Example 1 with BcECContentSignerBuilder
use of com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder in project LinLong-Java by zhenwei1108.
the class CertBuilder method generateCertificate.
/**
* @param [dn, publicKey, privateKey]
* @return java.security.cert.Certificate
* @author zhangzhenwei
* @description 生成证书
* todo just support sm2
* @date 2022/3/15 9:09 下午
* @since: 1.0.0
*/
public static byte[] generateCertificate(String subjectDn, String issuerDn, PublicKey publicKey, PrivateKey privateKey, SignAlgEnum signAlgEnum, int time, TimeUnit timeUnit) throws WeGooCryptoException {
try {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
// SubjectPublicKeyInfo publicKeyInfo = (SubjectPublicKeyInfo)publicKey;
X500Name subject = new X500Name(subjectDn);
X500Name issuer = new X500Name(issuerDn);
byte[] bytes = new byte[15];
Random random = new Random();
random.nextBytes(bytes);
byte[] bytes1 = ByteArrayUtil.mergeBytes("9".getBytes(StandardCharsets.UTF_8), bytes);
BigInteger sn = new BigInteger(bytes1);
Date notBefore = DateUtil.now();
int max = Math.max(1, (int) timeUnit.toDays(time));
Date notAfter = DateUtil.nowPlusDays(max);
BcX509ExtensionUtils x509ExtensionUtils = new BcX509ExtensionUtils();
// 密钥用途: 签名和不可抵赖
int usage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation;
// 使用者标识符
SubjectKeyIdentifier subjectKeyIdentifier = x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo);
// 授权者标识符
AuthorityKeyIdentifier authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 判断是否签发根证书
if (subject.toString().equals(subject.toString())) {
// 根证书 颁发者标识符
authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 补充证书签名用途
usage = usage | KeyUsage.keyCertSign;
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, sn, notBefore, notAfter, subject, publicKeyInfo);
// 增加扩展项
Extension keyUsage = new Extension(Extension.keyUsage, false, new KeyUsage(usage).getEncoded());
Extension subjectKeyId = new Extension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier.getEncoded());
Extension authorityKeyId = new Extension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier.getEncoded());
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signAlgEnum.getOid());
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(signAlgEnum.getDigestAlgEnum().getOid());
builder.addExtension(keyUsage);
builder.addExtension(subjectKeyId);
builder.addExtension(authorityKeyId);
X509CertificateHolder holder;
BcContentSignerBuilder signerBuilder;
AsymmetricKeyParameter keyParameters;
if (publicKey.getAlgorithm().equals("EC")) {
signerBuilder = new BcECContentSignerBuilder(sigAlgId, digAlgId);
BCECPrivateKey key = (BCECPrivateKey) privateKey;
ECParameterSpec parameters = key.getParameters();
ECDomainParameters params = new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN());
keyParameters = new ECPrivateKeyParameters(key.getD(), params);
holder = builder.build(signerBuilder.build(keyParameters));
} else {
BCRSAPrivateKey key = (BCRSAPrivateKey) privateKey;
signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
keyParameters = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
holder = builder.build(signerBuilder.build(keyParameters));
}
return holder.toASN1Structure().getEncoded();
} catch (Exception e) {
throw new WeGooCryptoException(CryptoExceptionMassageEnum.generate_cert_err, e);
}
}
Also used :
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
BCRSAPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey)
X500Name(com.github.zhenwei.core.asn1.x500.X500Name)
RSAKeyParameters(com.github.zhenwei.core.crypto.params.RSAKeyParameters)
BcRSAContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder)
Random(java.util.Random)
BcContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder)
Date(java.util.Date)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
BCECPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey)
ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
AsymmetricKeyParameter(com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(com.github.zhenwei.pkix.cert.X509v3CertificateBuilder)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
BcX509ExtensionUtils(com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils)
BcECContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)
Aggregations
X500Name (com.github.zhenwei.core.asn1.x500.X500Name)1
AsymmetricKeyParameter (com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)1
ECDomainParameters (com.github.zhenwei.core.crypto.params.ECDomainParameters)1
ECPrivateKeyParameters (com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)1
RSAKeyParameters (com.github.zhenwei.core.crypto.params.RSAKeyParameters)1
WeGooCryptoException (com.github.zhenwei.core.exception.WeGooCryptoException)1
X509CertificateHolder (com.github.zhenwei.pkix.cert.X509CertificateHolder)1
X509v3CertificateBuilder (com.github.zhenwei.pkix.cert.X509v3CertificateBuilder)1
BcX509ExtensionUtils (com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils)1
BcContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder)1
BcECContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)1
BcRSAContentSignerBuilder (com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder)1
BCECPrivateKey (com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey)1
BCRSAPrivateKey (com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey)1
ECParameterSpec (com.github.zhenwei.provider.jce.spec.ECParameterSpec)1
BigInteger (java.math.BigInteger)1
Date (java.util.Date)1
Random (java.util.Random)1
