引入依賴
創(chuàng)新互聯(lián)公司專業(yè)為企業(yè)提供龍馬潭網(wǎng)站建設(shè)、龍馬潭做網(wǎng)站、龍馬潭網(wǎng)站設(shè)計(jì)、龍馬潭網(wǎng)站制作等企業(yè)網(wǎng)站建設(shè)、網(wǎng)頁(yè)設(shè)計(jì)與制作、龍馬潭企業(yè)網(wǎng)站模板建站服務(wù),10年龍馬潭做網(wǎng)站經(jīng)驗(yàn),不只是建網(wǎng)站,更提供有價(jià)值的思路和整體網(wǎng)絡(luò)服務(wù)。
org.bouncycastle
bcprov-jdk15on
1.49
org.bouncycastle
bcpkix-jdk15on
1.49
直接上代碼
package test;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.*;
/**
* 成都一方思致科技有限公司
*
* @author 蔣昌寶
* @version 1.0
* @date 2019/8/23 9:26
* @description 證書生成工具類
* =========================================================================
* 變更履歷:
* -------------------------------------------------------------------------
* 變更編號(hào) 變更時(shí)間 變更人 變更原因 變更內(nèi)容
* -------------------------------------------------------------------------
*/
public class GenerateCertificateUtil {
private static KeyPair getKey() throws NoSuchAlgorithmException {
// 密鑰對(duì) 生成器,RSA算法 生成的 提供者是 BouncyCastle
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", new BouncyCastleProvider());
// 密鑰長(zhǎng)度 1024
generator.initialize(1024);
// 證書中的密鑰 公鑰和私鑰
KeyPair keyPair = generator.generateKeyPair();
return keyPair;
}
/**
* @param password 密碼
* @param issuerStr 頒發(fā)機(jī)構(gòu)信息
* @param subjectStr 使用者信息
* @param certificateCRL 頒發(fā)地址
* @return
*/
public static Map createCert(String password, String issuerStr, String subjectStr, String certificateCRL) {
Map result = new HashMap();
ByteArrayOutputStream out = null;
try {
// 生成JKS證書
// KeyStore keyStore = KeyStore.getInstance("JKS");
// 標(biāo)志生成PKCS12證書
KeyStore keyStore = KeyStore.getInstance("PKCS12", new BouncyCastleProvider());
keyStore.load(null, null);
KeyPair keyPair = getKey();
// issuer與 subject相同的證書就是CA證書
Certificate cert = generateCertificateV3(issuerStr, subjectStr, keyPair, result, certificateCRL, null);
// cretkey隨便寫,標(biāo)識(shí)別名
keyStore.setKeyEntry("cretkey", keyPair.getPrivate(), password.toCharArray(), new Certificate[] { cert });
out = new ByteArrayOutputStream();
cert.verify(keyPair.getPublic());
keyStore.store(out, password.toCharArray());
byte[] keyStoreData = out.toByteArray();
result.put("keyStoreData", keyStoreData);
return result;
} catch (Exception e) {
e.printStackTrace();
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
}
}
}
return result;
}
/**
* @param issuerStr
* @param subjectStr
* @param keyPair
* @param result
* @param certificateCRL
* @param extensions
* @return
*/
public static Certificate generateCertificateV3(String issuerStr, String subjectStr, KeyPair keyPair, Map result,
String certificateCRL, List extensions) {
ByteArrayInputStream bout = null;
X509Certificate cert = null;
try {
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
Date notBefore = new Date();
Calendar rightNow = Calendar.getInstance();
rightNow.setTime(notBefore);
// 日期加1年
rightNow.add(Calendar.YEAR, 1);
Date notAfter = rightNow.getTime();
// 證書序列號(hào)
BigInteger serial = BigInteger.probablePrime(256, new Random());
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name(issuerStr), serial, notBefore, notAfter,new X500Name(subjectStr), publicKey);
JcaContentSignerBuilder jBuilder = new JcaContentSignerBuilder( "SHA1withRSA");
Secur刪除eRandom secur刪除eRandom = new Secur刪除eRandom();
jBuilder.setSecur刪除eRandom(secur刪除eRandom);
ContentSigner singer = jBuilder.setProvider( new BouncyCastleProvider()).build(privateKey);
// 分發(fā)點(diǎn)
ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier( "2.5.29.31");
GeneralName generalName = new GeneralName( GeneralName.uniformResourceIdentifier, certificateCRL);
GeneralNames seneralNames = new GeneralNames(generalName);
DistributionPointName distributionPoint = new DistributionPointName( seneralNames);
DistributionPoint[] points = new DistributionPoint[1];
points[0] = new DistributionPoint(distributionPoint, null, null);
CRLDistPoint cRLDistPoint = new CRLDistPoint(points);
builder.addExtension(cRLDistributionPoints, true, cRLDistPoint);
// 用途
ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier( "2.5.29.15");
// | KeyUsage.nonRepudiation | KeyUsage.keyCertSign
builder.addExtension(keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
// 基本限制 X509Extension.java
ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
builder.addExtension(basicConstraints, true, new BasicConstraints(true));
// privKey:使用自己的私鑰進(jìn)行簽名,CA證書
if (extensions != null){
for (Extension ext : extensions) {
builder.addExtension(
new ASN1ObjectIdentifier(ext.getOid()),
ext.isCritical(),
ASN1Primitive.fromByteArray(ext.getValue()));
}
}
X509CertificateHolder holder = builder.build(singer);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
bout = new ByteArrayInputStream(holder.toASN1Structure() .getEncoded());
cert = (X509Certificate) cf.generateCertificate(bout);
byte[] certBuf = holder.getEncoded();
SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
// 證書數(shù)據(jù)
result.put("certificateData", certBuf);
//公鑰
result.put("publicKey", publicKey.getEncoded());
//私鑰
result.put("privateKey", privateKey.getEncoded());
//證書有效開始時(shí)間
result.put("notBefore", format.format(notBefore).getBytes("utf-8"));
//證書有效結(jié)束時(shí)間
result.put("notAfter", format.format(notAfter).getBytes("utf-8"));
} catch (Exception e) {
e.printStackTrace();
} finally {
if (bout != null) {
try {
bout.close();
} catch (IOException e) {
}
}
}
return cert;
}
class Extension {
private String oid;
private boolean critical;
private byte[] value;
public String getOid() {
return oid;
}
public void setOid(String oid) {
this.oid = oid;
}
public boolean isCritical() {
return critical;
}
public void setCritical(boolean critical) {
this.critical = critical;
}
public byte[] getValue() {
return value;
}
public void setValue(byte[] value) {
this.value = value;
}
}
/**
}