groovy生成证书 X509CertificateObject
发布时间:2020-12-14 16:41:41 所属栏目:大数据 来源:网络整理
导读:import java.nio.Buffer;/** * @author TBear * */import java.awt.TexturePaintContext.Byte;import java.security.InvalidKeyException;import java.security.KeyPair;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProvider
import java.nio.Buffer;
/**
* @author TBear
*
*/
import java.awt.TexturePaintContext.Byte;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBitString
import org.bouncycastle.asn1.DERInteger
import org.bouncycastle.asn1.DERSequence
import org.bouncycastle.asn1.DERUTCTime
import org.bouncycastle.asn1.x509.AlgorithmIdentifier
import org.bouncycastle.asn1.x509.BasicConstraints
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator
import org.bouncycastle.asn1.x509.X509CertificateStructure
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import org.bouncycastle.asn1.x509.X509Name
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.jce.provider.X509CertificateObject
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import com.itrus.raapi.info.CertInfo;
public class CertService{
public static void main(String[] args)
{
X509CertificateObject certificate = genSM2_Cert();
byte[] buffer = certificate.getEncoded();
BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(new File('E:/abc.cer')));
outputStream.write buffer;
outputStream.flush();
outputStream.close();
}
//X509CertificateObject
static X509CertificateObject genSM2_Cert() throws CertificateParsingException{
long currTime = new Date().getTime();
String issuerDN = "cn=ibm";
String subjectDN = "cn=ibm";
int vday = 10;
//证书生成
V3TBSCertificateGenerator v3CertGen = new V3TBSCertificateGenerator();
//系列号
DERInteger serialNumber = new DERInteger(BigInteger.valueOf(currTime));
v3CertGen.setSerialNumber(serialNumber);
//发行人
v3CertGen.setIssuer(new X509Name(issuerDN));
//开始时间和结束时间
v3CertGen.setStartDate(new DERUTCTime(new Date(currTime)));
v3CertGen.setEndDate(new DERUTCTime(new Date(currTime + vday*24*60*60*1000)));
//主题
v3CertGen.setSubject(new X509Name(subjectDN));
//签名算法
AlgorithmIdentifier algSign = new AlgorithmIdentifier("1.2.156.197.1.501");
v3CertGen.setSignature(algSign);
//公钥算法
AlgorithmIdentifier algKey = new AlgorithmIdentifier("1.2.156.197.1.301");
byte[] pubData = new byte[65];
pubData[0] = 0;
for(byte i=1;i<pubData.length;i++){
pubData[i] = i;
}
//有公钥算法和签名算法生成公钥信息摘要
SubjectPublicKeyInfo pubKeyInfo = new SubjectPublicKeyInfo(algKey,pubData);
v3CertGen.setSubjectPublicKeyInfo(pubKeyInfo);
byte[] signInfo = new byte[69];
for(byte i=1;i<pubData.length;i++){
pubData[i] = i;
}
X509ExtensionsGenerator extenGen = new X509ExtensionsGenerator();
//extenGen.addExtension(paramDERObjectIdentifier,paramBoolean,paramArrayOfByte);
X509Extensions exten = extenGen.generate();
v3CertGen.setExtensions(exten);
ASN1EncodableVector asn1encodablevector = new ASN1EncodableVector();
asn1encodablevector.add(v3CertGen.generateTBSCertificate());
asn1encodablevector.add(algSign);
asn1encodablevector.add(new DERBitString(signInfo));
return new X509CertificateObject(new X509CertificateStructure(new DERSequence(asn1encodablevector)));
}
}
?注意最终的输出流必须用BufferedOutputStream;其他的流写不出! (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |