本文主要是介绍Java生成SM2证书基于BouncyCastle(cer),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Java生成SM2证书基于BouncyCastle(cer)
可以先加QQ 783021975 咨询相关问题。
自己研究那就是看BC源码。不愿意看就看别的大佬的开源代码
|
| https://github.com/ZZMarquis/gmhelper |
【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书
SM2、SM4加解密 SM2 SM3 签名验签代码部分开源在gitee&github
https://github.com/xiaoshuaishuai319/algorithmNation
https://gitee.com/xshuai/algorithmNation
整理中。完全是Java代码调用BouncCastle生成的哦。先来个图看下 签名算法 和 公钥参数都是 符合SM2算法的
2018年6月22日更新:CRL分布点,添加证书策略,颁发者密钥标识,使用者密钥标识,密钥用法,增强密钥用法,基本约束
可以先加QQ 783021975 咨询相关问题。
2017年8月17日10:37:14 增加生成cer证书代码
/*** 国密证书签名算法标识*/private static String SignAlgor = "1.2.156.10197.1.501";/*** 生成国密ROOT证书方法* @param pageCert.getCn()+","+* @throws Exception*/public static void genSM2CertByRoot() throws Exception {SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();Security.addProvider(bouncyCastleProvider);//证书的名称String fileName = "root"+new Date().getTime()/1000;String path = "保存的路径";String rootCertPath = path+fileName+".cer";try {KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);//这块就是生成SM2公私钥对 非免费提供的代码 有需要加QQ:783021975 具体价格:https://pan.baidu.com/s/1OhC2G944fzkWAzU5RyEM6ASystem.out.println("=====公钥算法====="+kp.getPublic().getAlgorithm());BCECPrivateKey bcecPrivateKey = (BCECPrivateKey) kp.getPrivate();//使用ECPrivateKey PrivateKey都可以BCECPublicKey bcecPublicKey = (BCECPublicKey) kp.getPublic();//使用ECPublicKey PublicKey都可以//申请服务器证书信息 我是通过网页得到传递的参数 。如果测试 写死即可。这一步没有什么的。X500Principal principal = new X500Principal("CN=小帅丶博客,O=小帅丶博客");//X500Principal principal = new X500Principal("CN="+pageCert.getCn()+",O="+pageCert.getO());X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));certGen.setIssuerDN(principal);certGen.setNotBefore(new Date());certGen.setNotAfter(CertAuthAssist.getYearLater(5));certGen.setSubjectDN(principal);certGen.setSignatureAlgorithm(SignAlgor);certGen.setPublicKey(bcecPublicKey); //添加CRL分布点 QQ:783021975certGen.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());//添加证书策略 QQ:783021975certGen.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));//颁发者密钥标识DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator );certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));//使用者密钥标识certGen.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));//密钥用法 QQ:783021975certGen.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());//增强密钥用法 QQ:783021975certGen.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());//基本约束BasicConstraints basicConstraints = new BasicConstraints(0);certGen.addExtension(Extension.basicConstraints, true, basicConstraints);X509Certificate rootCert = certGen.generateX509Certificate(bcecPrivateKey, "BC");FileOutputStream outputStream = new FileOutputStream(rootCertPath);outputStream.write(rootCert.getEncoded());outputStream.close();} catch (Exception e) {logger.info("======根证书申请失败"+e.getMessage());return null;}
}源代码目前非免费提供。如有需要加QQ:783021975
需要用到的BC包
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on --><dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk15on</artifactId><version>1.57</version></dependency> <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 --><dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk15on</artifactId><version>1.56</version></dependency>本项目支持
这篇关于Java生成SM2证书基于BouncyCastle(cer)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
