证书工具类(csr、cer)
- csr证书也称为p10证书,cer证书就是我们可以被系统识别到的证书。
- 所有证书都是ans.1格式的,ans.1相当于json格式而已,对于这种格式可以用相关的工具查看,推荐一款工具,我自己用的查看工具:https://download.csdn.net/download/weixin_36296559/11190321
- api是国密的包,基础的包、provider包(第三方厂商包),bcpkix(扩展包),mail(邮件加密包),这里大量用了基础包和bcpkix包
这里使用了第三方加密机进行加密,作为思路而已,不适合所有项目
P10工具类
import com.utils.Base64;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.security.*;
/**
* Created by wangbeibei on 2019-4-17.
* 注意PKCS10CertificationRequest类
*/
public class CSR {
/**
* 创建证书(p10)
* @param keyIndex
* @return
* @throws Exception
*/
/**
* 创建证书(p10)
* @param keyIndex
* @return
* @throws Exception
*/
public String createCsr(int keyIndex,String cn) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("SM2", "SwxaJCE");
kpg.initialize(keyIndex << 16);
KeyPair keyPair = kpg.genKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
String sigAlg = "SM3WithSM2";
String params = "CN=" + cn + ",O=王贝贝,L=乌鲁木齐,S=*,C=CN";
X500Principal principal = new X500Principal(params);
PKCS10CertificationRequest kpGen = new PKCS10CertificationRequest(sigAlg, principal, publicKey,
new com.sansec.asn1.DERSet(), privateKey, null);
byte[] c = kpGen.getEncoded();
String csr = "-----BEGIN CERTIFICATE REQUEST-----\r\n";
csr += new String(Base64.createBase64().encode(c));
csr += "\r\n-----END CERTIFICATE REQUEST-----\r\n";
return csr;
}
/**
* 解析p10证书
*/
public static void analysicCer(byte[] encoded) throws Exception {
PKCS10CertificationRequest pkcs10CertificationRequest=new PKCS10CertificationRequest(encoded);
//获取公钥
SubjectPublicKeyInfo subjectPublicKeyInfo=pkcs10CertificationRequest.getSubjectPublicKeyInfo();
DERBitString publicKey= subjectPublicKeyInfo.getPublicKeyData();
byte[] bytes= publicKey.getBytes();
String publickey= Base64.createBase64().encode(bytes);
System.out.println("csr文件的公钥为:"+publickey);
//获取主题
X500Name subjectName= pkcs10CertificationRequest.getSubject();
System.out.println("csr文件主体为:"+subjectName.toString());
}
}
cer工具类
package com.test.XJTest;
import cn.hutool.core.io.FileUtil;
import com.kinggrid.swxa.MyContentSigner;
import com.kinggrid.swxa.SwxaSM2Utils;
import com.sansec.jce.provider.JCESM2PublicKey;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Hex;
import java.math.BigInteger;
import java.security.*;
import java.util.Calendar;
import java.util.Date;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import com.utils.Base64;
import java.security.*;
import java.io.*;
import java.security.cert.*;
import java.security.cert.Certificate;
/**
* Created by wangbeibei on 2019-4-17.
* 注意x500NameBuilder.ans.1相关api
*/
public class CER {
/**
* 创建cer证书
*/
public byte[] createCer( int keyIndex) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("SM2", "SwxaJCE");
kpg.initialize(keyIndex << 16);
KeyPair kp = kpg.genKeyPair();
JCESM2PublicKey publicKey = (JCESM2PublicKey) kp.getPublic();
byte[] publicKeyData = publicKey.getEncoded();
X500NameBuilder x500NameBuilder = new X500NameBuilder();
x500NameBuilder.addRDN(BCStyle.CN, "测试");
x500NameBuilder.addRDN(BCStyle.C, "CN");
x500NameBuilder.addRDN(BCStyle.O, "王贝贝");
x500NameBuilder.addRDN(BCStyle.OU, "乌鲁木齐");
x500NameBuilder.addRDN(BCStyle.L, "江西");
X500Name x500Name = x500NameBuilder.build();
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
Calendar nowTime = Calendar.getInstance();
Date notBefore = nowTime.getTime();
nowTime.add(Calendar.YEAR, 3);
Date notAfter = nowTime.getTime();
ASN1Sequence primitive = (ASN1Sequence) DERSequence.fromByteArray(publicKeyData);
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(primitive);
X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore,
notAfter, x500Name, publicKeyInfo);
// 基本约束
BasicConstraints basicConstraints = new BasicConstraints(0);
x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, basicConstraints);
// **用法
DERBitString keyUsage = new DERBitString(192);
x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, keyUsage);
// 头
String str = "04C0";
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
messageDigest.update(Hex.decode(str));
messageDigest.update(publicKeyInfo.getEncoded());
byte[] digest = messageDigest.digest();
DEROctetString subjectKeyIdentifier = new DEROctetString(digest);
x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(new MyContentSigner());
return certificateHolder.getEncoded();
}
/**
* 解析cer证书
*/
public static void analysisCer(String url) throws Exception {
CertificateFactory cf;
try {
// 获取工厂实例
cf = CertificateFactory.getInstance("X.509");
// 用文件流读入证书
FileInputStream in=new FileInputStream(url);
// 生成证书
Certificate c=cf.generateCertificate(in);
X509Certificate t=(X509Certificate)c;
in.close();
String s=c.toString();
System.out.println("输出证书信息:\n"+s);
System.out.println();
System.out.println();
System.out.println("版本号:"+t.getVersion());
System.out.println("***:"+t.getSerialNumber().toString(16));
System.out.println("签发者:"+t.getIssuerDN());
System.out.println("有效起始日期:"+t.getNotBefore());
System.out.println("有效终止日期:"+t.getNotAfter());
System.out.println("主体名:"+t.getSubjectDN());
System.out.println("签名算法:"+t.getSigAlgName());
System.out.println("签名:"+t.getSignature().toString());
PublicKey pk=t.getPublicKey();
byte [] pkenc=pk.getEncoded();
System.out.println("公钥:");
for(int i=0;i<pkenc.length;i++)System.out.print(pkenc[i]+",");
System.out.println();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
* 创建证书
* @throws Exception
*/
public static void createCer() throws Exception {
analysisCer("E:\\word\\王贝贝\\cert\\demo.cer");
String bytes=SwxaSM2Utils.getIndexOfCSR(3,"cn");
byte[] bytes1=bytes.getBytes();
System.out.println(bytes);
File P10Cert=new File("E:\\word\\goldgrid\\cert\\p10demo.csr");
FileUtil.writeBytes(bytes1, P10Cert);
byte[] cerByte= SwxaSM2Utils.getIndexOfCer(3);
File cerFile=new File("E:\\word\\goldgrid\\cert\\p10demo.cer");
FileUtil.writeBytes(cerByte,cerFile);
}
/**
* 解析证书
*/
public static void anyP10() throws Exception {
// File P10Cert=new File("E:\\word\\goldgrid\\cert\\p10demo.csr");
// String P10= FileUtil.readString(P10Cert,"UTF-8");
// String contxtString= P10.substring(35,417);
// System.out.println(P10);
// System.out.println(contxtString);
String contxtString="请自行更替";
byte[] bytes= Base64.createBase64().decode(contxtString);
PKCS10CertificationRequest Pkcs10=new PKCS10CertificationRequest(bytes);
//主体
X500Name x500Name= Pkcs10.getSubject();
SubjectPublicKeyInfo subjectPublicKeyInfo= Pkcs10.getSubjectPublicKeyInfo();
//公钥
String publicKeyData= subjectPublicKeyInfo.getPublicKeyData().getString();
AlgorithmIdentifier algorithmIdentifier= Pkcs10.getSignatureAlgorithm();
Pkcs10.getEncoded();
Attribute[] attributes= Pkcs10.getAttributes();
CertificationRequest certificationRequest= Pkcs10.toASN1Structure();
String Signature= certificationRequest.getSignature().getString();
System.out.println(Signature);
for (int i = 0; i <attributes.length ; i++) {
System.out.println(attributes[i]);
}
System.out.println(x500Name.toString());
System.out.println(publicKeyData);
/**
* CertificationRequest ::= SEQUENCE {
* certificationRequestInfo CertificationRequestInfo,
* signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
* signature BIT STRING
* }
*/
/**
* Subject:
* RDN:
* C:国家
* ST:省
* L:市
* O:组织
* CN:证书名称
*/
}
}