本文整理汇总了Java中org.bouncycastle.cert.X509CertificateHolder类的典型用法代码示例。如果您正苦于以下问题:Java X509CertificateHolder类的具体用法?Java X509CertificateHolder怎么用?Java X509CertificateHolder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
X509CertificateHolder类属于org.bouncycastle.cert包,在下文中一共展示了X509CertificateHolder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generate
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
if (subjectAltName != null)
v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例2: getSignersCertificates
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private Collection<X509Certificate> getSignersCertificates(CMSSignedData previewSignerData) {
Collection<X509Certificate> result = new HashSet<X509Certificate>();
Store<?> certStore = previewSignerData.getCertificates();
SignerInformationStore signers = previewSignerData.getSignerInfos();
Iterator<?> it = signers.getSigners().iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
@SuppressWarnings("unchecked")
Collection<?> certCollection = certStore.getMatches(signer.getSID());
Iterator<?> certIt = certCollection.iterator();
X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
try {
result.add(new JcaX509CertificateConverter().getCertificate(certificateHolder));
} catch (CertificateException error) {
}
}
return result;
}
示例3: generateP7B
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
try {
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
certChain.add(caCertificate);
Store certs = new JcaCertStore(certChain);
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);
cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
.build(sha1Signer, caCertificate));
cmsSignedDataGenerator.addCertificates(certs);
CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);
return sigData;
} catch(Exception e) {
throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
}
}
示例4: verifySignature
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static boolean verifySignature(CMSSignedData cmsSignedData, X509Certificate cert) {
try {
if (Security.getProvider("BC") == null)
Security.addProvider(new BouncyCastleProvider());
Collection<SignerInformation> signers = cmsSignedData.getSignerInfos().getSigners();
X509CertificateHolder ch = new X509CertificateHolder(cert.getEncoded());
for (SignerInformation si : signers)
if (si.getSID().match(ch))
if (si.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(ch)))
return true;
} catch (Exception e) {}
return false;
}
示例5: createTrustStore
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
/**
* "ca.pem" from Reader
*/
public static KeyStore createTrustStore(final Reader certReader) throws IOException, CertificateException,
KeyStoreException, NoSuchAlgorithmException {
try (PEMParser pemParser = new PEMParser(certReader)) {
X509CertificateHolder certificateHolder = (X509CertificateHolder) pemParser.readObject();
Certificate caCertificate = new JcaX509CertificateConverter()
.setProvider("BC")
.getCertificate(certificateHolder);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null);
trustStore.setCertificateEntry("ca", caCertificate);
return trustStore;
}
}
示例6: fingerprint
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static String fingerprint(X509CertificateHolder c)
throws IOException, CertificateEncodingException {
byte[] der = c.getEncoded();
byte[] sha1 = sha256DigestOf(der);
byte[] hexBytes = Hex.encode(sha1);
String hex = new String(hexBytes,
"ASCII").toUpperCase();
final StringBuilder fp = new StringBuilder();
int i = 0;
fp.append(hex.substring(i,
i + 2));
while ((i += 2) < hex.length()) {
fp.append(':');
fp.append(hex.substring(i,
i + 2));
}
return fp.toString();
}
示例7: createAndInitTrustManagerFactory
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception {
X509Certificate caCertHolder;
if (caCertFileName != null) {
caCertHolder = readCertFile(caCert);
} else {
caCertHolder = certificateConverter.getCertificate((X509CertificateHolder) readPEMFile(caCert));
}
KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
caKeyStore.load(null, null);
caKeyStore.setCertificateEntry("caCert-cert", caCertHolder);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore);
return trustManagerFactory;
}
示例8: convertHolders
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
示例9: finaliseMessage
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
{
if (!extraCerts.isEmpty())
{
CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];
for (int i = 0; i != cmpCerts.length; i++)
{
cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
}
return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
}
else
{
return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
}
}
示例10: isVerified
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public boolean isVerified(X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider)
throws CMPException
{
AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
if (digAlg == null)
{
throw new CMPException("cannot find algorithm for digest from signature");
}
DigestCalculator digester;
try
{
digester = digesterProvider.get(digAlg);
}
catch (OperatorCreationException e)
{
throw new CMPException("unable to create digester: " + e.getMessage(), e);
}
CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
}
示例11: getCertificates
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
/**
* Return the extra certificates associated with this message.
*
* @return an array of extra certificates, zero length if none present.
*/
public X509CertificateHolder[] getCertificates()
{
CMPCertificate[] certs = pkiMessage.getExtraCerts();
if (certs == null)
{
return new X509CertificateHolder[0];
}
X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
for (int i = 0; i != certs.length; i++)
{
res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
}
return res;
}
示例12: build
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public ContentVerifierProvider build(final AsymmetricKeyParameter publicKey)
throws OperatorCreationException
{
return new ContentVerifierProvider()
{
public boolean hasAssociatedCertificate()
{
return false;
}
public X509CertificateHolder getAssociatedCertificate()
{
return null;
}
public ContentVerifier get(AlgorithmIdentifier algorithm)
throws OperatorCreationException
{
BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey);
return new SigVerifier(algorithm, stream);
}
};
}
示例13: getCertificates
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
Store getCertificates(ASN1Set certSet)
{
if (certSet != null)
{
List certList = new ArrayList(certSet.size());
for (Enumeration en = certSet.getObjects(); en.hasMoreElements();)
{
ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
if (obj instanceof ASN1Sequence)
{
certList.add(new X509CertificateHolder(Certificate.getInstance(obj)));
}
}
return new CollectionStore(certList);
}
return new CollectionStore(new ArrayList());
}
示例14: verify
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
/**
* Verify that the given verifier can successfully verify the signature on
* this SignerInformation object.
*
* @param verifier a suitably configured SignerInformationVerifier.
* @return true if the signer information is verified, false otherwise.
* @throws org.bouncycastle.cms.CMSVerifierCertificateNotValidException if the provider has an associated certificate and the certificate is not valid at the time given as the SignerInfo's signing time.
* @throws org.bouncycastle.cms.CMSException if the verifier is unable to create a ContentVerifiers or DigestCalculators.
*/
public boolean verify(SignerInformationVerifier verifier)
throws CMSException
{
Time signingTime = getSigningTime(); // has to be validated if present.
if (verifier.hasAssociatedCertificate())
{
if (signingTime != null)
{
X509CertificateHolder dcv = verifier.getAssociatedCertificate();
if (!dcv.isValidOn(signingTime.getDate()))
{
throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime");
}
}
}
return doVerify(verifier);
}
示例15: getCertificatesFromStore
import org.bouncycastle.cert.X509CertificateHolder; //导入依赖的package包/类
static List getCertificatesFromStore(Store certStore)
throws CMSException
{
List certs = new ArrayList();
try
{
for (Iterator it = certStore.getMatches(null).iterator(); it.hasNext();)
{
X509CertificateHolder c = (X509CertificateHolder)it.next();
certs.add(c.toASN1Structure());
}
return certs;
}
catch (ClassCastException e)
{
throw new CMSException("error processing certs", e);
}
}