本文整理汇总了Java中org.bouncycastle.asn1.x509.BasicConstraints类的典型用法代码示例。如果您正苦于以下问题:Java BasicConstraints类的具体用法?Java BasicConstraints怎么用?Java BasicConstraints使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
BasicConstraints类属于org.bouncycastle.asn1.x509包,在下文中一共展示了BasicConstraints类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: makeCertificate
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509Certificate makeCertificate(KeyPair _subKP,
String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
throws Exception
{
PublicKey _subPub = _subKP.getPublic();
PrivateKey _issPriv = _issKP.getPrivate();
PublicKey _issPub = _issKP.getPublic();
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.reset();
_v3CertGen.setSerialNumber(allocateSerialNumber());
_v3CertGen.setIssuerDN(new X509Name(_issDN));
_v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
_v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * 100)));
_v3CertGen.setSubjectDN(new X509Name(_subDN));
_v3CertGen.setPublicKey(_subPub);
_v3CertGen.setSignatureAlgorithm(algorithm);
_v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
_v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
X509Certificate _cert = _v3CertGen.generate(_issPriv);
_cert.checkValidity(new Date());
_cert.verify(_issPub);
return _cert;
}
示例2: generateSignedCertificate
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private X509Certificate generateSignedCertificate(
PKCS10CertificationRequest csr) throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeyException,
CertificateParsingException, CertificateEncodingException,
SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(rootCert.getSubjectX500Principal());
Calendar c = Calendar.getInstance();
certGen.setNotBefore(c.getTime());
c.add(Calendar.YEAR, 1);
certGen.setNotAfter(c.getTime());
certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
certGen.setPublicKey(csr.getPublicKey("BC"));
certGen.setSignatureAlgorithm(ALGORITHM_SHA256_RSA);
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(rootCert.getPublicKey()));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
X509Certificate issuedCert = certGen.generate(rootPrivateKeyEntry
.getPrivateKey());
return issuedCert;
}
示例3: makeCertificate
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509CertificateHolder makeCertificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN, boolean _ca)
throws IOException, OperatorCreationException
{
RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic();
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
new X500Name(_issDN),
allocateSerialNumber(),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
new X500Name(_subDN),
new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()))
);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate());
v3CertGen.addExtension(
X509Extension.basicConstraints,
false,
new BasicConstraints(_ca));
return v3CertGen.build(sigGen);
}
示例4: createSelfSignedSSLKeyPair
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) {
try {
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY;
org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName);
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey);
JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey));
certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true));
addASN1AndKeyUsageExtensions(certificateBuilder);
X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);
return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert});
} catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
}
}
示例5: getBasicConstraintsStringValue
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
/**
* Get Basic Constraints (2.5.29.19) extension value as a string.
*
* <pre>
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
* </pre>
*
* @param bValue The octet string value
* @return Extension value as a string
* @throws IOException If an I/O problem occurs
*/
private String getBasicConstraintsStringValue(byte[] bValue)
throws IOException
{
BasicConstraints bc = BasicConstraints.getInstance(bValue);
StringBuilder strBuff = new StringBuilder();
strBuff.append(RB.getString(bc.isCA() ? "SubjectIsCa" : "SubjectIsNotCa"));
strBuff.append("<br><br>");
BigInteger pathLen = bc.getPathLenConstraint();
if (pathLen != null)
{
strBuff.append(MessageFormat.format(RB.getString("PathLengthConstraint"), pathLen));
}
return strBuff.toString();
}
示例6: createSelfSignedCertificate
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
throws OperatorCreationException, CertIOException, CertificateException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
}
示例7: createSelfSignedCertificate
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
throws IOException, CertificateException, OperatorCreationException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
GeneralNames generalNames = new GeneralNames(
config.zookeeperserver().stream()
.map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
.toArray(GeneralName[]::new));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
.addExtension(Extension.subjectAlternativeName, false, generalNames);
return new JcaX509CertificateConverter()
.setProvider(provider)
.getCertificate(certificateBuilder.build(contentSigner));
}
示例8: getSignedByIssuer_generatesACertificateWithTheRightValues
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
@Test
public void getSignedByIssuer_generatesACertificateWithTheRightValues() throws Exception {
X509Certificate generatedCertificate = subject
.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters,
certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate());
assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=ca DN"));
assertThat(generatedCertificate.getIssuerDN().getName(), containsString("O=credhub"));
assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337l)));
assertThat(generatedCertificate.getNotBefore().toString(), equalTo(Date.from(now.toInstant()).toString()));
assertThat(generatedCertificate.getNotAfter().toString(), equalTo(Date.from(later.toInstant()).toString()));
assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name"));
assertThat(generatedCertificate.getPublicKey(), equalTo(generatedCertificateKeyPair.getPublic()));
assertThat(generatedCertificate.getSigAlgName(), equalTo("SHA256WITHRSA"));
generatedCertificate.verify(issuerKey.getPublic());
byte[] isCaExtension = generatedCertificate.getExtensionValue(Extension.basicConstraints.getId());
assertThat(Arrays.copyOfRange(isCaExtension, 2, isCaExtension.length),
equalTo(new BasicConstraints(true).getEncoded()));
}
示例9: build
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
@Override
public RootCertificate build() {
signer.addExtension(KeyUsageExtension.create(
KeyUsage.KEY_CERT_SIGN,
KeyUsage.CRL_SIGN));
if (crlUri != null) {
signer.addExtension(CrlDistPointExtension.create(crlUri));
}
// This is a CA
signer.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
final X509Certificate rootCertificate = signer.sign().getX509Certificate();
return new RootCertificateImpl(rootCertificate, pair.getPrivate());
}
示例10: X509V3CertRequest
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public X509V3CertRequest(
final X500Principal issuerPrincipal,
final BigInteger serialNumber,
final Instant notBefore,
final Instant notAfter,
@NonNull final X500Principal subjectPrincipal,
@NonNull final PublicKey subjectPublicKey,
@NonNull final Collection<X509CertExtension> extensions,
@NonNull final BasicConstraints basicConstraints
) {
super(issuerPrincipal, serialNumber, notBefore, notAfter);
checkConstraints(extensions);
this.subjectPrincipal = subjectPrincipal;
this.subjectPublicKey = subjectPublicKey;
this.extensions = augmentExtensions(extensions, subjectPublicKey, X509CertExtension.basicConstraints(basicConstraints));
}
示例11: CAIssuedX509V3CertRequest
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public CAIssuedX509V3CertRequest(
@NonNull final X509Certificate caCert,
@NonNull final BigInteger serialNumber,
@NonNull final Instant notBefore,
@NonNull final Instant notAfter,
@NonNull final X500Principal subjectPrincipal,
@NonNull final PublicKey subjectPublicKey,
@NonNull final Collection<X509CertExtension> extensions,
@NonNull final BasicConstraints basicConstraints
) {
checkArgs(caCert, extensions);
this.x509V3CertRequest = new X509V3CertRequest(
caCert.getSubjectX500Principal(),
serialNumber,
notBefore,
notAfter,
subjectPrincipal,
subjectPublicKey,
augmentExtensions(extensions, caCert),
basicConstraints
);
}
示例12: SelfSignedX509V3CertRequest
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public SelfSignedX509V3CertRequest(
final X500Principal issuerPrincipal,
final BigInteger serialNumber,
final Instant notBefore,
final Instant notAfter,
@NonNull final KeyPair keyPair,
@NonNull final Collection<X509CertExtension> extensions,
@NonNull final BasicConstraints basicConstraints
) {
this.x509V3CertRequest = new X509V3CertRequest(
issuerPrincipal,
serialNumber,
notBefore,
notAfter,
issuerPrincipal,
keyPair.getPublic(),
extensions,
basicConstraints
);
this.privateKey = keyPair.getPrivate();
}
示例13: caCert
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
private CaCert caCert() throws NoSuchAlgorithmException, NoSuchProviderException {
final DistinguishedName issuer = issuer();
final X500Principal issuerPrincipal = issuer.toX500Principal();
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE);
final KeyPair certKeyPair = keyPairGenerator.generateKeyPair();
final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder()
.add(keyUsage(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)))
.build();
final SelfSignedX509V3CertRequest selfSignedRequest = new SelfSignedX509V3CertRequest(
issuerPrincipal,
BigInteger.ONE,
Instant.now(),
Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)),
certKeyPair,
x509CertExtensions,
new BasicConstraints(Integer.MAX_VALUE)
);
return new CaCert(certificateService.generateSelfSignedX509CertificateV3(selfSignedRequest), certKeyPair.getPrivate());
}
示例14: createIntmedCert
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
/**
* intermediate cert
*/
private X509Certificate createIntmedCert(
PublicKey pubKey,
PrivateKey caPrivKey,
PublicKey caPubKey,
CertificatePolicies policies,
Hashtable policyMap)
throws Exception
{
String issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
String subject = "C=JP, O=policyMappingAdditionalTest, OU=intmedCA";
v3CertGen.reset();
v3CertGen.setSerialNumber(BigInteger.valueOf(20));
v3CertGen.setIssuerDN(new X509Principal(issuer));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
v3CertGen.setSubjectDN(new X509Principal(subject));
v3CertGen.setPublicKey(pubKey);
v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
v3CertGen.addExtension(X509Extensions.CertificatePolicies, true, policies);
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
v3CertGen.addExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap));
X509Certificate cert = v3CertGen.generate(caPrivKey);
return cert;
}
示例15: generateIntermediateCert
import org.bouncycastle.asn1.x509.BasicConstraints; //导入依赖的package包/类
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
certGen.setPublicKey(intKey);
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return certGen.generate(caKey, "BC");
}