logo
搜索
我的图书馆

发文章

发文工具

其他工具

留言交流
搜索
分享

Java基于BC生成X509v3证书,以及部分扩展Extension的使用

 自由裸奔者 2020-07-30

转载请注明出处

https://blog.csdn.net/liweiliang0108/article/details/95191931

直接正题

先来几张图片

使用的BC库

这是个接bcprov-1.60              这还是个链接bcpkix-1.60

代码下载地址

这是代码下载地址

已集成的扩展信息

BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess、AuthorityKeyIdentifier、SubjectKeyIdentifier、NameConstraints。

生成证书

  1. // Builder
  2. X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
  3. new X500Name('CN=issuer'), // issuer
  4. BigInteger.ONE, // serial number
  5. notBefore, // notBefore
  6. notAfter, // notAfter
  7. new X500Name('CN=subject'), // subject
  8. publicKey // public key
  9. );
  11. // 添加扩展信息 Extension
  12. // 基本约束
  13. builder.addExtension(ExtensionUtils.getBasicConstraintsExtension(true));
  14. // CRL分布点
  15. builder.addExtension(ExtensionUtils.getCRLDIstPointExtension(URINames));
  16. // 证书策略
  17. builder.addExtension(ExtensionUtils.getCertificatePoliciesExtension());
  18. // 证书策略映射
  19. builder.addExtension(ExtensionUtils.getPolicyMappingsExtension());
  20. // 秘钥用法
  21. builder.addExtension(ExtensionUtils.getKeyUsageExtension());
  22. // 增强秘钥用法
  23. builder.addExtension(ExtensionUtils.getExtendedKeyUsageExtension());
  24. // 备选使用者名称
  25. builder.addExtension(ExtensionUtils.getSubjectAlternativeNameExtension());
  26. // 权限信息访问
  27. builder.addExtension(ExtensionUtils.getAuthorityInfoAccessExtension('123'));
  28. // 颁发者密钥标识
  29. builder.addExtension(ExtensionUtils.getAuthorityKeyIdentifierExtension(keyPair2.getPublic()));
  30. // 使用者密钥标识
  31. builder.addExtension(ExtensionUtils.getSubjectKeyIdentifierExtension(keyPair.getPublic()));
  32. // 使用名称约束
  33. builder.addExtension(ExtensionUtils.getNameConstraintsExtension());
  35. // 签名
  36. ContentSigner contentSigner = new JcaContentSignerBuilder('SHA256withECDSA')
  37. .setProvider('BC').build(privateKey);
  38. X509CertificateHolder x509CertificateHolder = builder.build(contentSigner);
  39. ByteArrayInputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure()
  40. .getEncoded());
  41. CertificateFactory cf = CertificateFactory.getInstance('X.509');
  42. X509Certificate certificate = (X509Certificate) cf.generateCertificate(inputStream);
  43. inputStream.close();

import引入

  1. import org.bouncycastle.asn1.x500.X500Name;
  2. import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  3. import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
  4. import org.bouncycastle.cert.X509CertificateHolder;
  5. import org.bouncycastle.cert.X509v3CertificateBuilder;
  6. import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
  7. import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
  8. import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
  9. import org.bouncycastle.crypto.params.ECPublicKeyParameters;
  10. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  11. import org.bouncycastle.operator.ContentSigner;
  12. import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
  13. import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
  14. import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
  15. import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  17. import java.io.ByteArrayInputStream;
  18. import java.math.BigInteger;
  19. import java.security.KeyPair;
  20. import java.security.Security;
  21. import java.security.cert.CertificateFactory;
  22. import java.security.cert.X509Certificate;
  23. import java.util.Date;
  24. import java.util.Locale;

使用前记得添加

  1. static {
  2. Security.addProvider(new BouncyCastleProvider());
  3. }

生成KeyPair

  1. KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance('EC', 'BC');
  2. keyPairGenerator.initialize(256);
  3. KeyPair keypair = keyPairGenerator.generateKeyPair();

String转换Key

  1. private static PrivateKey getPrivateKey(String key) {
  2. org.bouncycastle.jce.spec.ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec('secp256r1');
  3. org.bouncycastle.jce.spec.ECPrivateKeySpec privateKeySpec = new org.bouncycastle.jce.spec.ECPrivateKeySpec(
  4. new BigInteger(key, 16), ecSpec);
  5. return new BCECPrivateKey('EC', privateKeySpec, BouncyCastleProvider.CONFIGURATION);
  6. }
  8. private static PublicKey getPublicKey(String key) {
  9. String x = key.substring(0, 64);
  10. String y = key.substring(64, 128);
  11. org.bouncycastle.jce.spec.ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec('secp256r1');
  12. org.bouncycastle.math.ec.ECPoint ecPoint = ecSpec.getCurve().createPoint(new BigInteger(x, 16),
  13. new BigInteger(y, 16));
  14. org.bouncycastle.jce.spec.ECPublicKeySpec publicKeySpec = new org.bouncycastle.jce.spec.ECPublicKeySpec(ecPoint,
  15. ecSpec);
  16. return new BCECPublicKey('EC', publicKeySpec, BouncyCastleProvider.CONFIGURATION);
  17. }

其他的转换

  1. public static ECPrivateKeyParameters convertECPriKeyParams(PrivateKey privateKey) throws InvalidKeyException {
  2.     ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(privateKey);
  3.     return bcecPrivateKey;
  4. }
  5. public static ECPublicKeyParameters convertECPubKeyParams(PublicKey publicKey) throws InvalidKeyException {
  6.     //转换成ECPublicKeyParameters  ECPrivateKeyParameters
  7.     ECPublicKeyParameters bcecPublicKey = (ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(publicKey);
  8.     return bcecPublicKey;
  9. }
  10. public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(PublicKey publicKey) {
  11.       SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
  12.     SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(publicKey.getEncoded()));
  13.     return subjectPublicKeyInfo;
  14. }
  15. /**
  16.  * Used SM2
  17.  */
  18. public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(ECPublicKeyParameters bcecPublicKey) throws IOException {
  19.     // SM2
  20.       ASN1OctetString p = (ASN1OctetString)new X9ECPoint(bcecPublicKey.getQ()).toASN1Primitive();
  21.       SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
  22.               new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1), p.getOctets());
  23.     SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(bcecPublicKey);
  24.     return subjectPublicKeyInfo;
  25. }

现在很想添加几个‘愤怒’的表情,还是传代码吧

代码里有读取证书文件和将证书写入文件的代码,还有添加扩展Extension的代码。

    本站是提供个人知识管理的网络存储空间,所有内容均由用户发布,不代表本站观点。请注意甄别内容中的联系方式、诱导购买等信息,谨防诈骗。如发现有害或侵权内容,请点击一键举报。
    转藏 分享 献花(0

    来自: 自由裸奔者 > 《pki》

    举报/认领

    0条评论

    发表

    请遵守用户 评论公约

    类似文章 更多