file inputstream in = new file inputstream("。 keystore”);
KeyStore ks = KeyStore . getinstance(" JKS ");
ks.load(in,store pass . tochararray());
Java . security . cert . certificate c 1 = ks . get certificate(" ca root ");
(2) Read the private key of CA from the keystore
Privatekey caprk = (privatekey) ks.getkey (alias, cakeypass.tochararray ());
(3) Extract the information of the issuer from the CA certificate.
byte[]encode 1 = c 1 . get encoded(); Extract the code of the CA certificate
x 509 certi mpl cimp 1 = new x 509 certi mpl(encod 1); Use this encoding to create an object of type X509CertImpl.
x 509 cert info cinfo 1 =(x 509 cert info)cimp 1 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.
x500 name issuer =(x500 name)cinfo 1 . get(x509 certinfo。 Subject+""+“”+CertificateIssuerName. DN _ NAME); Gets issuer information of type X509Name.
(4) Obtain the certificate to be issued.
certificate factory cf = certificate factory . getinstance(" x . 509 ");
file inputstream in2 = new file inputstream(" user . CSR ");
Java . security . cert . certificate C2 = cf . generate certificate(in);
(5) extracting certificate information from the certificate to be issued.
byte[]encode 2 = C2 . get encoded();
x 509 certi mpl cimp 2 = new x 509 certi mpl(encode 2); Use this encoding to create an object of type X509CertImpl.
x 509 cert info cinfo 2 =(x 509 cert info)cimp 2 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.
(6) Set the validity period of the new certificate
Date begindate = new date (); Get the current time
Date end Date = new Date(begin Date . gettime()+3000 * 24 * 60 * 60 * 1000 l); Valid for 3000 days.
CertificateValidity cv = new CertificateValidity(begindate, end date); Create object
cinfo2.set(X509CertInfo。 Validity, cv); Set validity period
(7) Set the number of the new certificate
int sn =(int)(begin date . gettime()/ 1000); Use the current time as the serial number.
CertificateSerialNumber csn = new certificate serial number (sn);
cinfo2.set(X509CertInfo。 SERIAL_NUMBER,csn);
(8) Establish a new certification authority.
cinfo2.set(X509CertInfo。 Issuer+"". +CertificateIssuerName。 DN_NAME,issuer); Apply the result of the third step.
(9) Set new certificate signing algorithm information.
algorithm id algorithm = new algorithm id(algorithm id . MD 5 withrsaencryption _ oid);
cinfo 2 . set(certificate algorithmid。 Name+""+“”+CertificateAlgorithmId. Algorithm, algorithm);
(10) Create a certificate and sign it with the private key of the CA.
x 509 certi mpl new cert = new x 509 certi mpl(cinfo 2);
newcert.sign(caprk," MD 5 with RSA "); Sign it with the CA private key.
(1 1) Write the new certificate into the keystore.
ks . setcertificate entry(" lf _ signed ",new cert);
file output stream out = new file output stream(" new store ");
ks.store(out,“newpass”。 toCharArray()); Here, a new keystore is written. You can also use article 7 to add entries.