enuoCM
- 浏览: 21451 次
- 性别:
- 来自: 成都
-
文章分类
最新评论
基于BouncyCastle的ECDSA Key, CSR, Certificate Demo
直接代码示例:
import com.google.common.base.Splitter;
import org.ethereum.crypto.jce.SpongyCastleProvider;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PrivateKeyInfo;
import org.spongycastle.asn1.x509.*;
import org.spongycastle.cert.CertException;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECParameterSpec;
import org.spongycastle.openssl.PEMKeyPair;
import org.spongycastle.openssl.PEMParser;
import org.spongycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.spongycastle.openssl.jcajce.JcaPEMWriter;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.ContentVerifierProvider;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.spongycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.spongycastle.util.encoders.Base64;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemWriter;
import javax.crypto.*;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.security.auth.x500.X500Principal;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Date;
import java.util.Enumeration;
public class ECDSATest {
private static final String TEST_PWD = "1234";
public static void main(String[] args) throws Exception {
BouncyCastleProvider prov = new org.spongycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(prov);
// 查看支持的Provider和Algorithm
for (Provider provider : Security.getProviders()) {
System.out.println("Provider: " + provider.getName() + " version: " + provider.getVersion());
for (Provider.Service service : provider.getServices()) {
System.out.printf(" Type : %-30s Algorithm: %-30s\n", service.getType(), service.getAlgorithm());
}
}
System.out.println("------------------------------------------------------------------------------------------\n\n");
//生成ECDSA 公私钥
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256k1");
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDSA", prov.getName());
generator.initialize(ecSpec, new SecureRandom());
KeyPair pair = generator.generateKeyPair();
PublicKey publicKey = pair.getPublic();
PrivateKey privateKey = pair.getPrivate();
// extract the encoded private key, this is an unencrypted PKCS#8 private key
byte[] encodedPrivateKey = privateKey.getEncoded();
//输出private key(非BouncyCastle API)
String pem = generatePem("PRIVATE KEY", encodedPrivateKey);
System.out.println("pem:\n" + pem);
checkRecover(privateKey, pem);
//输出private key(BouncyCastle API)
pem = privateKeyToPEM(privateKey);
System.out.println("pem:\n" + pem);
checkRecover(privateKey, pem);
// 输出加密private key(BouncyCastle API)
// We must use a PasswordBasedEncryption algorithm in order to encrypt the private key, you may use any common algorithm supported by openssl,
// you can check them in the openssl documentation http://www.openssl.org/docs/apps/pkcs8.html
String pbeAlg = "PBEWITHSHA1ANDDESEDE";
int count = 1 << 10;// hash iteration count
SecureRandom random = new SecureRandom();
byte[] salt = new byte[128];
random.nextBytes(salt);
// Create PBE parameter set
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
PBEKeySpec pbeKeySpec = new PBEKeySpec(TEST_PWD.toCharArray());
SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeAlg);
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);
Cipher pbeCipher = Cipher.getInstance(pbeAlg);
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);
// Encrypt the encoded Private Key with the PBE key
byte[] ciphertext = pbeCipher.doFinal(encodedPrivateKey);
// Now construct PKCS #8 EncryptedPrivateKeyInfo object
AlgorithmParameters algparms = AlgorithmParameters.getInstance(pbeAlg);
algparms.init(pbeParamSpec);
EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext);
// and here we have it! a DER encoded PKCS#8 encrypted key!
byte[] encryptedPkcs8 = encinfo.getEncoded();
pem = generatePem("ENCRYPTED PRIVATE KEY", encryptedPkcs8);
System.out.println("pem encrypted:\n" + pem);
checkRecover(privateKey, pem);
System.out.println("------------------------------------------------------------------------------------------");
//生成ECDSA csr,并签名
generatePKCS10CSRAndSign(publicKey, privateKey);
}
private static void checkRecover(PrivateKey privateKey, String pem) throws IOException {
PrivateKey recoveredKey = privateKeyFromPEM(pem);
System.out.println("privateKey=" + privateKey);
System.out.println("privateKey.getAlgorithm()=" + privateKey.getAlgorithm());
System.out.println("\nrecoveredKey=" + privateKey);
System.out.println("recoveredKey.getAlgorithm()=" + recoveredKey.getAlgorithm());
System.out.println();
if (privateKey.equals(recoveredKey)) {
System.out.println("Key recovery ok");
} else {
System.err.println("Private key recovery failed");
}
if (privateKey.getAlgorithm().equals(recoveredKey.getAlgorithm())) {
System.out.println("Key algorithm ok");
} else {
System.err.println("Key algorithms do not match");
}
System.out.println("\n\n\n");
}
private static String privateKeyToPEM(PrivateKey privateKey) throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
JcaPEMWriter pemWriter = new JcaPEMWriter(new OutputStreamWriter(bos));
pemWriter.writeObject(privateKey);
pemWriter.close();
return new String(bos.toByteArray());
}
private static PrivateKey privateKeyFromPEM(String der) throws IOException {
StringReader reader = new StringReader(der);
PEMParser pemParser = new PEMParser(reader);
try {
Object o = pemParser.readObject();
if (o == null) {
throw new IOException("Not an OpenSSL key");
}
if (o instanceof PEMKeyPair) {
KeyPair kp = new JcaPEMKeyConverter().setProvider("SC").getKeyPair((PEMKeyPair) o);
return kp.getPrivate();
} else if (o instanceof PrivateKeyInfo) {
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(SpongyCastleProvider.getInstance().getName());
return converter.getPrivateKey((PrivateKeyInfo) o);
} else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo eki = (PKCS8EncryptedPrivateKeyInfo) o;
return privateKeyFromEncryptedPEM(eki.getEncoded());
}
throw new IOException("Not an OpenSSL key" + o);
} finally {
pemParser.close();
}
}
private static PrivateKey privateKeyFromEncryptedPEM(byte[] keyBytes) throws IOException {
EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(keyBytes);
Cipher cipher;
try {
cipher = Cipher.getInstance(encryptPKInfo.getAlgName());
PBEKeySpec pbeKeySpec = new PBEKeySpec(TEST_PWD.toCharArray());
SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName());
Key pbeKey = secFac.generateSecret(pbeKeySpec);
AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);
KeyFactory kf = KeyFactory.getInstance("ECDSA");
return kf.generatePrivate(pkcs8KeySpec);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
return null;
}
private static String generatePem(String type, byte[] encoded) {
String code = "-----BEGIN " + type + "-----\n";
String codenew = new String(Base64.encode((encoded)));
String myOutput = "";
for (String substring : Splitter.fixedLength(64).split(codenew)) {
myOutput += substring + "\n";
}
code += myOutput.substring(0, myOutput.length() - 1);
code += "\n-----END " + type + "-----";
return new String(code.getBytes());
}
private static String csrToPEM(PKCS10CertificationRequest csr) throws IOException {
PemObject pemObject = new PemObject("NEW CERTIFICATE REQUEST", csr.getEncoded());
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
return stringWriter.toString();
}
private static byte[] generatePKCS10CSRAndSign(PublicKey publicKey, PrivateKey privateKey) throws Exception {
// CSR
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("C=CN, ST=SC, O=CD, OU=MC, CN=test, emailAddress=xx@xx.com"), publicKey);
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA");
ContentSigner signer = csBuilder.build(privateKey);
PKCS10CertificationRequest csr = p10Builder.build(signer);
String pem = csrToPEM(csr);
System.out.println("csr:\n" + pem);
System.out.println(csr.getSubjectPublicKeyInfo().getPublicKeyData());
//加载ca公私钥
PEMParser pemParser = new PEMParser(new StringReader("-----BEGIN EC PRIVATE KEY-----\n" +
"MHQCAQEEIFLDMLtsZrm1WlqMo/VZ0mWM/hX+rYpQaYdeMvkJA4F1oAcGBSuBBAAK\n" +
"oUQDQgAEVVrLKeTmtkXqDK1lrRi2/AngLSHSERQFscZzOED09W9zYxA/vqx5uxI8\n" +
"XpN5PQ/ekvAPJAqkbfN7msw4f5U5KQ==\n" +
"-----END EC PRIVATE KEY-----\n"));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(SpongyCastleProvider.getInstance().getName());
PrivateKey caPrivateKey = null;
if (object instanceof PrivateKeyInfo) {
System.out.println("ca privateKey=\n" + converter.getPrivateKey((PrivateKeyInfo) object));
caPrivateKey = converter.getPrivateKey((PrivateKeyInfo) object);
} else if (object instanceof org.spongycastle.openssl.PEMKeyPair) {
PEMKeyPair pemKeyPair = (PEMKeyPair) object;
PrivateKeyInfo pki = pemKeyPair.getPrivateKeyInfo();
System.out.println("ca privateKey=\n" + converter.getPrivateKey(pki));
caPrivateKey = converter.getPrivateKey(pki);
}
pemParser = new PEMParser(new StringReader("-----BEGIN CERTIFICATE-----\n" +
"MIICYzCCAgigAwIBAgIJALVT13T2E0X2MAoGCCqGSM49BAMCMIGNMQswCQYDVQQG\n" +
"EwJDTjEQMA4GA1UECBMHQmVpSmluZzEQMA4GA1UEBxMHQmVpSmluZzETMBEGA1UE\n" +
"ChMKY2xvdWRtaW5kczESMBAGA1UECxMJYXV0aGNoYWluMQ0wCwYDVQQDEwRkYXRh\n" +
"MSIwIAYJKoZIhvcNAQkBFhNkYXRhQGNsb3VkbWluZHMuY29tMCAXDTE3MDIxMDAz\n" +
"MjU1NFoYDzMwMTYwNjEzMDMyNTU0WjCBjTELMAkGA1UEBhMCQ04xEDAOBgNVBAgT\n" +
"B0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxEzARBgNVBAoTCmNsb3VkbWluZHMx\n" +
"EjAQBgNVBAsTCWF1dGhjaGFpbjENMAsGA1UEAxMEZGF0YTEiMCAGCSqGSIb3DQEJ\n" +
"ARYTZGF0YUBjbG91ZG1pbmRzLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABFVa\n" +
"yynk5rZF6gytZa0YtvwJ4C0h0hEUBbHGczhA9PVvc2MQP76sebsSPF6TeT0P3pLw\n" +
"DyQKpG3ze5rMOH+VOSmjUDBOMB0GA1UdDgQWBBQgbt/oOfrxgKp91uCWDLrOi5qb\n" +
"TzAfBgNVHSMEGDAWgBQgbt/oOfrxgKp91uCWDLrOi5qbTzAMBgNVHRMEBTADAQH/\n" +
"MAoGCCqGSM49BAMCA0kAMEYCIQDqeOeAbg5mvB7kl483aiRSlVvEUokaaZllnKKQ\n" +
"auXZewIhAKtE1BtMJZzPjDrQE3+tJI69eSE+nTTH7cUvvIJFTvCd\n" +
"-----END CERTIFICATE-----"));
object = pemParser.readObject();
X509CertificateHolder xh = (X509CertificateHolder) object;
X509Certificate caCert = new JcaX509CertificateConverter().setProvider("SC") .getCertificate(xh);
PublicKey caPublicKey = converter.getPublicKey(xh.getSubjectPublicKeyInfo());
System.out.println("ca publicKey=\n" + caPublicKey);
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);
signCertificateRequest(caCert, caPublicKey, caPrivateKey, csr, startDate, endDate, publicKey);
return csr.getEncoded();
}
private static String certificateToPEM(X509Certificate certificate) throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
JcaPEMWriter pemWriter = new JcaPEMWriter(new OutputStreamWriter(bos));
pemWriter.writeObject(certificate);
pemWriter.close();
return new String(bos.toByteArray());
}
private static X509Certificate signCertificateRequest(X509Certificate caCert, PublicKey caPublicKey, PrivateKey caPrivateKey, PKCS10CertificationRequest csr,
Date notBefore, Date notAfter, PublicKey csrPublicKey)
throws NoSuchAlgorithmException, InvalidKeyException, CertificateException, IOException, OperatorCreationException {
JcaPKCS10CertificationRequest jcaRequest = new JcaPKCS10CertificationRequest(csr);
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert,
BigInteger.valueOf(System.currentTimeMillis()), notBefore, notAfter, jcaRequest.getSubject(), jcaRequest.getPublicKey());
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert))
.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(jcaRequest.getPublicKey()))
.addExtension(Extension.basicConstraints, true, new BasicConstraints(false))
.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature))
.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
// add pkcs extensions
org.spongycastle.asn1.pkcs.Attribute[] attributes = csr.getAttributes();
for (org.spongycastle.asn1.pkcs.Attribute attr : attributes) {
// process extension request
if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
Extensions extensions = Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
certificateBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
}
}
}
ContentSigner signer = null;
if (caPrivateKey instanceof org.spongycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) {
signer = new JcaContentSignerBuilder("SHA256withECDSA").setProvider("SC").build(caPrivateKey);
} else {
signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("SC").build(caPrivateKey);
}
X509CertificateHolder certHolder = certificateBuilder.build(signer);
X509Certificate c = new JcaX509CertificateConverter().setProvider("SC").getCertificate(certHolder);
System.out.println("\n" + certificateToPEM(c));
System.out.println("-----------------------\n" + c.getPublicKey());
System.out.println(csrPublicKey);
System.out.println(isEqual(c.getPublicKey(), csrPublicKey));
ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder()
.setProvider("SC").build(caPublicKey);
try {
if (!certHolder.isSignatureValid(contentVerifierProvider)) {
System.err.println("signature invalid");
} else {
System.out.println("isSignatureValid");
}
} catch (CertException e) {
System.err.println("CertException");
e.printStackTrace();
}
return c;
}
private static boolean isEqual(PublicKey publicKey1, PublicKey publicKey2) {
byte[] pub1 = publicKey1.getEncoded();
byte[] pub2 = publicKey2.getEncoded();
if (pub1.length != pub2.length) {
return false;
}
for (int i = 0; i < pub1.length; i++) {
if (pub1[i] != pub2[i]) {
return false;
}
}
return true;
}
//签名demo
private static X509Certificate sign(X500Principal subject, PublicKey pubKey,
X500Principal issuer, PrivateKey caKey,
Date begin, Date ends)
throws GeneralSecurityException, OperatorCreationException {
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(issuer,
BigInteger.valueOf(System.currentTimeMillis()), begin, ends, subject, pubKey);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withECDSA").build(caKey);//.setProvider("SC").build(caKey);
X509CertificateHolder certHolder = certificateBuilder.build(signer);
X509Certificate c = new JcaX509CertificateConverter().getCertificate(certHolder);//.setProvider("SC").getCertificate(certHolder);
return c;
}
}
分享到:
发表评论
相关推荐
在本文中,我们将深入探讨如何在C#环境中利用BouncyCastle.Crypto库1.8.10版本实现中国的国家标准密码算法,包括SM2、SM3和SM4。这些算法在中国的网络安全和数据保护中扮演着关键角色,为本地化安全应用提供了强大的...
BouncyCastle是一个强大的Java安全库,它为加密、数字签名、证书处理以及许多其他安全功能提供了全面的支持。在Android开发中,BouncyCastle扮演着重要角色,特别是在处理SSL/TLS连接、加密通信以及生成和验证X.509...
**Bouncy Castle简介** Bouncy Castle是一个开源的Java加密库,提供了广泛的加密算法、协议实现以及相关的工具。这个jar包是专门为Java开发者设计的,它弥补了Java标准加密API(如JCE)在某些功能上的不足,使得...
BouncyCastle.dll 是一个在C#环境中广泛使用的开源加密库,它为.NET Framework提供了一整套强大的加密功能。这个库是基于Bouncy Castle项目,这是一个跨平台的Java和.NET加密库,提供了各种加密算法、密码协议和PKI...
1. **加密算法支持**:BouncyCastle.Crypto.dll 提供了多种加密算法的实现,包括对称加密(如AES、Blowfish、DES)、非对称加密(如RSA、DSA、ECDSA)、哈希函数(如SHA-1、SHA-256、MD5)和消息认证码(MAC)。...
** org.bouncycastle 加密算法包详解 ** `org.bouncycastle` 是一个开源的 Java 库,专门用于实现各种加密算法和相关的安全服务。它提供了广泛的加密功能,包括对称和非对称加密、数字签名、哈希函数、证书管理、...
在这个集合包中,我们找到了四个不同版本的BouncyCastle相关jar文件,分别如下: 1. **bcprov-jdk16-1.46.jar**:这是BouncyCastle的主要提供者包,主要用于Java平台。"bcprov"代表BouncyCastle Provider,"jdk16...
《BouncyCastle.Crypto.dll:理解.NET平台的加密利器》 在网络安全日益重要的今天,加密技术扮演了至关重要的角色。BouncyCastle库是Java和.NET平台上广泛使用的加密库之一,而"BouncyCastle.Crypto.dll"正是.NET...
2. **广泛的密码学算法**:BouncyCastle 支持众多加密算法,如AES、DES、3DES、Blowfish、RSA、DSA、ECDSA等,还包括哈希函数如SHA-1、SHA-256、MD5等,以及消息认证码(MAC)和伪随机数生成器(PRNG)。 3. **PKCS...
《BouncyCastle1.59帮助文档:深入理解与CHM制作详解》 BouncyCastle,作为Java和.NET平台上广泛使用的开源加密库,为开发者提供了丰富的加密算法、密码学标准接口以及证书处理功能。这份“BouncyCastle1.59帮助...
Bouncy Castle 支持多种加密算法,包括对称加密(如 AES、DES、3DES)、非对称加密(RSA、DSA、ECDSA)、哈希函数(MD5、SHA-1、SHA-256 及以上)、消息认证码(MAC)等。这些算法的实现使得开发人员能够灵活选择...
《BouncyCastle.Crypto.dll:理解与应用》 在信息技术领域,加密库是保障数据安全的重要工具,而BouncyCastle.Crypto.dll就是这样一个强大的加密库,尤其在.NET框架下广泛被开发者所使用。BouncyCastle项目,作为一...
在Java中,Bouncy Castle的`org.bouncycastle.jce.provider.BouncyCastleProvider`提供了一个强大的安全提供者,可以用来生成和管理RSA密钥对。在生成密钥对后,可以将其导出为PEM格式的字符串,如以下代码所示: `...
1. 数字证书处理:BouncyCastle.Crypto.dll可以帮助开发者创建、解析和验证X.509数字证书,这对于构建安全的HTTPS服务器、电子邮件系统和Pki(Public Key Infrastructure)系统至关重要。 2. 加密通信:在实现安全...
《深入解析org.bouncycastle:Java安全加密与证书权威库》 在Java开发中,安全性是不可或缺的一部分,尤其是在处理敏感数据、网络通信以及数字签名时。`org.bouncycastle`库是一个强大的开源加密库,为Java开发者...
本文将详细讲解如何使用C#语言和BouncyCastle库来实现带原文数据的PKCS#7签名。 PKCS#7(Public-Key Cryptography Standards #7)是由RSA Security提出的一种标准,它定义了证书、证书撤销列表(CRL)的格式以及...
利用BouncyCastle解析SM2证书国密证书测试程序,源码直接可用