证书文件 链接: https://pan.baidu.com/s/1ijHNnMQJj7jzW-jXEVd6Gg 密码: vfva
所需jar包
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.57</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
<version>1.56</version>
</dependency>部分代码(基本包含了全部)
/**
* 生成国密ROOT证书方法 X509v3CertificateBuilder
* @param pageCert.getCn()+","+
* @throws Exception
*/
public static Cert genSM2CertByX509v3CertificateBuilder(PageCert pageCert) throws Exception {
org.bouncycastle.jce.provider.BouncyCastleProvider bouncyCastleProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(bouncyCastleProvider);
String fileName = "root"+new Date().getTime()/1000;
String path = "F:/root/";
String rootCertPath = path+fileName+".cer";
Cert cert = new Cert();
try {
//公私钥对 QQ:783021975
KeyPair kp = KeyGenUtil.getKeyPair2SM2(path,fileName);
//转换成ECPublicKeyParameters ECPrivateKeyParameters
ECPublicKeyParameters bcecPublicKey =(ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(kp.getPublic());
ECPrivateKeyParameters bcecPrivateKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(kp.getPrivate());
//申请服务器证书信息
String issuerString = "CN="+pageCert.getCn()+",O="+pageCert.getO();
X500Name issueDn = new X500Name(issuerString);
X500Name subjectDn = new X500Name(issuerString);
SubjectPublicKeyInfo info =createSubjectECPublicKeyInfo(bcecPublicKey);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(kp.getPublic().getEncoded()));
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issueDn, BigInteger.valueOf(System.currentTimeMillis()), new Date(), Util4Hex.getYearLater(5), Locale.CHINA, subjectDn, info);
//基本约束
BasicConstraints basicConstraints = new BasicConstraints(0);
builder.addExtension(Extension.basicConstraints, true, basicConstraints);
//添加CRL分布点 QQ:783021975
builder.addExtension(Extension.cRLDistributionPoints, true, XSCertExtension.getCRLDIstPoint());
//添加证书策略 QQ:783021975
builder.addExtension(Extension.certificatePolicies, true, new DERSequence(XSCertExtension.getPolicyInfo()));
//颁发者密钥标识
DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator);
builder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(publicKeyInfo));
//使用者密钥标识
builder.addExtension(Extension.subjectKeyIdentifier, false,extensionUtils.createSubjectKeyIdentifier(publicKeyInfo));
//密钥用法 QQ:783021975
builder.addExtension(Extension.keyUsage,true,XSCertExtension.getKeyUsage());
//增强密钥用法 QQ:783021975
builder.addExtension(Extension.extendedKeyUsage,true,XSCertExtension.getExtendKeyUsage());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SM3WITHSM2");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find("SHA1");
ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId,digAlgId).build(bcecPrivateKey);
X509CertificateHolder certificateHolder = builder.build(contentSigner);
FileOutputStream outputStream = new FileOutputStream(rootCertPath);
outputStream.write(certificateHolder.getEncoded());
outputStream.close();
//cert只是一个Java对象 没有实际意义哦
cert.setCertname(fileName);
cert.setCertinfo("CN="+pageCert.getCn()+",O="+pageCert.getO());
cert.setSignalgor("1.2.156.10197.1.501");
cert.setAlgorithm("EC&SM2");
cert.setSessionalgor("SM3");
cert.setStatus(0);
cert.setPri_path(path+fileName+"privateKey.keystore");
cert.setPub_path(path+fileName+"publicKey.keystore");
return cert;
} catch (Exception e) {
e.printStackTrace();
System.out.println("======根证书申请失败"+e.getMessage());
return null;
}
}如需要了解更多 请查看 https://blog.csdn.net/u010651369/article/details/76907312