devbox
笔触狂放9
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书_mbedtls sm3 签名 验签

作者:笔触狂放9 | 2024-03-18 02:25:53

mbedtls sm3 签名 验签

SM2、SM4加解密 SM2 SM3 签名验签代码部分开源在gitee&github

https://github.com/xiaoshuaishuai319/algorithmNation

 

证书文件 链接: https://pan.baidu.com/s/1ijHNnMQJj7jzW-jXEVd6Gg 密码: vfva

所需jar包

  1. <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
  2.  <dependency>
  3. 	<groupId>org.bouncycastle</groupId>
  4. 	<artifactId>bcpkix-jdk15on</artifactId>
  5. 	<version>1.57</version>
  6. </dependency> 
  7. <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
  8. <dependency>
  9. 	<groupId>org.bouncycastle</groupId>
  10. 	<artifactId>bcmail-jdk15on</artifactId>
  11. 	<version>1.56</version>
  12. </dependency>

部分代码(基本包含了全部)

  1. 	/**
  2. 	 * 生成国密ROOT证书方法 X509v3CertificateBuilder
  3. 	 * @param pageCert.getCn()+","+
  4. 	 * @throws Exception
  5. 	 */
  6. 	public static Cert genSM2CertByX509v3CertificateBuilder(PageCert pageCert) throws Exception {
  7. 		org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
  8. 		Security.addProvider(bouncyCastleProvider);
  9. 		String fileName = "root"+new Date().getTime()/1000;
  10. 		String path  = "F:/root/";
  11. 		String rootCertPath = path+fileName+".cer";
  12. 		Cert cert = new Cert();
  13. 		try {
  14. 			//公私钥对 QQ:783021975
  15. 			KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);
  16. 			//转换成ECPublicKeyParameters  ECPrivateKeyParameters
  17. 			ECPublicKeyParameters bcecPublicKey =(ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(kp.getPublic());
  18. 			ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(kp.getPrivate());
  19. 			//申请服务器证书信息
  20. 		        String  issuerString = "CN="+pageCert.getCn()+",O="+pageCert.getO();
  21. 			X500Name issueDn = new X500Name(issuerString);  
  22. 	                X500Name subjectDn = new X500Name(issuerString);  
  23. 	                SubjectPublicKeyInfo info =createSubjectECPublicKeyInfo(bcecPublicKey);
  24. 	                SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(kp.getPublic().getEncoded()));
  25. 			X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issueDn, BigInteger.valueOf(System.currentTimeMillis()), new Date(), Util4Hex.getYearLater(5), Locale.CHINA, subjectDn, info);
  26. 			//基本约束
  27. 			BasicConstraints basicConstraints = new BasicConstraints(0);
  28. 			builder.addExtension(Extension.basicConstraints, true, basicConstraints);
  29. 			//添加CRL分布点 QQ:783021975
  30. 			builder.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());
  31. 			//添加证书策略 QQ:783021975
  32. 			builder.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));
  33. 			//颁发者密钥标识
  34. 			DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
  35. 			X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator);
  36. 			builder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));
  37. 			//使用者密钥标识 
  38. 			builder.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));
  39. 			//密钥用法 QQ:783021975
  40. 			builder.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());
  41. 			//增强密钥用法 QQ:783021975
  42. 			builder.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());
  43. 			AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SM3WITHSM2");  
  44. 			AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find("SHA1");
  45. 			ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId,digAlgId).build(bcecPrivateKey);
  46. 			X509CertificateHolder certificateHolder = builder.build(contentSigner);
  47. 			FileOutputStream outputStream = new FileOutputStream(rootCertPath);
  48. 			outputStream.write(certificateHolder.getEncoded());
  49. 			outputStream.close();
  50. 			//cert只是一个Java对象 没有实际意义哦
  51. 			cert.setCertname(fileName);
  52. 			cert.setCertinfo("CN="+pageCert.getCn()+",O="+pageCert.getO());
  53. 			cert.setSignalgor("1.2.156.10197.1.501");
  54. 			cert.setAlgorithm("EC&SM2");
  55. 			cert.setSessionalgor("SM3");
  56. 			cert.setStatus(0);
  57. 			cert.setPri_path(path+fileName+"privateKey.keystore");
  58. 			cert.setPub_path(path+fileName+"publicKey.keystore");
  59. 			return cert;
  60. 		} catch (Exception e) {
  61. 			e.printStackTrace();
  62. 			System.out.println("======根证书申请失败"+e.getMessage());
  63. 			return null;
  64. 		}
  65. 	}

 

如需要了解更多 请查看  https://blog.csdn.net/u010651369/article/details/76907312

 

 

声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:【wpsshop博客】
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号