The JCE Provider that implements only the signature algorithm does not require SUN (now Oracle) to sign the jar package, and can be implemented by itself.
This article is developed based on the BC 157 version. In the BC 157 version, the national secret algorithms such as SM2/SM3/SM4 have been supported. Of course, the supported method is the light weight API, not in the Provider.
An example of a self-made JeffProvider is as follows:
public JeffProvider() { AccessController.doPrivileged(new PrivilegedAction<Object>() { @Override public Object run() { // Put your own basic implementation class//Format: Type. Algorithm put("Signature.SHA1withRSA", "com.lgao.provider.sign.Sha1RSA"); put("Signature.MD5withRSA", "com.lgao.provider.sign.Md5RSA"); put("Signature.SM3withSM2", "com.lgao.provider.sign.SM3withSM2"); return null; } }); }
An example of certificate generation can be as follows:
String alg = "SM3withSM2"; Date dateBegin = new Date(System.currentTimeMillis() - 1000 * 60 * 60 * 24); Date dateEnd = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 32); X500Name issuer = new X500Name("C=CN,ST=SD,L=QD,O=Lgao,OU=KJ,CN=user001"); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(BaseUtils.hex2byte(p10s)); Logger.debug(p10.getSubject()); Logger.debug(BaseUtils.byte2hex(p10.getSubjectPublicKeyInfo().getEncoded())); X509v3CertificateBuilder v3builder = new X509v3CertificateBuilder(issuer, serial, dateBegin, dateEnd,p10.getSubject(), p10.getSubjectPublicKeyInfo()); // ContentSigner sigGen = new JcaContentSignerBuilderXA(alg).setProvider(new JeffProvider()).build(null); X509CertificateHolder holder = v3builder.build (sigGen); BaseUtils.saveData(holder.toASN1Structure().getEncoded(), "e:/temp/sm2.dat"); Logger.debug(BaseUtils.byte2hex(holder.toASN1Structure().getEncoded()));
In this article, JcaContentSignerBuilderXA is completed with reference to JcaContentSignerBuilder. For details, please refer to the previous article http://linuxgao.iteye.com/blog/2207557