genrootcert.java

用纯java语言实现的数字证书制作工具。

package data;

import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.security.cert.*;
import java.io.*;
import java.util.*;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;
import sun.security.x509.X509Key;
import sun.security.pkcs.*;
import java.sql.*;
import data.Connect;
import data.BASE64Encoder;

public class GenRootCert
{
	X509Certificate certificate;
	RSAPrivateKey CAprkey;
	byte[] b_prk;
	String s_prk;
	BASE64Encoder BE=new BASE64Encoder();
	
	public GenRootCert() throws Exception
	{
		
		CertAndKeyGen cak = new CertAndKeyGen("RSA","MD5WithRSA");
		
		cak.generate(1024);
		//公钥可以从rootCA证书中提取
		CAprkey=(RSAPrivateKey)cak.getPrivateKey();
		X500Name subject = new X500Name("CN=MiniCA,O=BUAA,OU=CS,L=BeiJing,"
										+"ST=MiniCA@buaa.edu.cn,C=China");
	
		//生成申请文件
//		PKCS10 tmp=cak.getCertRequest(subject);
//		FileOutputStream f = new FileOutputStream(new File("tmp.txt"));
//		f.write(tmp.toString().getBytes());
//		System.out.println(tmp.toString());	
									//有效期3000天
		certificate = cak.getSelfCertificate(subject,3000*24*60);
		
		File root_file=new File("rootCA.cer");
	if(root_file.exists())
	{
		System.out.println("CA证书已经存在！！！");
		return;
	}
	else{	FileOutputStream fos = new FileOutputStream(root_file);
		fos.write(certificate.getEncoded());
		fos.close();
		}
		//CA证书及密钥对存入数据库
		try{
			ByteArrayOutputStream baos1 = new ByteArrayOutputStream();
     		ObjectOutputStream oos1 = new ObjectOutputStream(baos1);	
     		oos1.writeObject(CAprkey); 
     		oos1.close();
     		b_prk=baos1.toByteArray();
     		baos1.close();
			s_prk=BE.encode(b_prk);
			System.out.println("CAprkey\n"+s_prk);
			
			String s_cert=BE.encode(certificate.getEncoded());
			
			Connect conn=new Connect();
			Statement stmt=conn.con.createStatement();
			String query;
			query="select * from ConfigData where ConfigId=1";
			ResultSet rs=stmt.executeQuery(query);
			int count=0;
			while(rs.next())
			{
				count++;
			}
			if(count!=0)
			{
				System.out.println("CA证书和密钥已经生成！不能重复生成！");
			}
			else
			{query= "insert into ConfigData(AlgorithmNumber,ConfigId,"
						+"CACertificate,CAPrivateKey) values ('RSA',1,'"
						+s_cert+"','"+s_prk+"')";	
				
				stmt.executeUpdate(query);
				System.out.println("Insert Suceed!");
				System.out.println("CA的证书和密钥对已经进入数据库!");
				System.out.println("\n您的密钥是\n"+CAprkey);
     	  		stmt.close();
				conn.con.close();
			}
		}catch(SQLException se){
			System.out.println("数据存入数据库错误！！！");
		}
		
	}
	
	public static void main(String args[]) throws Exception
	{
		GenRootCert one=new GenRootCert();
		
	}
	
}