Search in sources :

Example 1 with BcX509ExtensionUtils

use of com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils in project LinLong-Java by zhenwei1108.

the class CertBuilder method generateCertificate.

/**
 * @param [dn, publicKey, privateKey]
 * @return java.security.cert.Certificate
 * @author zhangzhenwei
 * @description 生成证书
 * todo just support sm2
 * @date 2022/3/15  9:09 下午
 * @since: 1.0.0
 */
public static byte[] generateCertificate(String subjectDn, String issuerDn, PublicKey publicKey, PrivateKey privateKey, SignAlgEnum signAlgEnum, int time, TimeUnit timeUnit) throws WeGooCryptoException {
    try {
        SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        // SubjectPublicKeyInfo publicKeyInfo = (SubjectPublicKeyInfo)publicKey;
        X500Name subject = new X500Name(subjectDn);
        X500Name issuer = new X500Name(issuerDn);
        byte[] bytes = new byte[15];
        Random random = new Random();
        random.nextBytes(bytes);
        byte[] bytes1 = ByteArrayUtil.mergeBytes("9".getBytes(StandardCharsets.UTF_8), bytes);
        BigInteger sn = new BigInteger(bytes1);
        Date notBefore = DateUtil.now();
        int max = Math.max(1, (int) timeUnit.toDays(time));
        Date notAfter = DateUtil.nowPlusDays(max);
        BcX509ExtensionUtils x509ExtensionUtils = new BcX509ExtensionUtils();
        // 密钥用途:  签名和不可抵赖
        int usage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation;
        // 使用者标识符
        SubjectKeyIdentifier subjectKeyIdentifier = x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo);
        // 授权者标识符
        AuthorityKeyIdentifier authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
        // 判断是否签发根证书
        if (subject.toString().equals(subject.toString())) {
            // 根证书 颁发者标识符
            authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
            // 补充证书签名用途
            usage = usage | KeyUsage.keyCertSign;
        }
        X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, sn, notBefore, notAfter, subject, publicKeyInfo);
        // 增加扩展项
        Extension keyUsage = new Extension(Extension.keyUsage, false, new KeyUsage(usage).getEncoded());
        Extension subjectKeyId = new Extension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier.getEncoded());
        Extension authorityKeyId = new Extension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier.getEncoded());
        AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signAlgEnum.getOid());
        AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(signAlgEnum.getDigestAlgEnum().getOid());
        builder.addExtension(keyUsage);
        builder.addExtension(subjectKeyId);
        builder.addExtension(authorityKeyId);
        X509CertificateHolder holder;
        BcContentSignerBuilder signerBuilder;
        AsymmetricKeyParameter keyParameters;
        if (publicKey.getAlgorithm().equals("EC")) {
            signerBuilder = new BcECContentSignerBuilder(sigAlgId, digAlgId);
            BCECPrivateKey key = (BCECPrivateKey) privateKey;
            ECParameterSpec parameters = key.getParameters();
            ECDomainParameters params = new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN());
            keyParameters = new ECPrivateKeyParameters(key.getD(), params);
            holder = builder.build(signerBuilder.build(keyParameters));
        } else {
            BCRSAPrivateKey key = (BCRSAPrivateKey) privateKey;
            signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
            keyParameters = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
            holder = builder.build(signerBuilder.build(keyParameters));
        }
        return holder.toASN1Structure().getEncoded();
    } catch (Exception e) {
        throw new WeGooCryptoException(CryptoExceptionMassageEnum.generate_cert_err, e);
    }
}
Also used : ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters) BCRSAPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey) X500Name(com.github.zhenwei.core.asn1.x500.X500Name) RSAKeyParameters(com.github.zhenwei.core.crypto.params.RSAKeyParameters) BcRSAContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder) Random(java.util.Random) BcContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder) Date(java.util.Date) WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException) BCECPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey) ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters) WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException) AsymmetricKeyParameter(com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(com.github.zhenwei.pkix.cert.X509v3CertificateBuilder) ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) BcX509ExtensionUtils(com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils) BcECContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)

Aggregations

X500Name (com.github.zhenwei.core.asn1.x500.X500Name)1 AsymmetricKeyParameter (com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)1 ECDomainParameters (com.github.zhenwei.core.crypto.params.ECDomainParameters)1 ECPrivateKeyParameters (com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)1 RSAKeyParameters (com.github.zhenwei.core.crypto.params.RSAKeyParameters)1 WeGooCryptoException (com.github.zhenwei.core.exception.WeGooCryptoException)1 X509CertificateHolder (com.github.zhenwei.pkix.cert.X509CertificateHolder)1 X509v3CertificateBuilder (com.github.zhenwei.pkix.cert.X509v3CertificateBuilder)1 BcX509ExtensionUtils (com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils)1 BcContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder)1 BcECContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)1 BcRSAContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder)1 BCECPrivateKey (com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey)1 BCRSAPrivateKey (com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey)1 ECParameterSpec (com.github.zhenwei.provider.jce.spec.ECParameterSpec)1 BigInteger (java.math.BigInteger)1 Date (java.util.Date)1 Random (java.util.Random)1