可以直接复制去用,ASN1可以通过,生成的CSR字符串也可以被机构识别 ,末尾有注意事项
1. 生成CSR的主要代码(因为特殊原因,所以把逻辑都写一个方法中了)
//这是生成csr的方法
public static String getCsr(CSRInfo csrInfo, String RSA_CSR, Integer keySize) throws NoSuchAlgorithmException, OperatorCreationException, IOException, InvalidKeySpecException {
PublicKey _pubKey; // 公钥
PrivateKey _priKey;// 私钥
KeyPairGenerator localKeyPairGenerator;
if(RSA_CSR.equals("RSA")){
_pubKey = getPublicKey(csrInfo.getPubkey(),"RSA");
_priKey = getPrivateKey(csrInfo.getPrikey(),"RSA");
Security.addProvider(new BouncyCastleProvider());
localKeyPairGenerator = KeyPairGenerator.getInstance("RSA", new BouncyCastleProvider());
}else{
_pubKey = getPublicKey(csrInfo.getPubkey(),"EC");
_priKey = getPrivateKey(csrInfo.getPrikey(),"EC");
Security.addProvider(new BouncyCastleProvider());
localKeyPairGenerator = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
}
localKeyPairGenerator.initialize(keySize);
X500NameBuilder localX500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
localX500NameBuilder.addRDN(BCStyle.CN, csrInfo.getCn());
localX500NameBuilder.addRDN(BCStyle.C, csrInfo.getC());
localX500NameBuilder.addRDN(BCStyle.O, csrInfo.getO());
localX500NameBuilder.addRDN(BCStyle.L, csrInfo.getL());
localX500NameBuilder.addRDN(BCStyle.OU, csrInfo.getOu());
localX500NameBuilder.addRDN(BCStyle.ST, csrInfo.getS());
localX500NameBuilder.addRDN(BCStyle.EmailAddress, csrInfo.getE());
X500Name localX500Name = localX500NameBuilder.build();
JcaPKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(localX500Name,_pubKey);
JcaContentSignerBuilder csBuilder;
if (RSA_CSR.equalsIgnoreCase("RSA")){
csBuilder = new JcaContentSignerBuilder(SignatureAlgorithm.SHA224WITHRSA.toString());// 签名算法
}else{
csBuilder = new JcaContentSignerBuilder(SignatureAlgorithm.SM3WITHSM2.toString());// 签名算法
}
ContentSigner signer = csBuilder.build(_priKey);
PKCS10CertificationRequest csr = p10Builder.build(signer);// PKCS10的请求
String strPEMCSR = org.apache.commons.codec.binary.Base64.encodeBase64String(csr.getEncoded());
String strCSR;
String begin = "-----BEGIN CERTIFICATE REQUEST-----";
String end = "-----END CERTIFICATE REQUEST-----";
strCSR = begin+"\n"+strPEMCSR+"\n"+end;
System.out.println(strCSR);
return strCSR;
}
2. 这是上边 方法所需传参的实体类
package com.dto;
public class CSRInfo
{
private static final long serialVersionUID = 1L;
/** csrID */
private String csrId;
/** 国家名称 */
private String c;
/** 省份 */
private String s;
/** 所在城市 */
private String l;
/** 单位名称 */
private String ou;
/** 公司名称 */
private String o;
/** 主体(域名) */
private String cn;
/** 电子邮件 */
private String e;
/** RSA或SM2算法 */
private String rsaSm2;
/** 公钥串 */
private String pubkey;
/** 私钥串 */
private String prikey;
/** 用户ID */
private String userId;
/** 删除者ID */
private String deleteId;
public void setCsrId(String csrId)
{
this.csrId = csrId;
}
public String getCsrId()
{
return csrId;
}
public void setC(String c)
{
this.c = c;
}
public String getC()
{
return c;
}
public void setS(String s)
{
this.s = s;
}
public String getS()
{
return s;
}
public void setL(String l)
{
this.l = l;
}
public String getL()
{
return l;
}
public void setCn(String cn)
{
this.cn = cn;
}
public String getCn()
{
return cn;
}
public void setOu(String ou)
{
this.ou = ou;
}
public String getO() {
return o;
}
public void setO(String o) {
this.o = o;
}
public String getOu()
{
return ou;
}
public void setE(String e)
{
this.e = e;
}
public String getE()
{
return e;
}
public void setRsaSm2(String rsaSm2)
{
this.rsaSm2 = rsaSm2;
}
public String getRsaSm2()
{
return rsaSm2;
}
public void setPubkey(String pubkey)
{
this.pubkey = pubkey;
}
public String getPbe_prikey_id() {
return pbe_prikey_id;
}
public void setPbe_prikey_id(String pbe_prikey_id) {
this.pbe_prikey_id = pbe_prikey_id;
}
public String getPubkey()
{
return pubkey;
}
public void setPrikey(String prikey)
{
this.prikey = prikey;
}
public String getPrikey()
{
return prikey;
}
public void setUserId(String userId)
{
this.userId = userId;
}
public String getUserId()
{
return userId;
}
public void setDeleteId(String deleteId)
{
this.deleteId = deleteId;
}
public String getDeleteId()
{
return deleteId;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
这是把string转为PrivateKey或者PublicKey类型的代码*(这里写的乱,所以新手可以把这段省略,去网上搜:把string转为PrivateKey或者PublicKey类型的代码)
/**
* 解码PublicKey 把string类型转为PublicKey
* @param key 密钥
* @param RSA_SM2 密钥算法
* @return PublicKey
*/
public static PublicKey getPublicKey(String key,String RSA_SM2) {
try {
byte[] byteKey = Base64.getDecoder().decode(key);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(byteKey);
KeyFactory keyFactory = KeyFactory.getInstance(RSA_SM2);
return keyFactory.generatePublic(x509EncodedKeySpec);
} catch (Exception e) {
return null;
}
}
/**
* 解码PrivateKey 把string类型转为PrivateKey
* @param key 密钥
* @return PrivateKey
*/
public static PrivateKey getPrivateKey(String key,String RSA_SM2) throws InvalidKeySpecException, NoSuchAlgorithmException {
byte[] byteKey = Base64.getDecoder().decode(key);
PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(byteKey);
KeyFactory keyFactory = KeyFactory.getInstance(RSA_SM2);
return keyFactory.generatePrivate(x509EncodedKeySpec);
}
注意:1. 生成csr方法中有算法(方法中我也加注释了),业务需求我暂时固定两种,如果想要别的算法可以私聊我