而实现只有签名算法的JCE Provider是不需要SUN(现在是Oracle了)进行jar包签名的,完全可以自行实现。
本文是基于BC 157版本开发的,在BC 157版本中,已经对SM2/SM3/SM4等国密算法进行了支持,当然支持的方式是light weight API,而不是在Provider中进行支持。
自制JeffProvider的例子如下:
public JeffProvider() {
AccessController.doPrivileged(new PrivilegedAction
在证书生成的例子可以如下:
String alg = "SM3withSM2";
Date dateBegin = new Date(System.currentTimeMillis() - 1000 * 60 * 60 * 24);
Date dateEnd = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 32);
X500Name issuer = new X500Name("C=CN,ST=SD,L=QD,O=Lgao,OU=KJ,CN=user001");
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(BaseUtils.hex2byte(p10s));
Logger.debug(p10.getSubject());
Logger.debug(BaseUtils.byte2hex(p10.getSubjectPublicKeyInfo().getEncoded()));
X509v3CertificateBuilder v3builder = new X509v3CertificateBuilder(issuer, serial, dateBegin, dateEnd,p10.getSubject(), p10.getSubjectPublicKeyInfo());
//
ContentSigner sigGen = new JcaContentSignerBuilderXA(alg).setProvider(new JeffProvider()).build(null);
X509CertificateHolder holder = v3builder.build(sigGen);
BaseUtils.saveData(holder.toASN1Structure().getEncoded(), "e:/temp/sm2.dat");
Logger.debug(BaseUtils.byte2hex(holder.toASN1Structure().getEncoded()));
文中参照JcaContentSignerBuilder完成了JcaContentSignerBuilderXA,详情可参阅上一篇 http://linuxgao.iteye.com/blog/2207557