本文主要是介绍【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
SM2、SM4加解密 SM2 SM3 签名验签代码部分开源在gitee&github
https://github.com/xiaoshuaishuai319/algorithmNation
证书文件 链接: https://pan.baidu.com/s/1ijHNnMQJj7jzW-jXEVd6Gg 密码: vfva
所需jar包
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on --><dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk15on</artifactId><version>1.57</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk15on</artifactId><version>1.56</version>
</dependency>
部分代码(基本包含了全部)
/*** 生成国密ROOT证书方法 X509v3CertificateBuilder* @param pageCert.getCn()+","+* @throws Exception*/public static Cert genSM2CertByX509v3CertificateBuilder(PageCert pageCert) throws Exception {org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();Security.addProvider(bouncyCastleProvider);String fileName = "root"+new Date().getTime()/1000;String path = "F:/root/";String rootCertPath = path+fileName+".cer";Cert cert = new Cert();try {//公私钥对 QQ:783021975KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);//转换成ECPublicKeyParameters ECPrivateKeyParametersECPublicKeyParameters bcecPublicKey =(ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(kp.getPublic());ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(kp.getPrivate());//申请服务器证书信息String issuerString = "CN="+pageCert.getCn()+",O="+pageCert.getO();X500Name issueDn = new X500Name(issuerString); X500Name subjectDn = new X500Name(issuerString); SubjectPublicKeyInfo info =createSubjectECPublicKeyInfo(bcecPublicKey);SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(kp.getPublic().getEncoded()));X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issueDn, BigInteger.valueOf(System.currentTimeMillis()), new Date(), Util4Hex.getYearLater(5), Locale.CHINA, subjectDn, info);//基本约束BasicConstraints basicConstraints = new BasicConstraints(0);builder.addExtension(Extension.basicConstraints, true, basicConstraints);//添加CRL分布点 QQ:783021975builder.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());//添加证书策略 QQ:783021975builder.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));//颁发者密钥标识DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator);builder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));//使用者密钥标识 builder.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));//密钥用法 QQ:783021975builder.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());//增强密钥用法 QQ:783021975builder.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SM3WITHSM2"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find("SHA1");ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId,digAlgId).build(bcecPrivateKey);X509CertificateHolder certificateHolder = builder.build(contentSigner);FileOutputStream outputStream = new FileOutputStream(rootCertPath);outputStream.write(certificateHolder.getEncoded());outputStream.close();//cert只是一个Java对象 没有实际意义哦cert.setCertname(fileName);cert.setCertinfo("CN="+pageCert.getCn()+",O="+pageCert.getO());cert.setSignalgor("1.2.156.10197.1.501");cert.setAlgorithm("EC&SM2");cert.setSessionalgor("SM3");cert.setStatus(0);cert.setPri_path(path+fileName+"privateKey.keystore");cert.setPub_path(path+fileName+"publicKey.keystore");return cert;} catch (Exception e) {e.printStackTrace();System.out.println("======根证书申请失败"+e.getMessage());return null;}}
如需要了解更多 请查看 https://blog.csdn.net/u010651369/article/details/76907312
这篇关于【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!