本文整理汇总了Java中org.bouncycastle.asn1.pkcs.CertificationRequest类的典型用法代码示例。如果您正苦于以下问题:Java CertificationRequest类的具体用法?Java CertificationRequest怎么用?Java CertificationRequest使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CertificationRequest类属于org.bouncycastle.asn1.pkcs包,在下文中一共展示了CertificationRequest类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: execute0
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
@Override
protected Object execute0() throws Exception {
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
String sigAlgo = AlgorithmUtil.getSignatureAlgoName(csr.getSignatureAlgorithm());
boolean bo = securityFactory.verifyPopo(csr, null);
String txt = bo ? "valid" : "invalid";
println("The POP is " + txt + " (signature algorithm " + sigAlgo + ").");
return null;
}
示例2: pkcs10Test
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public TestResult pkcs10Test(
String testName,
byte[] req)
{
try
{
ByteArrayInputStream bIn = new ByteArrayInputStream(req);
ASN1InputStream aIn = new ASN1InputStream(bIn);
CertificationRequest r = new CertificationRequest((ASN1Sequence)aIn.readObject());
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(r.toASN1Primitive());
byte[] bytes = bOut.toByteArray();
if (bytes.length != req.length)
{
return new SimpleTestResult(false, getName() + ": " + testName + " failed length test");
}
for (int i = 0; i != req.length; i++)
{
if (bytes[i] != req[i])
{
return new SimpleTestResult(false, getName() + ": " + testName + " failed comparison test");
}
}
}
catch (Exception e)
{
return new SimpleTestResult(false, getName() + ": Exception - " + testName + " " + e.toString());
}
return new SimpleTestResult(true, getName() + ": Okay");
}
示例3: checkCsr
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public void checkCsr(CertificationRequest csr) throws OperationException {
ParamUtil.requireNonNull("csr", csr);
if (!caManager.securityFactory().verifyPopo(
csr, cmpControl().popoAlgoValidator())) {
LOG.warn("could not validate POP for the pkcs#10 requst");
throw new OperationException(ErrorCode.BAD_POP);
}
}
示例4: BcPKCS10CertificationRequest
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public BcPKCS10CertificationRequest(CertificationRequest certificationRequest)
{
super(certificationRequest);
}
示例5: JcaPKCS10CertificationRequest
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public JcaPKCS10CertificationRequest(CertificationRequest certificationRequest)
{
super(certificationRequest);
}
示例6: getBodyForType
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
private static ASN1Encodable getBodyForType(
int type,
ASN1Encodable o)
{
switch (type)
{
case TYPE_INIT_REQ:
return CertReqMessages.getInstance(o);
case TYPE_INIT_REP:
return CertRepMessage.getInstance(o);
case TYPE_CERT_REQ:
return CertReqMessages.getInstance(o);
case TYPE_CERT_REP:
return CertRepMessage.getInstance(o);
case TYPE_P10_CERT_REQ:
return CertificationRequest.getInstance(o);
case TYPE_POPO_CHALL:
return POPODecKeyChallContent.getInstance(o);
case TYPE_POPO_REP:
return POPODecKeyRespContent.getInstance(o);
case TYPE_KEY_UPDATE_REQ:
return CertReqMessages.getInstance(o);
case TYPE_KEY_UPDATE_REP:
return CertRepMessage.getInstance(o);
case TYPE_KEY_RECOVERY_REQ:
return CertReqMessages.getInstance(o);
case TYPE_KEY_RECOVERY_REP:
return KeyRecRepContent.getInstance(o);
case TYPE_REVOCATION_REQ:
return RevReqContent.getInstance(o);
case TYPE_REVOCATION_REP:
return RevRepContent.getInstance(o);
case TYPE_CROSS_CERT_REQ:
return CertReqMessages.getInstance(o);
case TYPE_CROSS_CERT_REP:
return CertRepMessage.getInstance(o);
case TYPE_CA_KEY_UPDATE_ANN:
return CAKeyUpdAnnContent.getInstance(o);
case TYPE_CERT_ANN:
return CMPCertificate.getInstance(o);
case TYPE_REVOCATION_ANN:
return RevAnnContent.getInstance(o);
case TYPE_CRL_ANN:
return CRLAnnContent.getInstance(o);
case TYPE_CONFIRM:
return PKIConfirmContent.getInstance(o);
case TYPE_NESTED:
return PKIMessages.getInstance(o);
case TYPE_GEN_MSG:
return GenMsgContent.getInstance(o);
case TYPE_GEN_REP:
return GenRepContent.getInstance(o);
case TYPE_ERROR:
return ErrorMsgContent.getInstance(o);
case TYPE_CERT_CONFIRM:
return CertConfirmContent.getInstance(o);
case TYPE_POLL_REQ:
return PollReqContent.getInstance(o);
case TYPE_POLL_REP:
return PollRepContent.getInstance(o);
default:
throw new IllegalArgumentException("unknown tag number: " + type);
}
}
示例7: verifyPopo
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
@Override
public boolean verifyPopo(CertificationRequest csr, AlgorithmValidator algoValidator) {
return verifyPopo(new PKCS10CertificationRequest(csr), algoValidator);
}
示例8: parseCSR
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public PKCS10CertificationRequest parseCSR(Reader pem) throws IOException{
PEMParser reader = new PEMParser(pem);
PKCS10CertificationRequest csr = new PKCS10CertificationRequest((CertificationRequest) reader.readObject());
reader.close();
return csr;
}
示例9: signCSR
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
/**
* Given a Keystore containing a private key and certificate and a Reader
* containing a PEM-encoded Certificiate Signing Request (CSR), sign the CSR
* with that private key and return the signed certificate as a PEM-encoded
* PKCS#7 signedData object. The returned value can be written to a file and
* imported into a Java KeyStore with "keytool -import -trustcacerts -alias
* subjectalias -file file.pem"
*
* @param pemcsr
* a Reader from which will be read a PEM-encoded CSR (begins
* "-----BEGIN NEW CERTIFICATE REQUEST-----")
* @param validity
* the number of days to sign the Certificate for
*
* @return a String containing the PEM-encoded signed Certificate (begins
* "-----BEGIN PKCS #7 SIGNED DATA-----")
*/
public String signCSR(Reader pemcsr, int validity)
throws Exception {
PEMParser reader = new PEMParser(pemcsr);
PKCS10CertificationRequest csr = new PKCS10CertificationRequest((CertificationRequest) reader.readObject());
reader.close();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
X500Name issuer = caname;
BigInteger serial = new BigInteger(32, new SecureRandom());
Date from = new Date();
Date to = new Date(System.currentTimeMillis() + (validity * 86400000L));
X509v3CertificateBuilder certgen = new X509v3CertificateBuilder(issuer, serial, from, to, csr.getSubject(),
csr.getSubjectPublicKeyInfo());
certgen.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
certgen.addExtension(Extension.subjectKeyIdentifier, false,
new SubjectKeyIdentifier(csr.getSubjectPublicKeyInfo().getEncoded()));
certgen.addExtension(Extension.authorityKeyIdentifier, false,
new AuthorityKeyIdentifier(
new GeneralNames(new GeneralName(new X500Name(cacert.getSubjectX500Principal().getName()))),
cacert.getSerialNumber()));
ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
.build(PrivateKeyFactory.createKey(cakey.getEncoded()));
X509CertificateHolder holder = certgen.build(signer);
byte[] certencoded = holder.toASN1Structure().getEncoded();
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
signer = new JcaContentSignerBuilder("SHA1withRSA").build(cakey);
generator.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(signer,
cacert));
generator.addCertificate(new X509CertificateHolder(certencoded));
generator.addCertificate(new X509CertificateHolder(cacert.getEncoded()));
CMSTypedData content = new CMSProcessableByteArray(certencoded);
CMSSignedData signeddata = generator.generate(content, true);
StringBuilder builder = new StringBuilder();
builder.append("-----BEGIN PKCS #7 SIGNED DATA-----\n");
builder.append(Base64.getEncoder().encodeToString(signeddata.getEncoded()));
builder.append("\n-----END PKCS #7 SIGNED DATA-----\n");
return builder.toString();
}
示例10: execute0
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
@Override
protected Object execute0() throws Exception {
Set<String> issuerNames = qaSystemManager.issuerNames();
if (isEmpty(issuerNames)) {
throw new IllegalCmdParamException("no issuer is configured");
}
if (issuerName == null) {
if (issuerNames.size() != 1) {
throw new IllegalCmdParamException("no issuer is specified");
}
issuerName = issuerNames.iterator().next();
}
if (!issuerNames.contains(issuerName)) {
throw new IllegalCmdParamException("issuer " + issuerName
+ " is not within the configured issuers " + issuerNames);
}
X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
if (qa == null) {
throw new IllegalCmdParamException("found no certificate profile named '"
+ profileName + "'");
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Extensions extensions = null;
CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
ASN1Set attrs = reqInfo.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
byte[] certBytes = IoUtil.read(certFile);
ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(),
reqInfo.getSubjectPublicKeyInfo(), extensions);
StringBuilder sb = new StringBuilder();
sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
sb.append("\tcertificate is ");
sb.append(result.isAllSuccessful() ? "valid" : "invalid");
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.validationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("certificate is invalid");
}
return null;
}
示例11: processP10cr
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
/**
* handle the PKI body with the choice {@code p10cr}<br/>
* Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
* profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
* PKIHeader.generalInfo
*
*/
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor,
ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr,
CmpControl cmpControl, String msgId, AuditEvent event) {
// verify the POP first
CertResponse certResp;
ASN1Integer certReqId = new ASN1Integer(-1);
boolean certGenerated = false;
X509Ca ca = getCa();
if (!securityFactory.verifyPopo(p10cr, getCmpControl().popoAlgoValidator())) {
LOG.warn("could not validate POP for the pkcs#10 requst");
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
} else {
CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
Extensions extensions = CaUtil.getExtensions(certTemp);
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
String certprofileName = null;
Date notBefore = null;
Date notAfter = null;
if (keyvalues != null) {
certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERT_PROFILE);
String str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_BEFORE);
if (str != null) {
notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_AFTER);
if (str != null) {
notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
}
if (certprofileName == null) {
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate,
"badCertTemplate", null);
} else {
certprofileName = certprofileName.toUpperCase();
if (!requestor.isCertProfilePermitted(certprofileName)) {
String msg = "certprofile " + certprofileName + " is not allowed";
certResp = buildErrorCertResponse(certReqId,
PKIFailureInfo.notAuthorized, msg);
} else {
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo,
notBefore, notAfter, extensions, certprofileName);
certResp = generateCertificates(Arrays.asList(certTemplateData),
Arrays.asList(certReqId), requestor, tid, false, request,
cmpControl, msgId, event).get(0);
certGenerated = true;
}
}
}
CMPCertificate[] caPubs = null;
if (certGenerated && cmpControl.sendCaCert()) {
caPubs = new CMPCertificate[]{ca.caInfo().certInCmpFormat()};
}
CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[]{certResp});
return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
示例12: testLeaveOffEmpty
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
public void testLeaveOffEmpty()
throws Exception
{
KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
PublicKey pubKey = keyFact.generatePublic(pubKeySpec);
PrivateKey privKey = keyFact.generatePrivate(privKeySpec);
PKCS10CertificationRequestBuilder pkcs10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=Test"), pubKey);
PKCS10CertificationRequest request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
assertEquals(0, request.getAttributes().length);
assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
pkcs10Builder.setLeaveOffEmptyAttributes(true);
request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
assertEquals(0, request.getAttributes().length);
assertNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
pkcs10Builder.setLeaveOffEmptyAttributes(false);
request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
assertEquals(0, request.getAttributes().length);
assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
}
示例13: PKCS10CertificationRequest
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
/**
* Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
*
* @param certificationRequest the underlying ASN.1 structure representing a request.
*/
public PKCS10CertificationRequest(CertificationRequest certificationRequest)
{
this.certificationRequest = certificationRequest;
}
示例14: toASN1Structure
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
/**
* Return the underlying ASN.1 structure for this request.
*
* @return a CertificateRequest object.
*/
public CertificationRequest toASN1Structure()
{
return certificationRequest;
}
示例15: verifyPopo
import org.bouncycastle.asn1.pkcs.CertificationRequest; //导入依赖的package包/类
/**
* Verifies the signature of CSR.
*
* @param csr
* CSR to be verified. Must not be {@code null}.
* @param algoValidator
* Signature algorithms validator. <code>null</code> to accept all algorithms
* @return <code>true</code> if the signature is valid and the signature algorithm is accepted,
* <code>false</code> otherwise.
*/
boolean verifyPopo(CertificationRequest csr, AlgorithmValidator algoValidator);