本文整理汇总了Java中org.bouncycastle.asn1.x509.KeyPurposeId类的典型用法代码示例。如果您正苦于以下问题:Java KeyPurposeId类的具体用法?Java KeyPurposeId怎么用?Java KeyPurposeId使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
KeyPurposeId类属于org.bouncycastle.asn1.x509包,在下文中一共展示了KeyPurposeId类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: test_TrustManagerFactory_extendedKeyUsage
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
@Test
public void test_TrustManagerFactory_extendedKeyUsage() throws Exception {
// anyExtendedKeyUsage should work for client or server
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.anyExtendedKeyUsage, false, true, true);
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.anyExtendedKeyUsage, true, true, true);
// critical clientAuth should work for client
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.id_kp_clientAuth, false, true, false);
test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_clientAuth, true, true, false);
// critical serverAuth should work for server
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.id_kp_serverAuth, false, false, true);
test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_serverAuth, true, false, true);
// codeSigning should not work
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.id_kp_codeSigning, false, false, false);
test_TrustManagerFactory_extendedKeyUsage(
KeyPurposeId.id_kp_codeSigning, true, false, false);
}
示例2: createExtendedUsage
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
public static ExtendedKeyUsage createExtendedUsage(Collection<ASN1ObjectIdentifier> usages) {
if (CollectionUtil.isEmpty(usages)) {
return null;
}
List<ASN1ObjectIdentifier> list = new ArrayList<>(usages);
List<ASN1ObjectIdentifier> sortedUsages = sortOidList(list);
KeyPurposeId[] kps = new KeyPurposeId[sortedUsages.size()];
int idx = 0;
for (ASN1ObjectIdentifier oid : sortedUsages) {
kps[idx++] = KeyPurposeId.getInstance(oid);
}
return new ExtendedKeyUsage(kps);
}
示例3: getServerExtensions
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
List<ExtensionHolder> extensions = new ArrayList<>();
// SSO forces us to allow data encipherment
extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature
| KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment)));
extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));
Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
new DEROctetString(new JcaX509ExtensionUtils()
.createAuthorityKeyIdentifier(issuerCertificate)));
extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(),
authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue()));
return extensions;
}
示例4: getExtendedKeyUsageStringValue
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
/**
* Get Extended Key Usage (2.5.29.37) extension value as a string.
*
* <pre>
* ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
* KeyPurposeId ::= OBJECT IDENTIFIER
* </pre>
*
* @param bValue The octet string value
* @return Extension value as a string
* @throws IOException If an I/O problem occurs
*/
private String getExtendedKeyUsageStringValue(byte[] bValue)
throws IOException
{
StringBuilder strBuff = new StringBuilder();
ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(bValue);
KeyPurposeId[] usages = eku.getUsages();
for (KeyPurposeId usage : usages)
{
if (strBuff.length() != 0)
{
strBuff.append("<br><br>");
}
String sOid = usage.getId();
String sEku = getRes(sOid, "UnrecognisedExtKeyUsageString");
strBuff.append(MessageFormat.format(sEku, sOid));
}
return strBuff.toString();
}
示例5: generateCSR
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
示例6: givenASelfSignedCertificate_setsCertificateFieldsCorrectly
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
@Test
public void givenASelfSignedCertificate_setsCertificateFieldsCorrectly() {
final String distinguishedName =
"O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
final GeneralNames generalNames = new GeneralNames(
new GeneralName(GeneralName.dNSName, "SolarSystem"));
CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);
assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
assertThat(certificateReader.getKeyLength(), equalTo(4096));
assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
equalTo(true));
assertThat(certificateReader.getDurationDays(), equalTo(30));
assertThat(certificateReader.isSelfSigned(), equalTo(false));
assertThat(certificateReader.isCa(), equalTo(false));
}
示例7: returnsParametersCorrectly
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
@Test
public void returnsParametersCorrectly() {
final String distinguishedName =
"O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
final GeneralNames generalNames = new GeneralNames(
new GeneralName(GeneralName.dNSName, "SolarSystem"));
CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);
assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
equalTo(true));
assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
}
示例8: generateTspCertificate
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
/**
* Generate a CertificateToken suitable for a TSA
*
* @param algorithm
* @param keyPair
* @param issuer
* @param subject
* @param notBefore
* @param notAfter
* @return
* @throws OperatorCreationException
* @throws CertificateException
* @throws IOException
*/
private CertificateToken generateTspCertificate(final SignatureAlgorithm algorithm, KeyPair keyPair, X500Name issuer, X500Name subject,
final Date notBefore, final Date notAfter) throws OperatorCreationException, CertificateException, IOException {
final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);
certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME)
.build(keyPair.getPrivate());
final X509CertificateHolder holder = certBuilder.build(signer);
final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
return new CertificateToken(cert);
}
示例9: addRequestedExtKeyusage
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
private static void addRequestedExtKeyusage(List<ASN1ObjectIdentifier> usages,
Extensions requestedExtensions, Set<ExtKeyUsageControl> usageOccs) {
Extension extension = requestedExtensions.getExtension(Extension.extendedKeyUsage);
if (extension == null) {
return;
}
ExtendedKeyUsage reqKeyUsage =
ExtendedKeyUsage.getInstance(extension.getParsedValue());
for (ExtKeyUsageControl k : usageOccs) {
if (k.isRequired()) {
continue;
}
if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.extKeyUsage()))) {
usages.add(k.extKeyUsage());
}
}
}
示例10: generateDummySSLClientCertificate
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
private void generateDummySSLClientCertificate(KeyStore ks)
throws Exception
{
LOG.info("Generating a Dummy SSL client certificate ...");
KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength());
String DN = "CN=SSL dummy client cert, O=Dummy org., C=FR";
X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, DN, DN, true,
CertificateUtilities.DEFAULT_VALIDITY_PERIOD);
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient));
v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
X509Certificate cert = v3CertGen.generate(pair.getPrivate());
ks.setKeyEntry(DUMMY_SSL_CLIENT_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {cert});
}
示例11: generateCA
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
public void generateCA(String prettyName)
{
this.prettyName = prettyName;
Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR";
size = 4096;
EKU = new KeyPurposeId[4];
EKU[0] = KeyPurposeId.id_kp_codeSigning;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
EKU[2] = KeyPurposeId.id_kp_clientAuth;
EKU[3] = KeyPurposeId.id_kp_emailProtection;
keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign;
generateAll();
}
示例12: validateCertificate
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
/**
* Validate the passed in certificate as being of the correct type to be used
* for time stamping. To be valid it must have an ExtendedKeyUsage extension
* which has a key purpose identifier of id-kp-timeStamping.
*
* @param cert the certificate of interest.
* @throws TSPValidationException if the certicate fails on one of the check points.
*/
public static void validateCertificate(
X509CertificateHolder cert)
throws TSPValidationException
{
if (cert.toASN1Structure().getVersionNumber() != 3)
{
throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
}
Extension ext = cert.getExtension(Extension.extendedKeyUsage);
if (ext == null)
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
}
if (!ext.isCritical())
{
throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
}
ExtendedKeyUsage extKey = ExtendedKeyUsage.getInstance(ext.getParsedValue());
if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1)
{
throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
}
}
示例13: ExtendedKeyUsageImpl
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
public ExtendedKeyUsageImpl(X509Certificate cert) throws IOException {
keyPurposeIds = new ArrayList<>();
byte[] extVal = cert.getExtensionValue(Extension.extendedKeyUsage.getId());
if (extVal == null)
return;
org.bouncycastle.asn1.x509.ExtendedKeyUsage usage = org.bouncycastle.asn1.x509.ExtendedKeyUsage
.getInstance(X509ExtensionUtil.fromExtensionValue(extVal));
KeyPurposeId[] usages = usage.getUsages();
for (int i = 0; i < usages.length; i++) {
keyPurposeIds.add(usages[i].getId());
}
}
示例14: generateSelfSignedX509Certificate
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
/**
* Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
*
* @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for
* @param dn the distinguished name to user for the {@link X509Certificate}
* @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate}
* @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
* @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
* @throws CertificateException if there is an generating the new certificate
*/
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(dn)),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
| KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例15: generateIssuedCertificate
import org.bouncycastle.asn1.x509.KeyPurposeId; //导入依赖的package包/类
/**
* Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
*
* @param dn the distinguished name to use
* @param publicKey the public key to issue the certificate to
* @param extensions extensions extracted from the CSR
* @param issuer the issuer's certificate
* @param issuerKeyPair the issuer's keypair
* @param signingAlgorithm the signing algorithm to use
* @param days the number of days it should be valid for
* @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
* @throws CertificateException if there is an error issuing the certificate
*/
public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// (3) subjectAlternativeName
if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) {
certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
}
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}