-
-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] How to generate .pfx or .p12 (KeyStore) file? #96
Comments
I guess that Your Other CAs might even return a chain of four or more certificates, so you shouldn't make fixed assumptions on the number of certificates. 😉 I would recommend you change your code so the |
@shred How would that look in code? List<JcaPKCS12SafeBagBuilder> builders = new ArrayList<>();
for (X509Certificate cert :
chain) {
builders.add(new JcaPKCS12SafeBagBuilder(cert));
}
List<PKCS12SafeBag> certs = new ArrayList<>();
for (JcaPKCS12SafeBagBuilder builder :
builders) {
certs.add(builder.build());
} Edit1: This would be even faster requiring only one loop: List<PKCS12SafeBag> certs = new ArrayList<>();
for (X509Certificate cert :
chain) {
certs.add(new JcaPKCS12SafeBagBuilder(cert).build());
} |
@shred So these taCertBagBuilder.addBagAttribute(stuff...) dont matter at all? |
@shred This is what I came up with: public static PKCS12PfxPdu buildAndGetPfx(X509Certificate[] chain, PublicKey pubKey, PrivateKey privKey, char[] passwd) throws Exception{
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
List<PKCS12SafeBag> certs = new ArrayList<>();
for (X509Certificate cert :
chain) {
certs.add(new JcaPKCS12SafeBagBuilder(cert).build());
}
PKCS12SafeBag[] certsArray = new PKCS12SafeBag[certs.size()];
for (int i = 0; i < certs.size(); i++) {
certsArray[i] = certs.get(i);
}
PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
pfxPduBuilder.addEncryptedData(
new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC
, new CBCBlockCipher(new RC2Engine())).build(passwd)
, certsArray); // converting the certs list into an array ty using certs.toArray() didn't work :/ Thats why I used the loop above
PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd));
keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));
pfxPduBuilder.addData(keyBagBuilder.build());
return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd);
} |
@shred Another question. Is it possible to create a org.shredzone.acme4j.Certificate from the already existing files? Or must I order a new one every time? |
The code is looking good, except that you don't set a You cannot create a |
@shred Thanks for the help! |
Hey I'm not sure If this is the right place to ask, but I'm kind of stuck.
I used the org.shredzone.acme4j.example.ClientTest as base and expanded it to fit my needs.
Everything works fine and I get the certificate. Now the only thing left is to generate a .pfx file from the data.
(14.03.2021) Solution:
Old code (ignore this):
The text was updated successfully, but these errors were encountered: