【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书

原创
2018/06/25 15:37
阅读数 1.9K

演示证书文件

链接: https://pan.baidu.com/s/1ijHNnMQJj7jzW-jXEVd6Gg 密码: vfva

所需jar包

<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
 <dependency>
	<groupId>org.bouncycastle</groupId>
	<artifactId>bcpkix-jdk15on</artifactId>
	<version>1.57</version>
</dependency> 
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
<dependency>
	<groupId>org.bouncycastle</groupId>
	<artifactId>bcmail-jdk15on</artifactId>
	<version>1.56</version>
</dependency>

部分代码(基本包含了全部)

    /** 
     * 生成国密ROOT证书方法 X509v3CertificateBuilder 
     * @param pageCert.getCn()+","+ 
     * @throws Exception 
     */  
    public static Cert genSM2CertByX509v3CertificateBuilder(PageCert pageCert) throws Exception {  
        org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();  
        Security.addProvider(bouncyCastleProvider);  
        String fileName = "root"+new Date().getTime()/1000;  
        String path  = "F:/root/";  
        String rootCertPath = path+fileName+".cer";  
        Cert cert = new Cert();  
        try {  
            //公私钥对 QQ:783021975  
            KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);  
            //转换成ECPublicKeyParameters  ECPrivateKeyParameters  
            ECPublicKeyParameters bcecPublicKey =(ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(kp.getPublic());  
            ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(kp.getPrivate());  
            //申请服务器证书信息  
                String  issuerString = "CN="+pageCert.getCn()+",O="+pageCert.getO();  
            X500Name issueDn = new X500Name(issuerString);    
                    X500Name subjectDn = new X500Name(issuerString);    
                    SubjectPublicKeyInfo info =createSubjectECPublicKeyInfo(bcecPublicKey);  
                    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(kp.getPublic().getEncoded()));  
            X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issueDn, BigInteger.valueOf(System.currentTimeMillis()), new Date(), Util4Hex.getYearLater(5), Locale.CHINA, subjectDn, info);  
            //基本约束  
            BasicConstraints basicConstraints = new BasicConstraints(0);  
            builder.addExtension(Extension.basicConstraints, true, basicConstraints);  
            //添加CRL分布点 QQ:783021975  
            builder.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());  
            //添加证书策略 QQ:783021975  
            builder.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));  
            //颁发者密钥标识  
            DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));  
            X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator);  
            builder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));  
            //使用者密钥标识   
            builder.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));  
            //密钥用法 QQ:783021975  
            builder.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());  
            //增强密钥用法 QQ:783021975  
            builder.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());  
            AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SM3WITHSM2");    
            AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find("SHA1");  
            ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId,digAlgId).build(bcecPrivateKey);  
            X509CertificateHolder certificateHolder = builder.build(contentSigner);  
            FileOutputStream outputStream = new FileOutputStream(rootCertPath);  
            outputStream.write(certificateHolder.getEncoded());  
            outputStream.close();  
            //cert只是一个Java对象 没有实际意义哦  
            cert.setCertname(fileName);  
            cert.setCertinfo("CN="+pageCert.getCn()+",O="+pageCert.getO());  
            cert.setSignalgor("1.2.156.10197.1.501");  
            cert.setAlgorithm("EC&SM2");  
            cert.setSessionalgor("SM3");  
            cert.setStatus(0);  
            cert.setPri_path(path+fileName+"privateKey.keystore");  
            cert.setPub_path(path+fileName+"publicKey.keystore");  
            return cert;  
        } catch (Exception e) {  
            e.printStackTrace();  
            System.out.println("======根证书申请失败"+e.getMessage());  
            return null;  
        }  
    }  

 

了解更多

请查看  https://my.oschina.net/xshuai/blog/1614080

部分代码: https://gitee.com/xshuai/algorithmNation

展开阅读全文
加载中

作者的其它热门文章

打赏
0
1 收藏
分享
打赏
0 评论
1 收藏
0
分享
返回顶部
顶部