.
CertandKeyGen cert = new CertandKeyGen("RSA", "SHA256withRSA);
cert.generate(size);
..
X509Certificate certificate = cert.getSelfCertificate(name, validity);
Since these are internal APIs from keytool, I am looking at a similar approach using java.security.* APIs. I want to know if this is possible currently. If yes, what are those APIs? I dug around but I am unable to find anything about it. I am aware of bouncy castle APIs (X509V3CertificateGenerator) but I do not want to use third party APIs.
Thanks.
回答1:
At present, I do not believe that the generation/signing mechanisms that are used in keytool are part of the public API for Java.
I have implemented a very simple CA/Signing mechanism utilizing BouncyCastle for testing purposes.
I don't think you're going to be able to do this without a 3rd party api or implementing a very significant amount of code on your own.
来源:https://stackoverflow.com/questions/36220377/alternative-to-certandkeygen-for-self-signed-certificate-generation-in-java