0

我现在正在使用 bouncy castle 库创建 PKCS10 根证书。

因此,我使用 (RootCertGenerator.java) 导入充气城堡库,该库在纯 java 环境中正确工作(我对 RootCertGenerator.java 所做的所有工作都是修改 main() 方法以执行(),重命名该方法)

但是,在执行 generateRooteCert.jsp 后,它会显示 Tomcat 错误,如页面底部所示。有人说它可以通过在构建路径上包含 mail.jar 来解决,但它不起作用。

---生成RooteCert.jsp

<%@ page language="java" contentType="text/html; charset=EUC-KR"%>
<%@ page import="java.sql.DriverManager" %>
<%@ page import="java.sql.Connection" %>
<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.Statement" %>
<%@ page import="java.sql.SQLException" %>
<%@ page import="java.sql.ResultSet" %>
<%@ page import="myPackage.Utils" %>
<%@ page import="myPackage.RootCertGenerator" %>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=EUC-KR">
<title>Make root Certificate</title>
</head>
<% 
RootCertGenerator.execute();
%>
<body>

</body>
</html>

---RootCertGenerator.java 包 myPackage;

import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V1CertificateGenerator;

public class RootCertGenerator
{
public static X509Certificate generateV1Certificate(KeyPair pair)
throws InvalidKeyException, NoSuchProviderException, SignatureException
{
 // generate the certificate
X509V1CertificateGenerator  certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
certGen.setNotBefore(new Date(System.currentTimeMillis() - (7 * 24 * 60 * 60 * 1000))); 
certGen.setNotAfter(new Date(System.currentTimeMillis() + (7 * 24 * 60 * 60 * 1000)));
certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}

//////////added by jeon
public static void pemEncodeToFile(String filename, Object obj, char[] password) throws
Exception{
PEMWriter pw = new PEMWriter(new FileWriter(filename));
if (password != null && password.length > 0) {
pw.writeObject(obj, "DESEDE", password, new SecureRandom());
} else {
pw.writeObject(obj);
}
pw.flush();
pw.close();
}
//////////added by jeon

public static void execute() throws Exception
{
// create the keys
KeyPair          pair = Utils.generateRSAKeyPair();

////////////////////writing root certificate
PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out));
pemWrt.writeObject(cert);
pemEncodeToFile("rootCertificate.cer", cert, null);
pemWrt.flush();
pemWrt.close();
/////////////////writing private key
PEMWriter pemWrt1 = new PEMWriter(new OutputStreamWriter(System.out));
pemWrt1.writeObject(pair.getPrivate());
pemEncodeToFile("rootPrivate.key", pair.getPrivate(), null);
pemWrt1.flush();
pemWrt1.close();

/////////////////writing public key
PEMWriter pemWrt2 = new PEMWriter(new OutputStreamWriter(System.out));
pemWrt2.writeObject(pair.getPublic());
pemEncodeToFile("rootPublic.key", pair.getPublic(), null);
pemWrt2.flush();
pemWrt2.close();
// show some basic validation
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());        
System.out.println("valid certificate generated");
}
}

错误信息是

org.apache.jasper.JasperException:
javax.servlet.ServletException:
java.security.NoSuchProviderException: no such provider: BC

我觉得 TOMCAT 未能加载 bouncycastle 提供程序,即使我的系统

/jre/lib/security/java.security 包含 bouncycaslte 信息。

我应该怎么办?

4

1 回答 1

1

看看网页

http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation

它指示如何将其添加到

$JAVA_HOME/jre/lib/security/java.security

当然要确保这是tomcat使用的JRE。

同样根据个人经验,将 jar 放入 tomcat 的 lib 可以避免它被多次加载。

于 2013-04-24T00:58:03.577 回答