证书文件,通常后缀名为crt或cer,文件内容通常如下图:
我们可以通过CertificateFactory的generateCertificate方法,来读取该文件并生成X509Certificate对象。通常的做法是:
CertificateFactory fact = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) fact.generateCertificate(new FileInputStream ("test.crt"));
这种做法对于RSA的证书,通常没有问题,但是对于SM2证书,就总是会返回“Unknown named curve:1.2.156.10197.1.301"这样的错误。主要的原因是java默认实现中,并不能识别SM2算法。因此,我们需要利用bouncycastle库来读取,代码如下:
public X509Certificate fileToCertificate(String filepath) throws Exception{
Security.addProvider(new BouncyCastleProvider()); //注册BouncyCastleProvider
InputStream inputStream = new FileInputStream(new File(filepath));
// BC 的意思,是指定用BouncyCastleProvider 。
CertificateFactory certFactory = CertificateFactory.getInstance("X.509","BC");
// CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate ca = (X509Certificate)certFactory.generateCertificate(inputStream);
return ca;
}
特别要注意:CertificateFactory.getInstance(“X.509”,“BC”); ,这里的"BC",是指定使用BouncyCastleProvider,必须要指定才能正确读取SM2证书。
需要说明的是:Security.addProvider(new BouncyCastleProvider()); 可以放到类的初始化部分,不用在函数调用中每次都执行,这里主要是为了说明代码,放在了函数中。
————————————————
版权声明:本文为CSDN博主「成都渔民」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/weixin_53036603/article/details/123252571