import java.nio.Buffer;
/**
* @author TBear
*
*/
import java.awt.TexturePaintContext.Byte;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBitString
import org.bouncycastle.asn1.DERInteger
import org.bouncycastle.asn1.DERSequence
import org.bouncycastle.asn1.DERUTCTime
import org.bouncycastle.asn1.x509.AlgorithmIdentifier
import org.bouncycastle.asn1.x509.BasicConstraints
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator
import org.bouncycastle.asn1.x509.X509CertificateStructure
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import org.bouncycastle.asn1.x509.X509Name
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.jce.provider.X509CertificateObject
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import com.itrus.raapi.info.CertInfo;
public class CertService{
public static void main(String[] args)
{
X509CertificateObject certificate = genSM2_Cert();
byte[] buffer = certificate.getEncoded();
BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(new File('E:/abc.cer')));
outputStream.write buffer;
outputStream.flush();
outputStream.close();
}
//X509CertificateObject
static X509CertificateObject genSM2_Cert() throws CertificateParsingException{
long currTime = new Date().getTime();
String issuerDN = "cn=ibm";
String subjectDN = "cn=ibm";
int vday = 10;
//證書生成
V3TBSCertificateGenerator v3CertGen = new V3TBSCertificateGenerator();
//系列號
DERInteger serialNumber = new DERInteger(BigInteger.valueOf(currTime));
v3CertGen.setSerialNumber(serialNumber);
//發行人
v3CertGen.setIssuer(new X509Name(issuerDN));
//開始時間和結束時間
v3CertGen.setStartDate(new DERUTCTime(new Date(currTime)));
v3CertGen.setEndDate(new DERUTCTime(new Date(currTime + vday*24*60*60*1000)));
//主題
v3CertGen.setSubject(new X509Name(subjectDN));
//簽名算法
AlgorithmIdentifier algSign = new AlgorithmIdentifier("1.2.156.197.1.501");
v3CertGen.setSignature(algSign);
//公鑰算法
AlgorithmIdentifier algKey = new AlgorithmIdentifier("1.2.156.197.1.301");
byte[] pubData = new byte[65];
pubData[0] = 0;
for(byte i=1;i<pubData.length;i++){
pubData[i] = i;
}
//有公鑰算法和簽名算法生成公鑰信息摘要
SubjectPublicKeyInfo pubKeyInfo = new SubjectPublicKeyInfo(algKey,pubData);
v3CertGen.setSubjectPublicKeyInfo(pubKeyInfo);
byte[] signInfo = new byte[69];
for(byte i=1;i<pubData.length;i++){
pubData[i] = i;
}
X509ExtensionsGenerator extenGen = new X509ExtensionsGenerator();
//extenGen.addExtension(paramDERObjectIdentifier, paramBoolean, paramArrayOfByte);
X509Extensions exten = extenGen.generate();
v3CertGen.setExtensions(exten);
ASN1EncodableVector asn1encodablevector = new ASN1EncodableVector();
asn1encodablevector.add(v3CertGen.generateTBSCertificate());
asn1encodablevector.add(algSign);
asn1encodablevector.add(new DERBitString(signInfo));
return new X509CertificateObject(new X509CertificateStructure(new DERSequence(asn1encodablevector)));
}
}
注意最終的輸出流必須用BufferedOutputStream;其他的流寫不出!
