本文整理汇总了Java中org.bouncycastle.asn1.x509.ExtendedKeyUsage类的典型用法代码示例。如果您正苦于以下问题:Java ExtendedKeyUsage类的具体用法?Java ExtendedKeyUsage怎么用?Java ExtendedKeyUsage使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
ExtendedKeyUsage类属于org.bouncycastle.asn1.x509包,在下文中一共展示了ExtendedKeyUsage类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createExtendedUsage
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
public static ExtendedKeyUsage createExtendedUsage(Collection<ASN1ObjectIdentifier> usages) {
if (CollectionUtil.isEmpty(usages)) {
return null;
}
List<ASN1ObjectIdentifier> list = new ArrayList<>(usages);
List<ASN1ObjectIdentifier> sortedUsages = sortOidList(list);
KeyPurposeId[] kps = new KeyPurposeId[sortedUsages.size()];
int idx = 0;
for (ASN1ObjectIdentifier oid : sortedUsages) {
kps[idx++] = KeyPurposeId.getInstance(oid);
}
return new ExtendedKeyUsage(kps);
}
示例2: getServerExtensions
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
List<ExtensionHolder> extensions = new ArrayList<>();
// SSO forces us to allow data encipherment
extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature
| KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment)));
extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));
Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
new DEROctetString(new JcaX509ExtensionUtils()
.createAuthorityKeyIdentifier(issuerCertificate)));
extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(),
authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue()));
return extensions;
}
示例3: getExtendedKeyUsageStringValue
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Get Extended Key Usage (2.5.29.37) extension value as a string.
*
* <pre>
* ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
* KeyPurposeId ::= OBJECT IDENTIFIER
* </pre>
*
* @param bValue The octet string value
* @return Extension value as a string
* @throws IOException If an I/O problem occurs
*/
private String getExtendedKeyUsageStringValue(byte[] bValue)
throws IOException
{
StringBuilder strBuff = new StringBuilder();
ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(bValue);
KeyPurposeId[] usages = eku.getUsages();
for (KeyPurposeId usage : usages)
{
if (strBuff.length() != 0)
{
strBuff.append("<br><br>");
}
String sOid = usage.getId();
String sEku = getRes(sOid, "UnrecognisedExtKeyUsageString");
strBuff.append(MessageFormat.format(sEku, sOid));
}
return strBuff.toString();
}
示例4: generateCSR
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
示例5: generateTspCertificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Generate a CertificateToken suitable for a TSA
*
* @param algorithm
* @param keyPair
* @param issuer
* @param subject
* @param notBefore
* @param notAfter
* @return
* @throws OperatorCreationException
* @throws CertificateException
* @throws IOException
*/
private CertificateToken generateTspCertificate(final SignatureAlgorithm algorithm, KeyPair keyPair, X500Name issuer, X500Name subject,
final Date notBefore, final Date notAfter) throws OperatorCreationException, CertificateException, IOException {
final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);
certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME)
.build(keyPair.getPrivate());
final X509CertificateHolder holder = certBuilder.build(signer);
final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
return new CertificateToken(cert);
}
示例6: addRequestedExtKeyusage
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private static void addRequestedExtKeyusage(List<ASN1ObjectIdentifier> usages,
Extensions requestedExtensions, Set<ExtKeyUsageControl> usageOccs) {
Extension extension = requestedExtensions.getExtension(Extension.extendedKeyUsage);
if (extension == null) {
return;
}
ExtendedKeyUsage reqKeyUsage =
ExtendedKeyUsage.getInstance(extension.getParsedValue());
for (ExtKeyUsageControl k : usageOccs) {
if (k.isRequired()) {
continue;
}
if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.extKeyUsage()))) {
usages.add(k.extKeyUsage());
}
}
}
示例7: generateDummySSLClientCertificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private void generateDummySSLClientCertificate(KeyStore ks)
throws Exception
{
LOG.info("Generating a Dummy SSL client certificate ...");
KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength());
String DN = "CN=SSL dummy client cert, O=Dummy org., C=FR";
X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, DN, DN, true,
CertificateUtilities.DEFAULT_VALIDITY_PERIOD);
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient));
v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
X509Certificate cert = v3CertGen.generate(pair.getPrivate());
ks.setKeyEntry(DUMMY_SSL_CLIENT_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {cert});
}
示例8: validateCertificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Validate the passed in certificate as being of the correct type to be used
* for time stamping. To be valid it must have an ExtendedKeyUsage extension
* which has a key purpose identifier of id-kp-timeStamping.
*
* @param cert the certificate of interest.
* @throws TSPValidationException if the certicate fails on one of the check points.
*/
public static void validateCertificate(
X509CertificateHolder cert)
throws TSPValidationException
{
if (cert.toASN1Structure().getVersionNumber() != 3)
{
throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
}
Extension ext = cert.getExtension(Extension.extendedKeyUsage);
if (ext == null)
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
}
if (!ext.isCritical())
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
}
ExtendedKeyUsage extKey = ExtendedKeyUsage.getInstance(ext.getParsedValue());
if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1)
{
throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
}
}
示例9: generateSelfSignedX509Certificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
*
* @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for
* @param dn the distinguished name to user for the {@link X509Certificate}
* @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate}
* @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
* @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
* @throws CertificateException if there is an generating the new certificate
*/
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(dn)),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
| KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例10: generateIssuedCertificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
*
* @param dn the distinguished name to use
* @param publicKey the public key to issue the certificate to
* @param extensions extensions extracted from the CSR
* @param issuer the issuer's certificate
* @param issuerKeyPair the issuer's keypair
* @param signingAlgorithm the signing algorithm to use
* @param days the number of days it should be valid for
* @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
* @throws CertificateException if there is an error issuing the certificate
*/
public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// (3) subjectAlternativeName
if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) {
certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
}
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例11: validateCertificate
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
/**
* Validate the passed in certificate as being of the correct type to be used
* for time stamping. To be valid it must have an ExtendedKeyUsage extension
* which has a key purpose identifier of id-kp-timeStamping.
*
* @param cert the certificate of interest.
* @throws TSPValidationException if the certificate fails on one of the check points.
*/
public static void validateCertificate(
X509CertificateHolder cert)
throws TSPValidationException
{
if (cert.toASN1Structure().getVersionNumber() != 3)
{
throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
}
Extension ext = cert.getExtension(Extension.extendedKeyUsage);
if (ext == null)
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
}
if (!ext.isCritical())
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
}
ExtendedKeyUsage extKey = ExtendedKeyUsage.getInstance(ext.getParsedValue());
if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1)
{
throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
}
}
示例12: getClientExtensions
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private static List<ExtensionHolder> getClientExtensions() {
List<ExtensionHolder> extensions = new ArrayList<>();
extensions.add(new ExtensionHolder(Extension.basicConstraints, true,
new BasicConstraints(false)));
extensions.add(new ExtensionHolder(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature)));
extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)));
return extensions;
}
示例13: addExtendedKeyUsage
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
protected void addExtendedKeyUsage(X509v3CertificateBuilder certificateBuilder) throws CertIOException {
certificateBuilder.addExtension(
Extension.extendedKeyUsage,
false,
new ExtendedKeyUsage(
new KeyPurposeId[]{
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
)
);
}
示例14: buildExtendedKeyUsage
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private ExtendedKeyUsage buildExtendedKeyUsage(CertificateGenerationRequestParameters params) {
String[] extendedKeyUsageList = params.getExtendedKeyUsage();
if (extendedKeyUsageList == null){
return null;
}
KeyPurposeId[] keyPurposeIds = new KeyPurposeId[extendedKeyUsageList.length];
for (int i = 0; i < extendedKeyUsageList.length; i++) {
switch (extendedKeyUsageList[i]) {
case SERVER_AUTH:
keyPurposeIds[i] = KeyPurposeId.id_kp_serverAuth;
break;
case CLIENT_AUTH:
keyPurposeIds[i] = KeyPurposeId.id_kp_clientAuth;
break;
case CODE_SIGNING:
keyPurposeIds[i] = KeyPurposeId.id_kp_codeSigning;
break;
case EMAIL_PROTECTION:
keyPurposeIds[i] = KeyPurposeId.id_kp_emailProtection;
break;
case TIMESTAMPING:
keyPurposeIds[i] = KeyPurposeId.id_kp_timeStamping;
break;
default:
throw new ParameterizedValidationException("error.invalid_extended_key_usage", extendedKeyUsageList[i]);
}
}
return new ExtendedKeyUsage(keyPurposeIds);
}
示例15: getExtendedKeyUsageStringValue
import org.bouncycastle.asn1.x509.ExtendedKeyUsage; //导入依赖的package包/类
private String getExtendedKeyUsageStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* ExtendedKeyUsage ::= ASN1Sequence SIZE (1..MAX) OF KeyPurposeId
*
* KeyPurposeId ::= OBJECT IDENTIFIER
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(value);
for (KeyPurposeId keyPurposeId : extendedKeyUsage.getUsages()) {
String oid = keyPurposeId.getId();
ExtendedKeyUsageType type = ExtendedKeyUsageType.resolveOid(oid);
if (type != null) {
sb.append(type.friendly());
} else {
// Unrecognised key purpose ID
sb.append(oid);
}
sb.append(NEWLINE);
}
return sb.toString();
}