转载请注明出处
https://blog.csdn.net/liweiliang0108/article/details/95191931
直接正题
先来几张图片
使用的BC库
这是个链接bcprov-1.60 这还是个链接bcpkix-1.60
代码下载地址
这是代码下载地址
已集成的扩展信息
BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess、AuthorityKeyIdentifier、SubjectKeyIdentifier、NameConstraints。
生成证书
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( new X500Name('CN=issuer'), // issuer BigInteger.ONE, // serial number new X500Name('CN=subject'), // subject builder.addExtension(ExtensionUtils.getBasicConstraintsExtension(true)); builder.addExtension(ExtensionUtils.getCRLDIstPointExtension(URINames)); builder.addExtension(ExtensionUtils.getCertificatePoliciesExtension()); builder.addExtension(ExtensionUtils.getPolicyMappingsExtension()); builder.addExtension(ExtensionUtils.getKeyUsageExtension()); builder.addExtension(ExtensionUtils.getExtendedKeyUsageExtension()); builder.addExtension(ExtensionUtils.getSubjectAlternativeNameExtension()); builder.addExtension(ExtensionUtils.getAuthorityInfoAccessExtension('123')); builder.addExtension(ExtensionUtils.getAuthorityKeyIdentifierExtension(keyPair2.getPublic())); builder.addExtension(ExtensionUtils.getSubjectKeyIdentifierExtension(keyPair.getPublic())); builder.addExtension(ExtensionUtils.getNameConstraintsExtension()); ContentSigner contentSigner = new JcaContentSignerBuilder('SHA256withECDSA') .setProvider('BC').build(privateKey); X509CertificateHolder x509CertificateHolder = builder.build(contentSigner); ByteArrayInputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure() CertificateFactory cf = CertificateFactory.getInstance('X.509'); X509Certificate certificate = (X509Certificate) cf.generateCertificate(inputStream);
import引入
import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.bc.BcECContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.KeyPair; import java.security.Security; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate;
使用前记得添加
Security.addProvider(new BouncyCastleProvider());
生成KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance('EC', 'BC'); keyPairGenerator.initialize(256); KeyPair keypair = keyPairGenerator.generateKeyPair();
String转换Key
private static PrivateKey getPrivateKey(String key) { org.bouncycastle.jce.spec.ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec('secp256r1'); org.bouncycastle.jce.spec.ECPrivateKeySpec privateKeySpec = new org.bouncycastle.jce.spec.ECPrivateKeySpec( new BigInteger(key, 16), ecSpec); return new BCECPrivateKey('EC', privateKeySpec, BouncyCastleProvider.CONFIGURATION); private static PublicKey getPublicKey(String key) { String x = key.substring(0, 64); String y = key.substring(64, 128); org.bouncycastle.jce.spec.ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec('secp256r1'); org.bouncycastle.math.ec.ECPoint ecPoint = ecSpec.getCurve().createPoint(new BigInteger(x, 16), org.bouncycastle.jce.spec.ECPublicKeySpec publicKeySpec = new org.bouncycastle.jce.spec.ECPublicKeySpec(ecPoint, return new BCECPublicKey('EC', publicKeySpec, BouncyCastleProvider.CONFIGURATION);
其他的转换
public static ECPrivateKeyParameters convertECPriKeyParams(PrivateKey privateKey) throws InvalidKeyException { ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(privateKey); public static ECPublicKeyParameters convertECPubKeyParams(PublicKey publicKey) throws InvalidKeyException { //转换成ECPublicKeyParameters ECPrivateKeyParameters ECPublicKeyParameters bcecPublicKey = (ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(publicKey); public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(PublicKey publicKey) { SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(publicKey.getEncoded())); return subjectPublicKeyInfo; public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(ECPublicKeyParameters bcecPublicKey) throws IOException { ASN1OctetString p = (ASN1OctetString)new X9ECPoint(bcecPublicKey.getQ()).toASN1Primitive(); SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo( new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1), p.getOctets()); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(bcecPublicKey); return subjectPublicKeyInfo;
现在很想添加几个‘愤怒’的表情,还是传代码吧
代码里有读取证书文件和将证书写入文件的代码,还有添加扩展Extension的代码。
|