本文整理汇总了Java中org.bouncycastle.asn1.x509.ExtensionsGenerator类的典型用法代码示例。如果您正苦于以下问题:Java ExtensionsGenerator类的具体用法?Java ExtensionsGenerator怎么用?Java ExtensionsGenerator使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
ExtensionsGenerator类属于org.bouncycastle.asn1.x509包,在下文中一共展示了ExtensionsGenerator类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateCSR
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
示例2: generateCSR
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
示例3: addExtension
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
static void addExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value)
throws CertIOException
{
try
{
extGenerator.addExtension(oid, isCritical, value);
}
catch (IOException e)
{
throw new CertIOException("cannot encode extension: " + e.getMessage(), e);
}
}
示例4: CertificateRequestMessageBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
public CertificateRequestMessageBuilder(BigInteger certReqId)
{
this.certReqId = certReqId;
this.extGenerator = new ExtensionsGenerator();
this.templateBuilder = new CertTemplateBuilder();
this.controls = new ArrayList();
}
示例5: X509v2CRLBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
/**
* Basic constructor.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the date of this update.
*/
public X509v2CRLBuilder(
X500Name issuer,
Date thisUpdate)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(new Time(thisUpdate));
}
示例6: X509v3CertificateBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
/**
* Create a builder for a version 3 certificate.
*
* @param issuer the certificate issuer
* @param serial the certificate serial number
* @param notBefore the date before which the certificate is not valid
* @param notAfter the date after which the certificate is not valid
* @param subject the certificate subject
* @param publicKeyInfo the info structure for the public key to be associated with this certificate.
*/
public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
tbsGen = new V3TBSCertificateGenerator();
tbsGen.setSerialNumber(new ASN1Integer(serial));
tbsGen.setIssuer(issuer);
tbsGen.setStartDate(new Time(notBefore));
tbsGen.setEndDate(new Time(notAfter));
tbsGen.setSubject(subject);
tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
extGenerator = new ExtensionsGenerator();
}
示例7: X509v2AttributeCertificateBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
public X509v2AttributeCertificateBuilder(AttributeCertificateHolder holder, AttributeCertificateIssuer issuer, BigInteger serialNumber, Date notBefore, Date notAfter)
{
acInfoGen = new V2AttributeCertificateInfoGenerator();
extGenerator = new ExtensionsGenerator();
acInfoGen.setHolder(holder.holder);
acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
acInfoGen.setStartDate(new ASN1GeneralizedTime(notBefore));
acInfoGen.setEndDate(new ASN1GeneralizedTime(notAfter));
}
示例8: addExtension
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
static void addExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value)
throws TSPIOException
{
try
{
extGenerator.addExtension(oid, isCritical, value);
}
catch (IOException e)
{
throw new TSPIOException("cannot encode extension: " + e.getMessage(), e);
}
}
示例9: X509v3CertificateBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
/**
* Create a builder for a version 3 certificate.
*
* @param issuer the certificate issuer
* @param serial the certificate serial number
* @param notBefore the Time before which the certificate is not valid
* @param notAfter the Time after which the certificate is not valid
* @param subject the certificate subject
* @param publicKeyInfo the info structure for the public key to be associated with this certificate.
*/
public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
tbsGen = new V3TBSCertificateGenerator();
tbsGen.setSerialNumber(new ASN1Integer(serial));
tbsGen.setIssuer(issuer);
tbsGen.setStartDate(notBefore);
tbsGen.setEndDate(notAfter);
tbsGen.setSubject(subject);
tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
extGenerator = new ExtensionsGenerator();
}
示例10: X509v2AttributeCertificateBuilder
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
/**
* Base constructor.
*
* @param holder holder certificate details
* @param issuer issuer of this attribute certificate.
* @param serialNumber serial number of this attribute certificate.
* @param notBefore the date before which the certificate is not valid.
* @param notAfter the date after which the certificate is not valid.
*/
public X509v2AttributeCertificateBuilder(AttributeCertificateHolder holder, AttributeCertificateIssuer issuer, BigInteger serialNumber, Date notBefore, Date notAfter)
{
acInfoGen = new V2AttributeCertificateInfoGenerator();
extGenerator = new ExtensionsGenerator();
acInfoGen.setHolder(holder.holder);
acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
acInfoGen.setStartDate(new ASN1GeneralizedTime(notBefore));
acInfoGen.setEndDate(new ASN1GeneralizedTime(notAfter));
}
示例11: generateCSR
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
/**
* Generate a CSR object.
*
* @param dn The CSR's Distinguished Name (DN).
* @param key The CSR's key pair
* @param extensions The CRT's extension objects.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CSR object.
* @throws IOException if an error occurs during generation.
*/
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key,
List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CSR generation ''{0}'' started...", dn);
// Initialize CSR builder
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
// Add custom extension objects
ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
for (X509ExtensionData extensionData : extensions) {
extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(),
extensionData.encode());
}
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
PKCS10CertificateRequest csr;
try {
// Sign CSR
ContentSigner csrSigner;
csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
csr = fromPKCS10(csrBuilder.build(csrSigner));
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CSR generation ''{0}'' done", dn);
return csr;
}
示例12: test_signing
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
@Test
public void test_signing() throws Exception {
ExtensionsGenerator extGen = new ExtensionsGenerator();
String subject = "C=NO,OU=Vespa,CN=" + requestersHostname;
PKCS10CertificationRequest request = makeRequest(subject, extGen.generate());
X509Certificate certificate = signer.generateX509Certificate(request, requestersHostname);
assertCertificate(certificate, subject, Collections.singleton(Extension.basicConstraints.getId()));
}
示例13: extensions_test_subject_alternative_names
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
@Test(expected = IllegalArgumentException.class)
public void extensions_test_subject_alternative_names() throws Exception {
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName[] {
new GeneralName(GeneralName.dNSName, "some.other.domain.tld")}));
PKCS10CertificationRequest request = makeRequest("OU=Vespa", extGen.generate());
CertificateSigner.verifyCertificateExtensions(request);
}
示例14: extensions_allowed
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
@Test
public void extensions_allowed() throws Exception {
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.certificateIssuer, true, new byte[0]);
PKCS10CertificationRequest request = makeRequest("OU=Vespa", extGen.generate());
CertificateSigner.verifyCertificateExtensions(request);
}
示例15: generateX509CSR
import org.bouncycastle.asn1.x509.ExtensionsGenerator; //导入依赖的package包/类
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey,
String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
// Create Distinguished Name
X500Principal subject = new X500Principal(x500Principal);
// Create ContentSigner
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
ContentSigner signer = csBuilder.build(privateKey);
// Create the CSR
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey);
// Add SubjectAlternativeNames (SAN) if specified
if (sanArray != null) {
ExtensionsGenerator extGen = new ExtensionsGenerator();
GeneralNames subjectAltNames = new GeneralNames(sanArray);
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
// write to openssl PEM format
PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
StringWriter strWriter;
try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
pemWriter.writeObject(pemObject);
}
return strWriter.toString();
}