从CertificationRequest到X509Certificate

Question

实现org.jscep.server.ScepServlet我需要提供方法doEnroll ( List<X509Certificate> doEnroll(CertificationRequest certificationRequest) )的实现。

如何从提供的CertificationRequest返回X509Certificate？

除了CertificationRequest之外，我还有用于签名的证书

只要有一种从认证请求中获取公钥的方法就足够了，因为我有用于生成证书的其余代码。

到目前为止，我所拥有的：

protected List<X509Certificate> doEnroll(CertificationRequest certificationRequest) throws OperationFailureException, Exception {
    CaCertificate caCertificate = getSelfSignedCertificate();
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(caCertificate.getCertificate().getSubjectX500Principal());
    certGen.setNotBefore(notBefore);
    certGen.setNotAfter(notAfter);
    certGen.setSubjectDN(certificationRequest.getCertificationRequestInfo().getSubject());
    certGen.setPublicKey(publicKey); // this is basically what I need

    X509Certificate issuedCert = certGen.generate(caCertificate.getKeypair().getPrivate());

    List<X509Certificate> x509Certificates = new ArrayList<X509Certificate>();
    x509Certificates.add(issuedCert);

    return x509Certificates;
}

Answer 1

在jscep测试类中找到此方法：

public static PublicKey getPublicKey(CertificationRequest csr) throws IOException {
    SubjectPublicKeyInfo pubKeyInfo = csr.getCertificationRequestInfo().getSubjectPublicKeyInfo();
    RSAKeyParameters keyParams = (RSAKeyParameters) PublicKeyFactory.createKey(pubKeyInfo);
    KeySpec keySpec = new RSAPublicKeySpec(keyParams.getModulus(), keyParams.getExponent());

    try {
        KeyFactory kf = KeyFactory.getInstance("RSA");
        return kf.generatePublic(keySpec);
    } catch (Exception e) {
        throw new IOException(e);
    }
}