Même si vous le recherchez sur Google, ce ne sera pas un succès en japonais, donc il n'y aura peut-être pas beaucoup de demande, mais ...
La version de Bouncy Castle utilisée est la suivante. C'est trop vieux!
public class CreateExtensionCsr {
public static void main(String[] args) throws Exception {
//Générez une clé de cryptage RSA pour échanger en toute sécurité la clé de cryptage entre deux points.
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
keygen.initialize(2048);
KeyPair keyPair = keygen.generateKeyPair();
//Clé privée
PrivateKey privateKey = keyPair.getPrivate();
//Clé publique
PublicKey publicKey = keyPair.getPublic();
//Créer un CSR
Security.addProvider(new BouncyCastleProvider());
PKCS10CertificationRequest certReq = generateRequest(privateKey, publicKey);
//Convertir au format PEM
String csr = toPem(certReq);
System.out.println(csr);
}
/**
*Créer un CSR avec des informations étendues
*/
public static PKCS10CertificationRequest generateRequest(PrivateKey privateKey,
PublicKey publicKey) throws Exception {
Vector oids = new Vector();
Vector values = new Vector();
//Créer des informations étendues
oids.add(X509Extensions.SubjectKeyIdentifier);
values.add(new X509Extension(false, new DEROctetString(new SubjectKeyIdentifierStructure(
publicKey))));
oids.add(X509Extensions.KeyUsage);
values.add(new X509Extension(true, new DEROctetString(new KeyUsage(
KeyUsage.digitalSignature))));
//Accorder des informations étendues
X509Extensions extensions = new X509Extensions(oids, values);
Attribute attribute =
new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(
extensions));
//Créer un CSR
return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
"C=JP"), publicKey, new DERSet(
attribute), privateKey);
}
/**
*Convertir au format PEM
*/
private static String toPem(Object obj) throws IOException {
StringWriter sw = new StringWriter();
PEMWriter writer = null;
try {
writer = new PEMWriter(sw);
writer.writeObject(obj);
writer.flush();
} finally {
if (writer != null) {
writer.close();
}
}
return sw.toString();
}
}
$ openssl req -text -noout -in testcreate.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=JP
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b4:ed:73:b2:3a:02:d6:e5:6c:33:29:98:0a:cc:
f8:74:43:e0:04:8b:98:1f:f0:4d:1c:28:6e:b4:ec:
<<réduction>>
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Key Identifier:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
8d:b7:fd:e2:14:04:7a:85:02:f1:d5:49:c0:02:c8:f2:46:72:
b9:b5:f5:b3:e3:cf:06:ae:44:7a:37:12:b2:3d:7b:86:d0:db:
<<réduction>>
Recommended Posts