import com.alibaba.fastjson.JSON;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.encoders.Base64;
import sun.security.provider.X509Factory;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.*;
/**
* Https证书工具类
*/
@Slf4j
public class HttpsCertUtils {
public static final String PKCS1_BEGIN_KEY = "-----BEGIN RSA PRIVATE KEY-----";
public static final String PKCS1_END_KEY = "-----END RSA PRIVATE KEY-----";
public static final String PKCS8_BEGIN_KEY = "-----BEGIN PRIVATE KEY-----";
public static final String PKCS8_END_KEY = "-----END PRIVATE KEY-----";
static {
try {
Security.addProvider(new BouncyCastleProvider());
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 校验证书链, 支持正反顺序,不支持乱序,验证逻辑不是很完善
*
* @param orderType asc //自己-中间-根 desc://根-中间-自己
*/
public static boolean verifyCertChain(List<X509Certificate> list, String orderType) {
try {
int nSize = list.size();
if ("desc".equalsIgnoreCase(orderType)) {
Set<BigInteger> serialNumberSet = new HashSet();
Principa