import com.sinoi.framework.util.serialize.json.JsonUtil;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.io.StringWriter;
import java.security.*;
import java.util.HashMap;
import java.util.Map;
public class CA {
/**
* @param commonName 通用名称
* @param unitName 单位名称
* @param state 省份
* @param city 城市
* @param country 国家
* @param email 邮箱
* @param signatureAlgorithm 签名算法 ECDSA/RSA
* @throws NoSuchAlgorithmException
* @throws OperatorCreationException
* @throws IOException
*/
public static Map<String, String> generateCsr(String commonName, String unitName, String state, String city, String country, String email, String signatureAlgorithm) throws NoSuchAlgorithmException, OperatorCreationException, IOException {
// 创建密钥对
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair pair = gen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
// 创建 CSR 对象
X500Principal subject = new X500Principal("C=" + country + ", ST=" + state + ", L=" + city + ", O=" + unitName + ", OU=OUName, CN=" + commonName + ", EMAILADDRESS=" + email);
ContentSigner signGen;
if ("ECDSA".equals(signatureAlgorithm)) {
signGen = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);//签名算法
} else {
signGen = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);//签名算法
}
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
PKCS10CertificationRequest csr = builder.build(signGen);
String csrStr = printOpensslPemFormatCsrFileContent(csr);
StringWriter keyStr = new StringWriter();
JcaPEMWriter keyPemWrt = new JcaPEMWriter(keyStr);
keyPemWrt.writeObject(pair.getPrivate());
keyPemWrt.flush();
keyPemWrt.close();
Map<String, String> res = new HashMap<>();
res.put("csr", csrStr);
res.put("privateKey", keyStr.toString());
return res;
}
private static String printOpensslPemFormatCsrFileContent(PKCS10CertificationRequest csr) throws IOException {
PemObject pem = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
StringWriter str = new StringWriter();
PemWriter pemWriter = new PemWriter(str);
pemWriter.writeObject(pem);
pemWriter.close();
str.close();
return str.toString();
}
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
Map<String, String> res = generateCsr("*.hpylori.com.cn", "深圳市中核海得威生物科技有限公司", "深圳市", "广东", "CN", "q13978376ccc305@163.com", "RSA");
System.out.println(JsonUtil.toJson(res));
} catch (NoSuchAlgorithmException | OperatorCreationException | IOException e) {
e.printStackTrace();
}
}
}
03-20
1万+
12-05
2709
06-08