当前位置: 首页>>代码示例>>Java>>正文


Java BasicConstraints类代码示例

本文整理汇总了Java中org.bouncycastle.asn1.x509.BasicConstraints的典型用法代码示例。如果您正苦于以下问题:Java BasicConstraints类的具体用法?Java BasicConstraints怎么用?Java BasicConstraints使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


BasicConstraints类属于org.bouncycastle.asn1.x509包,在下文中一共展示了BasicConstraints类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: makeCertificate

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509Certificate makeCertificate(KeyPair _subKP,
        String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
        throws Exception
{

    PublicKey _subPub = _subKP.getPublic();
    PrivateKey _issPriv = _issKP.getPrivate();
    PublicKey _issPub = _issKP.getPublic();

    X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();

    _v3CertGen.reset();
    _v3CertGen.setSerialNumber(allocateSerialNumber());
    _v3CertGen.setIssuerDN(new X509Name(_issDN));
    _v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
    _v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
            + (1000L * 60 * 60 * 24 * 100)));
    _v3CertGen.setSubjectDN(new X509Name(_subDN));
    _v3CertGen.setPublicKey(_subPub);
    _v3CertGen.setSignatureAlgorithm(algorithm);

    _v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            createSubjectKeyId(_subPub));

    _v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            createAuthorityKeyId(_issPub));

    _v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
            new BasicConstraints(_ca));

    X509Certificate _cert = _v3CertGen.generate(_issPriv);

    _cert.checkValidity(new Date());
    _cert.verify(_issPub);

    return _cert;
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:38,代码来源:OCSPTestUtil.java

示例2: generateSignedCertificate

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private X509Certificate generateSignedCertificate(
        PKCS10CertificationRequest csr) throws NoSuchAlgorithmException,
        NoSuchProviderException, InvalidKeyException,
        CertificateParsingException, CertificateEncodingException,
        SignatureException {

    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(rootCert.getSubjectX500Principal());
    Calendar c = Calendar.getInstance();
    certGen.setNotBefore(c.getTime());
    c.add(Calendar.YEAR, 1);
    certGen.setNotAfter(c.getTime());
    certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
    certGen.setPublicKey(csr.getPublicKey("BC"));
    certGen.setSignatureAlgorithm(ALGORITHM_SHA256_RSA);
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(rootCert.getPublicKey()));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
    certGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    X509Certificate issuedCert = certGen.generate(rootPrivateKeyEntry
            .getPrivateKey());
    return issuedCert;
}
 
开发者ID:servicecatalog,项目名称:oscm,代码行数:30,代码来源:CertificateHandler.java

示例3: makeCertificate

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509CertificateHolder makeCertificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN, boolean _ca)
    throws IOException, OperatorCreationException
{
    RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic();

    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
        new X500Name(_issDN),
        allocateSerialNumber(),
        new Date(System.currentTimeMillis()),
        new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
        new X500Name(_subDN),
        new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()))
    );

    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

    ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate());

    v3CertGen.addExtension(
        X509Extension.basicConstraints,
        false,
        new BasicConstraints(_ca));

    return v3CertGen.build(sigGen);
}
 
开发者ID:ttt43ttt,项目名称:gwt-crypto,代码行数:27,代码来源:CMSTestUtil.java

示例4: createSelfSignedSSLKeyPair

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) {

        try {
            BigInteger serial = BigInteger.valueOf(new Random().nextInt());
            long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY;

            org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName);
            JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey);
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey));

            certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true));

            addASN1AndKeyUsageExtensions(certificateBuilder);

            X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);

            return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert});

        } catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
            throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
        }
    }
 
开发者ID:kodokojo,项目名称:kodokojo,代码行数:24,代码来源:SSLUtils.java

示例5: getBasicConstraintsStringValue

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
/**
 * Get Basic Constraints (2.5.29.19) extension value as a string.
 * 
 * <pre>
 * BasicConstraints ::= SEQUENCE {
 *     cA                      BOOLEAN DEFAULT FALSE,
 *     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 * </pre>
 * 
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getBasicConstraintsStringValue(byte[] bValue)
    throws IOException
{
	BasicConstraints bc = BasicConstraints.getInstance(bValue);
	StringBuilder strBuff = new StringBuilder();

	strBuff.append(RB.getString(bc.isCA() ? "SubjectIsCa" : "SubjectIsNotCa"));
	strBuff.append("<br><br>");

	BigInteger pathLen = bc.getPathLenConstraint();
	if (pathLen != null)
	{
		strBuff.append(MessageFormat.format(RB.getString("PathLengthConstraint"), pathLen));
	}

	return strBuff.toString();
}
 
开发者ID:gavioto,项目名称:portecle,代码行数:31,代码来源:X509Ext.java

示例6: createSelfSignedCertificate

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
        throws OperatorCreationException, CertIOException, CertificateException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ identity.getFullName());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

    return new JcaX509CertificateConverter()
            .setProvider(new BouncyCastleProvider())
            .getCertificate(certificateBuilder.build(contentSigner));

}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:20,代码来源:AthenzIdentityVerifierTest.java

示例7: createSelfSignedCertificate

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
        throws IOException, CertificateException, OperatorCreationException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    GeneralNames generalNames = new GeneralNames(
            config.zookeeperserver().stream()
                    .map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
                    .toArray(GeneralName[]::new));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
                    .addExtension(Extension.subjectAlternativeName, false, generalNames);

    return new JcaX509CertificateConverter()
            .setProvider(provider)
            .getCertificate(certificateBuilder.build(contentSigner));
}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:25,代码来源:AthenzSslTrustStoreConfigurator.java

示例8: getSignedByIssuer_generatesACertificateWithTheRightValues

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
@Test
public void getSignedByIssuer_generatesACertificateWithTheRightValues() throws Exception {
  X509Certificate generatedCertificate = subject
      .getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters,
          certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate());

  assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=ca DN"));
  assertThat(generatedCertificate.getIssuerDN().getName(), containsString("O=credhub"));

  assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337l)));
  assertThat(generatedCertificate.getNotBefore().toString(), equalTo(Date.from(now.toInstant()).toString()));
  assertThat(generatedCertificate.getNotAfter().toString(), equalTo(Date.from(later.toInstant()).toString()));
  assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name"));
  assertThat(generatedCertificate.getPublicKey(), equalTo(generatedCertificateKeyPair.getPublic()));
  assertThat(generatedCertificate.getSigAlgName(), equalTo("SHA256WITHRSA"));
  generatedCertificate.verify(issuerKey.getPublic());

  byte[] isCaExtension = generatedCertificate.getExtensionValue(Extension.basicConstraints.getId());
  assertThat(Arrays.copyOfRange(isCaExtension, 2, isCaExtension.length),
      equalTo(new BasicConstraints(true).getEncoded()));
}
 
开发者ID:cloudfoundry-incubator,项目名称:credhub,代码行数:22,代码来源:SignedCertificateGeneratorTest.java

示例9: build

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
@Override
public RootCertificate build() {
  signer.addExtension(KeyUsageExtension.create(
      KeyUsage.KEY_CERT_SIGN,
      KeyUsage.CRL_SIGN));

  if (crlUri != null) {
    signer.addExtension(CrlDistPointExtension.create(crlUri));
  }

  // This is a CA
  signer.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));

  final X509Certificate rootCertificate = signer.sign().getX509Certificate();

  return new RootCertificateImpl(rootCertificate, pair.getPrivate());
}
 
开发者ID:olivierlemasle,项目名称:java-certificate-authority,代码行数:18,代码来源:RootCertificateBuilderImpl.java

示例10: X509V3CertRequest

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public X509V3CertRequest(
        final X500Principal issuerPrincipal,
        final BigInteger serialNumber,
        final Instant notBefore,
        final Instant notAfter,
        @NonNull final X500Principal subjectPrincipal,
        @NonNull final PublicKey subjectPublicKey,
        @NonNull final Collection<X509CertExtension> extensions,
        @NonNull final BasicConstraints basicConstraints
) {
    super(issuerPrincipal, serialNumber, notBefore, notAfter);
    checkConstraints(extensions);
    this.subjectPrincipal = subjectPrincipal;
    this.subjectPublicKey = subjectPublicKey;
    this.extensions = augmentExtensions(extensions, subjectPublicKey, X509CertExtension.basicConstraints(basicConstraints));
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:17,代码来源:X509V3CertRequest.java

示例11: CAIssuedX509V3CertRequest

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public CAIssuedX509V3CertRequest(
        @NonNull final X509Certificate caCert,
        @NonNull final BigInteger serialNumber,
        @NonNull final Instant notBefore,
        @NonNull final Instant notAfter,
        @NonNull final X500Principal subjectPrincipal,
        @NonNull final PublicKey subjectPublicKey,
        @NonNull final Collection<X509CertExtension> extensions,
        @NonNull final BasicConstraints basicConstraints
) {
    checkArgs(caCert, extensions);
    this.x509V3CertRequest = new X509V3CertRequest(
            caCert.getSubjectX500Principal(),
            serialNumber,
            notBefore,
            notAfter,
            subjectPrincipal,
            subjectPublicKey,
            augmentExtensions(extensions, caCert),
            basicConstraints
    );
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:23,代码来源:CAIssuedX509V3CertRequest.java

示例12: SelfSignedX509V3CertRequest

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public SelfSignedX509V3CertRequest(
        final X500Principal issuerPrincipal,
        final BigInteger serialNumber,
        final Instant notBefore,
        final Instant notAfter,
        @NonNull final KeyPair keyPair,
        @NonNull final Collection<X509CertExtension> extensions,
        @NonNull final BasicConstraints basicConstraints
) {
    this.x509V3CertRequest = new X509V3CertRequest(
            issuerPrincipal,
            serialNumber,
            notBefore,
            notAfter,
            issuerPrincipal,
            keyPair.getPublic(),
            extensions,
            basicConstraints
    );
    this.privateKey = keyPair.getPrivate();
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:22,代码来源:SelfSignedX509V3CertRequest.java

示例13: caCert

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private CaCert caCert() throws NoSuchAlgorithmException, NoSuchProviderException {
    final DistinguishedName issuer = issuer();

    final X500Principal issuerPrincipal = issuer.toX500Principal();

    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE);
    final KeyPair certKeyPair = keyPairGenerator.generateKeyPair();

    final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder()
            .add(keyUsage(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)))
            .build();
    final SelfSignedX509V3CertRequest selfSignedRequest = new SelfSignedX509V3CertRequest(
            issuerPrincipal,
            BigInteger.ONE,
            Instant.now(),
            Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)),
            certKeyPair,
            x509CertExtensions,
            new BasicConstraints(Integer.MAX_VALUE)
    );

    return new CaCert(certificateService.generateSelfSignedX509CertificateV3(selfSignedRequest), certKeyPair.getPrivate());
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:24,代码来源:CertificateServiceImplTest.java

示例14: createIntmedCert

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
/**
 * intermediate cert
 */
private X509Certificate createIntmedCert(
    PublicKey           pubKey,
    PrivateKey          caPrivKey,
    PublicKey           caPubKey,
    CertificatePolicies policies,
    Hashtable           policyMap)
    throws Exception
{
    String  issuer  = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
    String  subject = "C=JP, O=policyMappingAdditionalTest, OU=intmedCA";
    v3CertGen.reset();
    v3CertGen.setSerialNumber(BigInteger.valueOf(20));
    v3CertGen.setIssuerDN(new X509Principal(issuer));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
    v3CertGen.setSubjectDN(new X509Principal(subject));
    v3CertGen.setPublicKey(pubKey);
    v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
    v3CertGen.addExtension(X509Extensions.CertificatePolicies, true, policies);
    v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    v3CertGen.addExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap));
    X509Certificate cert = v3CertGen.generate(caPrivKey);
    return cert;
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:28,代码来源:PKIXPolicyMappingTest.java

示例15: generateIntermediateCert

import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
    certGen.setPublicKey(intKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    return certGen.generate(caKey, "BC");
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:21,代码来源:TestUtils.java


注:本文中的org.bouncycastle.asn1.x509.BasicConstraints类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。