当前位置: 首页>>代码示例>>Java>>正文


Java CertIOException类代码示例

本文整理汇总了Java中org.bouncycastle.cert.CertIOException的典型用法代码示例。如果您正苦于以下问题:Java CertIOException类的具体用法?Java CertIOException怎么用?Java CertIOException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


CertIOException类属于org.bouncycastle.cert包,在下文中一共展示了CertIOException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: generateServerCertificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public static X500PrivateCredential generateServerCertificate(KeyPair caKeyPair) throws NoSuchAlgorithmException, CertificateException, OperatorCreationException, CertIOException {
    X500Name issuerName = new X500Name("CN=bouncrca");
    X500Name subjectName = new X500Name("CN=bouncr");
    BigInteger serial = BigInteger.valueOf(2);
    long t1 = System.currentTimeMillis();
    KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
    rsa.initialize(2048, SecureRandom.getInstance("NativePRNGNonBlocking"));
    KeyPair kp = rsa.generateKeyPair();
    System.out.println(System.currentTimeMillis() - t1);

    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, kp.getPublic());
    DERSequence subjectAlternativeNames = new DERSequence(new ASN1Encodable[] {
            new GeneralName(GeneralName.dNSName, "localhost"),
            new GeneralName(GeneralName.dNSName, "127.0.0.1")
    });
    builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNames);
    X509Certificate cert = signCertificate(builder, caKeyPair.getPrivate());

    return new X500PrivateCredential(cert, kp.getPrivate());
}
 
开发者ID:kawasima,项目名称:bouncr,代码行数:21,代码来源:Certificate.java

示例2: createSSLKeyPair

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public static SSLKeyPair createSSLKeyPair(String commonsName, PrivateKey caPrivateKey, PublicKey caPublicKey, X509Certificate[] issuerCertificateChain, long duration, boolean isCaCertificate) {

        try {
            KeyPair keyPair = RSAUtils.generateRsaKeyPair();
            RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
            RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();

            JcaX509v3CertificateBuilder certificateBuilder = addJcaX509Extension(commonsName, publicKey, issuerCertificateChain[0], duration, isCaCertificate);

            if (isCaCertificate) {
                addASN1AndKeyUsageExtensions(certificateBuilder);
            }

            X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);

            List<X509Certificate> x509Certificates = new ArrayList<>(Arrays.asList(issuerCertificateChain));
            x509Certificates.add(0, cert);
            return new SSLKeyPair(privateKey, publicKey, x509Certificates.toArray(new X509Certificate[x509Certificates.size()]));

        } catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
            throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
        }
    }
 
开发者ID:kodokojo,项目名称:kodokojo,代码行数:24,代码来源:SSLUtils.java

示例3: createSelfSignedSSLKeyPair

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) {

        try {
            BigInteger serial = BigInteger.valueOf(new Random().nextInt());
            long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY;

            org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName);
            JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey);
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey));

            certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true));

            addASN1AndKeyUsageExtensions(certificateBuilder);

            X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);

            return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert});

        } catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
            throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
        }
    }
 
开发者ID:kodokojo,项目名称:kodokojo,代码行数:24,代码来源:SSLUtils.java

示例4: createCertificateBuilder

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException {
    X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY));
    nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY));
    nameBuilder.addRDN(BCStyle.OU, propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY));
    nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY));
    X500Name x500Name = nameBuilder.build();

    BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG());

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());

    Date startDate = new Date();
    Date endDate = Date.from(startDate.toInstant().plus(propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS));

    X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo);

    String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY);
    certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName));
    return certificateBuilder;
}
 
开发者ID:republique-et-canton-de-geneve,项目名称:chvote-1-0,代码行数:22,代码来源:KeyGenerator.java

示例5: createSelfSignedCertificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
        throws OperatorCreationException, CertIOException, CertificateException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ identity.getFullName());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

    return new JcaX509CertificateConverter()
            .setProvider(new BouncyCastleProvider())
            .getCertificate(certificateBuilder.build(contentSigner));

}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:20,代码来源:AthenzIdentityVerifierTest.java

示例6: x509v3CertificateBuilder

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public X509v3CertificateBuilder x509v3CertificateBuilder() {
    final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
            issuerPrincipal,
            serialNumber,
            Date.from(notBefore),
            Date.from(notAfter),
            subjectPrincipal,
            subjectPublicKey
    );

    extensions.stream().forEach(ext -> {
        try {
            builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
        } catch (final CertIOException ex) {
            throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
        }
    });

    return builder;
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:21,代码来源:X509V3CertRequest.java

示例7: x509v3CertificateBuilder

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public X509v3CertificateBuilder x509v3CertificateBuilder() {
    final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
            x509V3CertRequest.getIssuerPrincipal(),
            x509V3CertRequest.getSerialNumber(),
            Date.from(x509V3CertRequest.getNotBefore()),
            Date.from(x509V3CertRequest.getNotAfter()),
            x509V3CertRequest.getSubjectPrincipal(),
            x509V3CertRequest.getSubjectPublicKey()
    );

    x509V3CertRequest.getExtensions().stream().forEach(ext -> {
        try {
            builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
        } catch (final CertIOException ex) {
            throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
        }
    });

    return builder;
}
 
开发者ID:runrightfast,项目名称:runrightfast-vertx,代码行数:21,代码来源:SelfSignedX509V3CertRequest.java

示例8: testInvalidResp

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public void testInvalidResp()
    throws Exception
{
    try
    {
        OCSPResp response = new OCSPResp(invalidResp);
    }
    catch (CertIOException e)
    {
        if (e.getCause() instanceof ASN1Exception)
        {
            Throwable c = ((ASN1Exception)e.getCause()).getCause();

            if (!c.getMessage().equals("ENUMERATED has zero length"))
            {
                fail("parsing failed, but for wrong reason: " + c.getMessage());
            }
        }
        else
        {
            fail("parsing failed, but for wrong reason: " + e.getMessage());
        }
    }


}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:27,代码来源:OCSPTest.java

示例9: addExtension

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public CertificateRequestMessageBuilder addExtension(
    ASN1ObjectIdentifier oid,
    boolean              critical,
    ASN1Encodable        value)
    throws CertIOException
{
    CRMFUtil.addExtension(extGenerator, oid, critical, value);

    return this;
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:11,代码来源:CertificateRequestMessageBuilder.java

示例10: addExtension

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
static void addExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value)
    throws CertIOException
{
    try
    {
        extGenerator.addExtension(oid, isCritical, value);
    }
    catch (IOException e)
    {
        throw new CertIOException("cannot encode extension: " + e.getMessage(), e);
    }
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:13,代码来源:CRMFUtil.java

示例11: addSignedCertificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public void addSignedCertificate(final XTFKeyStore signerKeyStore, final String signerAlias, final String signerPassword, final String dn, final String certificateAlias, final String password) {
	try {
		final X509Certificate caCert = (X509Certificate) signerKeyStore.keystore.getCertificate(signerAlias);
		final PrivateKey caKey = (PrivateKey) signerKeyStore.keystore.getKey(signerAlias, signerPassword.toCharArray());
		final Calendar start = Calendar.getInstance();
		final Calendar expiry = Calendar.getInstance();
		expiry.add(Calendar.YEAR, 1);
		final KeyPair keyPair = generateKeyPair();
		final X500Name certName = new X500Name(dn);
		final X500Name issuerName = new X500Name(caCert.getSubjectDN().getName());
		X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
				issuerName,
				BigInteger.valueOf(System.nanoTime()),
				start.getTime(),
				expiry.getTime(),
				certName,
				SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
		final JcaX509ExtensionUtils u = new JcaX509ExtensionUtils();
		certificateBuilder.addExtension(Extension.authorityKeyIdentifier, false,
				u.createAuthorityKeyIdentifier(caCert));
		certificateBuilder.addExtension(Extension.subjectKeyIdentifier, false,
				u.createSubjectKeyIdentifier(keyPair.getPublic()));
		ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(caKey);
		X509CertificateHolder holder = certificateBuilder.build(signer);
		Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);

		Entry entry = new PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] {cert, caCert});
		keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
	} catch (GeneralSecurityException | OperatorCreationException | CertIOException ex) {
		throw new RuntimeException("Unable to generate signed certificate", ex);
	}
}
 
开发者ID:xtf-cz,项目名称:xtf,代码行数:33,代码来源:XTFKeyStore.java

示例12: generateCert

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority,
    PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException,
    CertIOException, OperatorCreationException, CertificateException,
    NoSuchAlgorithmException {
  Calendar startDate = DateTimeUtils.calendar();
  Calendar endDate = DateTimeUtils.calendar();
  endDate.add(Calendar.YEAR, 100);

  BigInteger serialNumber = BigInteger.valueOf(startDate.getTimeInMillis());
  X500Name issuer = new X500Name(
      IETFUtils.rDNsFromString("cn=localhost", RFC4519Style.INSTANCE));
  JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer,
      serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
  JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
  certGen.addExtension(Extension.subjectKeyIdentifier, false,
      extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
  certGen.addExtension(Extension.basicConstraints, false,
      new BasicConstraints(isCertAuthority));
  certGen.addExtension(Extension.authorityKeyIdentifier, false,
      extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
  if (isCertAuthority) {
    certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
  }
  X509CertificateHolder cert = certGen.build(
      new JcaContentSignerBuilder(SIGNING_ALGORITHM).build(signerPrivateKey));
  return new X509CertificateObject(cert.toASN1Structure());
}
 
开发者ID:apache,项目名称:calcite-avatica,代码行数:28,代码来源:SslDriverTest.java

示例13: generateSelfSignedX509Certificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
/**
 * Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
 *
 * @param keyPair                 the {@link KeyPair} to generate the {@link X509Certificate} for
 * @param dn                      the distinguished name to user for the {@link X509Certificate}
 * @param signingAlgorithm        the signing algorithm to use for the {@link X509Certificate}
 * @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
 * @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
 * @throws CertificateException      if there is an generating the new certificate
 */
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays)
        throws CertificateException {
    try {
        ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        Date startDate = new Date();
        Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));

        X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
                reverseX500Name(new X500Name(dn)),
                getUniqueSerialNumber(),
                startDate, endDate,
                reverseX500Name(new X500Name(dn)),
                subPubKeyInfo);

        // Set certificate extensions
        // (1) digitalSignature extension
        certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
                | KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));

        certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));

        certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));

        certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));

        // (2) extendedKeyUsage extension
        certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));

        // Sign the certificate
        X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
    } catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
        throw new CertificateException(e);
    }
}
 
开发者ID:apache,项目名称:nifi-registry,代码行数:47,代码来源:CertificateUtils.java

示例14: generateIssuedCertificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
/**
 * Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
 *
 * @param dn the distinguished name to use
 * @param publicKey the public key to issue the certificate to
 * @param extensions extensions extracted from the CSR
 * @param issuer the issuer's certificate
 * @param issuerKeyPair the issuer's keypair
 * @param signingAlgorithm the signing algorithm to use
 * @param days the number of days it should be valid for
 * @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
 * @throws CertificateException if there is an error issuing the certificate
 */
public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days)
        throws CertificateException {
    try {
        ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate());
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        Date startDate = new Date();
        Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days));

        X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
                reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())),
                getUniqueSerialNumber(),
                startDate, endDate,
                reverseX500Name(new X500Name(dn)),
                subPubKeyInfo);

        certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));

        certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
        // Set certificate extensions
        // (1) digitalSignature extension
        certBuilder.addExtension(Extension.keyUsage, true,
                new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));

        certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));

        // (2) extendedKeyUsage extension
        certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));

        // (3) subjectAlternativeName
        if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) {
            certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
        }

        X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
    } catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
        throw new CertificateException(e);
    }
}
 
开发者ID:apache,项目名称:nifi-registry,代码行数:53,代码来源:CertificateUtils.java

示例15: createRootCertificate

import org.bouncycastle.cert.CertIOException; //导入依赖的package包/类
public static KeyStore createRootCertificate(Authority authority, String keyStoreType)
		throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, IOException,
		OperatorCreationException, CertificateException, KeyStoreException {

	KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);

	X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
	nameBuilder.addRDN(BCStyle.CN, authority.commonName());
	nameBuilder.addRDN(BCStyle.O, authority.organization());
	nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());

	X500Name issuer = nameBuilder.build();
	BigInteger serial = BigInteger.valueOf(initRandomSerial());
	X500Name subject = issuer;
	PublicKey pubKey = keyPair.getPublic();

	X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
			subject, pubKey);

	generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
	generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

	KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
			| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
	generator.addExtension(Extension.keyUsage, false, usage);

	ASN1EncodableVector purposes = new ASN1EncodableVector();
	purposes.add(KeyPurposeId.id_kp_serverAuth);
	purposes.add(KeyPurposeId.id_kp_clientAuth);
	purposes.add(KeyPurposeId.anyExtendedKeyUsage);
	generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));

	X509Certificate cert = signCertificate(generator, keyPair.getPrivate());

	KeyStore result = KeyStore.getInstance(keyStoreType/* , PROVIDER_NAME */);
	result.load(null, null);
	result.setKeyEntry(authority.alias(), keyPair.getPrivate(), authority.password(), new Certificate[] { cert });
	return result;
}
 
开发者ID:demoiselle,项目名称:signer,代码行数:40,代码来源:CertificateHelper.java


注:本文中的org.bouncycastle.cert.CertIOException类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。