import java.nio.Buffer;

/**
 * @author TBear
 *
 */
import java.awt.TexturePaintContext.Byte;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException
import java.security.cert.X509Certificate;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.ASN1encodableVector;
import org.bouncycastle.asn1.DERBitString
import org.bouncycastle.asn1.DERInteger
import org.bouncycastle.asn1.DERSequence
import org.bouncycastle.asn1.DERUTCTime
import org.bouncycastle.asn1.x509.AlgorithmIdentifier
import org.bouncycastle.asn1.x509.BasicConstraints
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator
import org.bouncycastle.asn1.x509.X509CertificateStructure
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import org.bouncycastle.asn1.x509.X509Name
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.jce.provider.X509CertificateObject
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import com.itrus.raapi.info.CertInfo;

public class CertService{
	
	public static void main(String[] args) 
	{
		X509CertificateObject certificate =  genSM2_Cert();
		byte[] buffer  = certificate.getEncoded();
		bufferedoutputstream outputStream = new bufferedoutputstream(new FileOutputStream(new File('E:/abc.cer')));
		outputStream.write buffer;
		outputStream.flush();
		outputStream.close();
		
	}

	//X509CertificateObject
	static X509CertificateObject genSM2_Cert() throws CertificateParsingException{
		
		long currTime = new Date().getTime();
		String issuerDN = "cn=ibm";
		String subjectDN = "cn=ibm";
		int vday = 10;
		//证书生成
		V3TBSCertificateGenerator v3CertGen = new V3TBSCertificateGenerator();
		//系列号
		DERInteger serialNumber = new DERInteger(BigInteger.valueOf(currTime));
		v3CertGen.setSerialNumber(serialNumber);
		//发行人
		v3CertGen.setIssuer(new X509Name(issuerDN));
		//开始时间和结束时间
		v3CertGen.setStartDate(new DERUTCTime(new Date(currTime)));
		v3CertGen.setEndDate(new DERUTCTime(new Date(currTime + vday*24*60*60*1000)));
		//主题
		v3CertGen.setSubject(new X509Name(subjectDN));
		//签名算法
		AlgorithmIdentifier  algSign = new AlgorithmIdentifier("1.2.156.197.1.501");
		v3CertGen.setSignature(algSign);
		//公钥算法
		AlgorithmIdentifier algKey = new AlgorithmIdentifier("1.2.156.197.1.301");
		byte[] pubData = new byte[65];
		pubData[0] = 0;
		
		for(byte i=1;i<pubData.length;i++){
			pubData[i] = i;
		}
		//有公钥算法和签名算法生成公钥信息摘要
		SubjectPublicKeyInfo pubKeyInfo = new SubjectPublicKeyInfo(algKey,pubData);
		v3CertGen.setSubjectPublicKeyInfo(pubKeyInfo);

		byte[] signInfo = new byte[69];
		for(byte i=1;i<pubData.length;i++){
			pubData[i] = i;
		}
		
		X509ExtensionsGenerator extenGen = new X509ExtensionsGenerator();
		//extenGen.addExtension(paramDERObjectIdentifier,paramBoolean,paramArrayOfByte);
		X509Extensions exten = extenGen.generate();
		v3CertGen.setExtensions(exten);
		
		
		
		ASN1encodableVector asn1encodablevector = new ASN1encodableVector();
		asn1encodablevector.add(v3CertGen.generateTBSCertificate());
		asn1encodablevector.add(algSign);
		asn1encodablevector.add(new DERBitString(signInfo));
		return new X509CertificateObject(new X509CertificateStructure(new DERSequence(asn1encodablevector)));

	}

	
}

 注意最终的输出流必须用bufferedoutputstream；其他的流写不出！