Java生成SM2证书基于BouncyCastle(cer)
可以先加QQ 783021975 咨询相关问题。
自己研究那就是看BC源码。不愿意看就看别的大佬的开源代码
|
【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书
SM2、SM4加解密 SM2 SM3 签名验签代码部分开源在gitee&github
https://github.com/xiaoshuaishuai319/algorithmNation
https://gitee.com/xshuai/algorithmNation
整理中。完全是Java代码调用BouncCastle生成的哦。先来个图看下 签名算法 和 公钥参数都是 符合SM2算法的
2018年6月22日更新:CRL分布点,添加证书策略,颁发者密钥标识,使用者密钥标识,密钥用法,增强密钥用法,基本约束
可以先加QQ 783021975 咨询相关问题。
2017年8月17日10:37:14 增加生成cer证书代码
/**
* 国密证书签名算法标识
*/
private static String SignAlgor = "1.2.156.10197.1.501";
/**
* 生成国密ROOT证书方法
* @param pageCert.getCn()+","+
* @throws Exception
*/
public static void genSM2CertByRoot() throws Exception {
SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(bouncyCastleProvider);
//证书的名称
String fileName = "root"+new Date().getTime()/1000;
String path = "保存的路径";
String rootCertPath = path+fileName+".cer";
try {
KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);
//这块就是生成SM2公私钥对 非免费提供的代码 有需要加QQ:783021975 具体价格:https://pan.baidu.com/s/1OhC2G944fzkWAzU5RyEM6A
System.out.println("=====公钥算法====="+kp.getPublic().getAlgorithm());
BCECPrivateKey bcecPrivateKey = (BCECPrivateKey) kp.getPrivate();//使用ECPrivateKey PrivateKey都可以
BCECPublicKey bcecPublicKey = (BCECPublicKey) kp.getPublic();//使用ECPublicKey PublicKey都可以
//申请服务器证书信息 我是通过网页得到传递的参数 。如果测试 写死即可。这一步没有什么的。
X500Principal principal = new X500Principal("CN=小帅丶博客,O=小帅丶博客");
//X500Principal principal = new X500Principal("CN="+pageCert.getCn()+",O="+pageCert.getO());
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(principal);certGen.setNotBefore(new Date());
certGen.setNotAfter(CertAuthAssist.getYearLater(5));
certGen.setSubjectDN(principal);
certGen.setSignatureAlgorithm(SignAlgor);
certGen.setPublicKey(bcecPublicKey);
//添加CRL分布点 QQ:783021975
certGen.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());
//添加证书策略 QQ:783021975
certGen.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));
//颁发者密钥标识
DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator );
certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));
//使用者密钥标识
certGen.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));
//密钥用法 QQ:783021975
certGen.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());
//增强密钥用法 QQ:783021975
certGen.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());
//基本约束
BasicConstraints basicConstraints = new BasicConstraints(0);
certGen.addExtension(Extension.basicConstraints, true, basicConstraints);
X509Certificate rootCert = certGen.generateX509Certificate(bcecPrivateKey, "BC");
FileOutputStream outputStream = new FileOutputStream(rootCertPath);
outputStream.write(rootCert.getEncoded());outputStream.close();
} catch (Exception e) {
logger.info("======根证书申请失败"+e.getMessage());return null;
}
}
源代码目前非免费提供。如有需要加QQ:783021975
需要用到的BC包
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.57</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
<version>1.56</version>
</dependency>
本项目支持