最近在研究通过bc包生成CSR的功能,已知用bcprov-15jdk包是没问题的之前用的也一直是这种方法,但是最近有个项目需要同时用到电子签章和电子签名功能,bcprov-jdk15和bcprov-jdk15on两个jar包又不能兼容,于是就考虑将之前的电子签名创建CSR的功能用bcprov-jdk15on包来实现,具体实现如下所示:
/**
* 创建证(CSR)
* @param paramInt 密钥对长度
* @param paramString1 密钥对算法
* @param paramString2 CSR算法
* @param paramString3 证书提供者(一般为BC)
* @return
* @throws Exception
*/
public static String generationTest(int paramInt, String paramString1, String paramString2, String paramString3) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator localKeyPairGenerator = KeyPairGenerator.getInstance(paramString1, "BC");
localKeyPairGenerator.initialize(paramInt);
KeyPair localKeyPair = localKeyPairGenerator.genKeyPair();
X500NameBuilder localX500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
localX500NameBuilder.addRDN(BCStyle.CN, "dpp");
localX500NameBuilder.addRDN(BCStyle.C, "AU");
localX500NameBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
localX500NameBuilder.addRDN(BCStyle.L, "Melbourne");
localX500NameBuilder.addRDN(BCStyle.ST, "Victoria");
localX500NameBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
X500Name localX500Name = localX500NameBuilder.build();
JcaPKCS10CertificationRequestBuilder localJcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(localX500Name, localKeyPair.getPublic());
PKCS10CertificationRequest localPKCS10CertificationRequest = localJcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(paramString2).setProvider(paramString3).build(localKeyPair.getPrivate()));
JcaPKCS10CertificationRequest localJcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(localPKCS10CertificationRequest.getEncoded()).setProvider(paramString3);
if (!localJcaPKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(paramString3).build(localKeyPair.getPublic()))) {
System.out.println(paramString2 + ": Failed verify check.");
}
if (!Arrays.areEqual(localJcaPKCS10CertificationRequest.getPublicKey().getEncoded(), localPKCS10CertificationRequest.getSubjectPublicKeyInfo().getEncoded())) {
System.out.println(paramString1 + ": Failed public key check.");
}
return Base64.encodeBase64String(localJcaPKCS10CertificationRequest.getEncoded());
}
所需要的jar包为:bcprov-jdk15on-1.60.jar