当前位置: 首页>>代码示例>>Java>>正文

Java X509v3CertificateBuilder类代码示例

本文整理汇总了Java中org.bouncycastle.cert.X509v3CertificateBuilder的典型用法代码示例。如果您正苦于以下问题:Java X509v3CertificateBuilder类的具体用法?Java X509v3CertificateBuilder怎么用?Java X509v3CertificateBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


X509v3CertificateBuilder类属于org.bouncycastle.cert包,在下文中一共展示了X509v3CertificateBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: generate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException {
    try {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
        AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
        AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
        X500Name name = new X500Name(dn);
        Date from = new Date();
        Date to = new Date(from.getTime() + days * 86400000L);
        BigInteger sn = new BigInteger(64, new SecureRandom());
        X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);

        if (subjectAltName != null)
            v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
        X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
    } catch (CertificateException ce) {
        throw ce;
    } catch (Exception e) {
        throw new CertificateException(e);
    }
}
开发者ID:YMCoding,项目名称:kafka-0.11.0.0-src-with-comment,代码行数:25,代码来源:TestSslUtils.java

示例2: addExtensions

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private static void addExtensions(X509v3CertificateBuilder certBuilder,
        IdentifiedX509Certprofile profile, X500Name requestedSubject, X500Name grantedSubject,
        Extensions extensions, SubjectPublicKeyInfo requestedPublicKeyInfo,
        PublicCaInfo publicCaInfo, Date notBefore, Date notAfter)
        throws CertprofileException, IOException, BadCertTemplateException {
    ExtensionValues extensionTuples = profile.getExtensions(requestedSubject, grantedSubject,
            extensions, requestedPublicKeyInfo, publicCaInfo, null, notBefore, notAfter);
    if (extensionTuples == null) {
        return;
    }

    for (ASN1ObjectIdentifier extType : extensionTuples.extensionTypes()) {
        ExtensionValue extValue = extensionTuples.getExtensionValue(extType);
        certBuilder.addExtension(extType, extValue.isCritical(), extValue.value());
    }
}
开发者ID:xipki,项目名称:xipki,代码行数:17,代码来源:X509SelfSignedCertBuilder.java

示例3: addSelfSignedCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
	try {
		KeyPair keys = generateKeyPair();

		Calendar start = Calendar.getInstance();
		Calendar expiry = Calendar.getInstance();
		expiry.add(Calendar.YEAR, 1);
		X500Name name = new X500Name(dn);
		X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
				start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
		ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
		X509CertificateHolder holder = certificateBuilder.build(signer);
		Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);

		Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
		keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
	} catch (GeneralSecurityException | OperatorCreationException ex) {
		throw new RuntimeException("Unable to generate self-signed certificate", ex);
	}
}
开发者ID:xtf-cz,项目名称:xtf,代码行数:21,代码来源:XTFKeyStore.java

示例4: generateServerCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public static X500PrivateCredential generateServerCertificate(KeyPair caKeyPair) throws NoSuchAlgorithmException, CertificateException, OperatorCreationException, CertIOException {
    X500Name issuerName = new X500Name("CN=bouncrca");
    X500Name subjectName = new X500Name("CN=bouncr");
    BigInteger serial = BigInteger.valueOf(2);
    long t1 = System.currentTimeMillis();
    KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
    rsa.initialize(2048, SecureRandom.getInstance("NativePRNGNonBlocking"));
    KeyPair kp = rsa.generateKeyPair();
    System.out.println(System.currentTimeMillis() - t1);

    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, kp.getPublic());
    DERSequence subjectAlternativeNames = new DERSequence(new ASN1Encodable[] {
            new GeneralName(GeneralName.dNSName, "localhost"),
            new GeneralName(GeneralName.dNSName, "127.0.0.1")
    });
    builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNames);
    X509Certificate cert = signCertificate(builder, caKeyPair.getPrivate());

    return new X500PrivateCredential(cert, kp.getPrivate());
}
开发者ID:kawasima,项目名称:bouncr,代码行数:21,代码来源:Certificate.java

示例5: generateCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private X509Certificate generateCertificate(KeyPair keyPair) throws DeltaClientException {
    try {
        BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
        Date startDate = DateTimeUtil.getCurrentDate();
        Date expiryDate = DateTimeUtil.addDays(startDate, DAYS_CERTIFICATE_VALID);
        X500Name issuer = new X500Name(ISSUER);
        X500Name subject = new X500Name(SUBJECT);

        X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
                issuer, serialNumber, startDate, expiryDate, subject,
                SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
        ContentSigner signer = builder.build(keyPair.getPrivate());


        byte[] certBytes = certBuilder.build(signer).getEncoded();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
    } catch (Exception e) {
        LOG.error(e.getMessage());
        throw new DeltaClientException("Error generating certificate", e);
    }
}
开发者ID:Covata,项目名称:delta-sdk-java,代码行数:24,代码来源:DeltaKeyStore.java

示例6: makeCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public static X509CertificateHolder makeCertificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN, boolean _ca)
    throws IOException, OperatorCreationException
{
    RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic();

    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
        new X500Name(_issDN),
        allocateSerialNumber(),
        new Date(System.currentTimeMillis()),
        new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
        new X500Name(_subDN),
        new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()))
    );

    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

    ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate());

    v3CertGen.addExtension(
        X509Extension.basicConstraints,
        false,
        new BasicConstraints(_ca));

    return v3CertGen.build(sigGen);
}
开发者ID:ttt43ttt,项目名称:gwt-crypto,代码行数:27,代码来源:CMSTestUtil.java

示例7: createCertificateBuilder

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException {
    X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY));
    nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY));
    nameBuilder.addRDN(BCStyle.OU, propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY));
    nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY));
    X500Name x500Name = nameBuilder.build();

    BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG());

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());

    Date startDate = new Date();
    Date endDate = Date.from(startDate.toInstant().plus(propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS));

    X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo);

    String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY);
    certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName));
    return certificateBuilder;
}
开发者ID:republique-et-canton-de-geneve,项目名称:chvote-1-0,代码行数:22,代码来源:KeyGenerator.java

示例8: getX509CertificateFromPgpKeyPair

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public static X509Certificate getX509CertificateFromPgpKeyPair( PGPPublicKey pgpPublicKey,
                                                                PGPSecretKey pgpSecretKey, String secretPwd,
                                                                String issuer, String subject, Date dateOfIssue,
                                                                Date dateOfExpiry, BigInteger serial )
        throws PGPException, CertificateException, IOException
{
    JcaPGPKeyConverter c = new JcaPGPKeyConverter();
    PublicKey publicKey = c.getPublicKey( pgpPublicKey );
    PrivateKey privateKey = c.getPrivateKey( pgpSecretKey.extractPrivateKey(
            new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) ) );

    X509v3CertificateBuilder certBuilder =
            new X509v3CertificateBuilder( new X500Name( issuer ), serial, dateOfIssue, dateOfExpiry,
                    new X500Name( subject ), SubjectPublicKeyInfo.getInstance( publicKey.getEncoded() ) );
    byte[] certBytes = certBuilder.build( new JCESigner( privateKey, "SHA256withRSA" ) ).getEncoded();
    CertificateFactory certificateFactory = CertificateFactory.getInstance( "X.509" );

    return ( X509Certificate ) certificateFactory.generateCertificate( new ByteArrayInputStream( certBytes ) );
}
开发者ID:subutai-io,项目名称:base,代码行数:20,代码来源:PGPEncryptionUtil.java

示例9: initialConversationCert

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {
		GregorianCalendar gc = new GregorianCalendar();
		Date start = gc.getTime();
		gc.add(GregorianCalendar.DAY_OF_MONTH,2);
		Date end = gc.getTime();
		X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
				x500Name(),
				new BigInteger(12,random), // replace with Serialnumber scheme
				start,
				end,
				x500Name(),
//				SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)
				new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))
				);
		return new JcaX509CertificateConverter().getCertificate(
				xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));
	}
开发者ID:att,项目名称:AAF,代码行数:18,代码来源:CSRMeta.java

示例10: addKeyPair

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
	//generating random KeyPair
	KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
	keyPairGenerator.initialize(2048);
	KeyPair keyPair = keyPairGenerator.generateKeyPair();
	
	//generating certificate for KeyPair
	X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
    BigInteger serial = BigInteger.valueOf(1);
    X500Name subject = issuer;
    PublicKey pubKey = keyPair.getPublic();

    //generate certificate
    X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
            new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
    
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
    X509CertificateHolder certHolder = generator.build(sigGen);
    X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
    
    //add certificate
	keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
开发者ID:aktin,项目名称:ca,代码行数:25,代码来源:CertificateManager.java

示例11: generateCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
public X509CertificateHolder generateCertificate(String subjectName, PublicKey subjectPublicKey, String issuerName, KeyPair issuerKeyPair) {
	try {			
		SubjectPublicKeyInfo subjectPubKeyInfo = generatePublicKeyInfo(subjectPublicKey);
		SubjectPublicKeyInfo issuerPubKeyInfo = generatePublicKeyInfo(issuerKeyPair.getPublic());
		
		X509v3CertificateBuilder v3CertGen = initializeCertificateBuilder(subjectPubKeyInfo, subjectName, issuerName);

		addCRLSitributionPoints(issuerName, v3CertGen);
		addKeyIdentifiers(subjectPubKeyInfo, issuerPubKeyInfo, v3CertGen);
		addAuthorityInformationAccess(issuerName, v3CertGen);

		ContentSigner sigGen = generateContentSignerBuilder(issuerKeyPair.getPrivate());
		X509CertificateHolder certHolder = v3CertGen.build(sigGen);

		return certHolder;

	} catch (Exception e) {
		LOGGER.error("Error while generating certificate: " + e.getMessage());
		throw new RuntimeException("Error while generating certificate", e);
	} 
}
开发者ID:fabiusks,项目名称:cert-services,代码行数:22,代码来源:CertificateService.java

示例12: createSelfSignedCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
        throws OperatorCreationException, CertIOException, CertificateException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ identity.getFullName());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

    return new JcaX509CertificateConverter()
            .setProvider(new BouncyCastleProvider())
            .getCertificate(certificateBuilder.build(contentSigner));

}
开发者ID:vespa-engine,项目名称:vespa,代码行数:20,代码来源:AthenzIdentityVerifierTest.java

示例13: createSelfSignedCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
        throws IOException, CertificateException, OperatorCreationException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    GeneralNames generalNames = new GeneralNames(
            config.zookeeperserver().stream()
                    .map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
                    .toArray(GeneralName[]::new));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
                    .addExtension(Extension.subjectAlternativeName, false, generalNames);

    return new JcaX509CertificateConverter()
            .setProvider(provider)
            .getCertificate(certificateBuilder.build(contentSigner));
}
开发者ID:vespa-engine,项目名称:vespa,代码行数:25,代码来源:AthenzSslTrustStoreConfigurator.java

示例14: createSelfSignedCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
    try {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(512);
        KeyPair keyPair = keyGen.genKeyPair();
        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
        X500Name x500Name = new X500Name("CN="+ identity.getFullName());
        X509v3CertificateBuilder certificateBuilder =
                new JcaX509v3CertificateBuilder(
                        x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))),
                        x500Name, keyPair.getPublic());
        return new JcaX509CertificateConverter()
                .setProvider(new BouncyCastleProvider())
                .getCertificate(certificateBuilder.build(contentSigner));
    } catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
        throw new RuntimeException(e);
    }
}
开发者ID:vespa-engine,项目名称:vespa,代码行数:19,代码来源:AthenzPrincipalFilterTest.java

示例15: createSignedCertificate

import org.bouncycastle.cert.X509v3CertificateBuilder; //导入依赖的package包/类
/**
 * Create a certificate using key pair and signing certificate with CA certificate, common name and a list of subjective alternate name
 *
 * @return signed sever identity certificate
 * */
@Override
public X509Certificate createSignedCertificate(PublicKey publicKey, PrivateKey privateKey, String commonName,
    List<ASN1Encodable> sans)
    throws CertificateException, IOException, OperatorCreationException, NoSuchProviderException,
           NoSuchAlgorithmException, InvalidKeyException, SignatureException {
  X500Name issuer = new X509CertificateHolder(_issuerCertificate.getEncoded()).getSubject();
  BigInteger serial = getSerial();
  X500Name subject = getSubject(commonName);

  X509v3CertificateBuilder x509v3CertificateBuilder =
      new JcaX509v3CertificateBuilder(issuer, serial, getValidDateFrom(), getValidDateTo(), subject, publicKey);
  buildExtensions(x509v3CertificateBuilder, publicKey);

  fillSans(sans, x509v3CertificateBuilder);

  X509Certificate signedCertificate = createCertificate(_issuerPrivateKey, x509v3CertificateBuilder);

  signedCertificate.checkValidity();
  signedCertificate.verify(_issuerCertificate.getPublicKey());

  return signedCertificate;
}
开发者ID:linkedin,项目名称:flashback,代码行数:28,代码来源:IdentityCertificateService.java


注:本文中的org.bouncycastle.cert.X509v3CertificateBuilder类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。