本文整理汇总了Java中org.bouncycastle.cert.bc.BcX509ExtensionUtils类的典型用法代码示例。如果您正苦于以下问题:Java BcX509ExtensionUtils类的具体用法?Java BcX509ExtensionUtils怎么用?Java BcX509ExtensionUtils使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
BcX509ExtensionUtils类属于org.bouncycastle.cert.bc包,在下文中一共展示了BcX509ExtensionUtils类的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createSubjectKeyIdentifier
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
public static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
try (ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()))) {
ASN1Sequence seq = (ASN1Sequence) is.readObject();
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(seq);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
}
示例2: createSubjectKeyIdentifier
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
try (ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()))) {
ASN1Sequence seq = (ASN1Sequence) is.readObject();
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(seq);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
}
示例3: createSubjectKeyId
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
static SubjectKeyIdentifier createSubjectKeyId(
PublicKey pub)
throws IOException
{
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded());
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
示例4: createSubjectKeyIdentifier
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key)
throws IOException {
ByteArrayInputStream bIn = new ByteArrayInputStream(key.getEncoded());
ASN1InputStream is = null;
try {
is = new ASN1InputStream(bIn);
ASN1Sequence seq = (ASN1Sequence) is.readObject();
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(seq);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
} finally {
IOUtils.closeQuietly(is);
}
}
示例5: createPSSCert
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
private void createPSSCert(String algorithm)
throws Exception
{
AsymmetricCipherKeyPair pair = generateLongFixedKeys();
AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate();
AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic();
//
// distinguished name table.
//
X500NameBuilder builder = createStdBuilder();
//
// create base certificate - version 3
//
BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm);
AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),
new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
new KeyUsage(KeyUsage.encipherOnly));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
new GeneralNames(new GeneralName(GeneralName.rfc822Name, "[email protected]")));
certGen.addExtension(Extension.authorityKeyIdentifier, true, extFact.createAuthorityKeyIdentifier(pubKey));
X509CertificateHolder baseCert = certGen.build(sigGen);
assertTrue(baseCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
}
示例6: signCSR
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
public BigInteger signCSR(PKCS10CertificationRequest csr, Date expiration) throws Exception {
try {
// Certificate serials should be random (hash)
//http://crypto.stackexchange.com/questions/257/unpredictability-of-x-509-serial-numbers
SecureRandom random = new SecureRandom();
byte[] serial = new byte[16];
random.nextBytes(serial);
BigInteger bigserial = new BigInteger(serial);
bigserial = bigserial.abs();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNING_ALGORITHM);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
// http://stackoverflow.com/questions/7567837/attributes-reversed-in-certificate-subject-and-issuer
X500Name issuer = new JcaX509CertificateHolder((X509Certificate) caCert).getSubject();
X509v3CertificateBuilder certgen = new X509v3CertificateBuilder(
issuer,
bigserial,
new Date(),
expiration,
X500Name.getInstance(csr.getSubject()),
csr.getSubjectPublicKeyInfo());
// Constraints and usage
BasicConstraints basicConstraints = new BasicConstraints(false);
KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
ExtendedKeyUsage eku = new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth);
certgen.addExtension(Extension.basicConstraints, false, basicConstraints);
certgen.addExtension(Extension.keyUsage, false, keyUsage);
certgen.addExtension(Extension.extendedKeyUsage, false, eku);
// Identifiers
BcX509ExtensionUtils extensionUtils = new BcX509ExtensionUtils();
org.bouncycastle.asn1.x509.SubjectKeyIdentifier subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(csr.getSubjectPublicKeyInfo());
AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier(new GeneralNames
(new GeneralName(issuer)), caCert.getSerialNumber());
certgen.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
certgen.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(caKey.getEncoded()));
X509CertificateHolder holder = certgen.build(signer);
byte[] certencoded = holder.toASN1Structure().getEncoded();
PemObject po = new PemObject("CERTIFICATE", certencoded);
FileOutputStream fos = new FileOutputStream(VPN.cfg.getProperty("ca.storeDir", "ca") + "/" + bigserial.toString() + ".crt");
JcaPEMWriter pw = new JcaPEMWriter(new OutputStreamWriter(fos));
pw.writeObject(po);
pw.close();
return bigserial;
} catch (Exception ex) {
Logger.getLogger(getClass()).error("Failed to validate CSR and sign CSR", ex);
}
return null;
}
示例7: generate
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
public X509CertificateHolder generate(String cn, String[] sans) {
try {
/* basic certificate structure */
//serial = serial.add(BigInteger.ONE);
// TODO: temporary workaround as reusing serial numbers makes Firefox complain
serial = new BigInteger(Long.toString(System.currentTimeMillis()));
Calendar notBefore = new GregorianCalendar(UTC);
notBefore.add(Calendar.HOUR, -1);
Calendar notAfter = new GregorianCalendar(UTC);
notAfter.add(Calendar.HOUR, 24);
X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, cn).build();
BcX509ExtensionUtils utils = new BcX509ExtensionUtils();
X509v3CertificateBuilder builder = new BcX509v3CertificateBuilder(ca.getCertificate(), serial, notBefore.getTime(), notAfter.getTime(), subject, keyPair.getPublic());
/* subjectAlernativeName extension */
if (sans.length > 0) {
GeneralName[] names = new GeneralName[sans.length];
for (int i = 0; i < names.length; i++) {
names[i] = new GeneralName(GeneralName.dNSName, sans[i]);
}
builder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(names));
}
/* basicConstraints extension */
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
/* subjectKeyIdentifier extension */
builder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(keyPair.getPublic()));
/* authorityKeyIdentifier extension */
builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(ca.getPublicKey()));
/* keyUsage extension */
int usage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyAgreement;
builder.addExtension(Extension.keyUsage, true, new KeyUsage(usage));
/* extendedKeyUsage extension */
KeyPurposeId[] usages = { KeyPurposeId.id_kp_serverAuth };
builder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(usages));
/* create the signer */
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(ca.getPrivateKey());
/* build and sign the certificate */
return builder.build(signer);
} catch (IOException | OperatorCreationException ex) {
throw new CertificateGenerationException(ex);
}
}
示例8: nullPointerTest
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
private void nullPointerTest()
throws Exception
{
AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
kpg.init(genParam);
AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));
BcX509ExtensionUtils extUtils = new BcX509ExtensionUtils(new SHA1DigestCalculator());
SubjectKeyIdentifier subjectKeyIdentifier = extUtils.createSubjectKeyIdentifier(kp.getPublic());
extGen.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withRSA");
AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
PKCS10CertificationRequest p1 = new BcPKCS10CertificationRequestBuilder(
new X500Name("cn=csr"), kp.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate())
.build(contentSignerBuilder.build(kp.getPrivate()));
PKCS10CertificationRequest p2 = new BcPKCS10CertificationRequestBuilder(
new X500Name("cn=csr"), kp.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate())
.build(contentSignerBuilder.build(kp.getPrivate()));
if (!p1.equals(p2))
{
fail("cert request comparison failed");
}
Attribute[] attr1 = p1.getAttributes();
Attribute[] attr2 = p1.getAttributes();
checkAttrs(1, attr1, attr2);
attr1 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
attr2 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
checkAttrs(1, attr1, attr2);
}
示例9: createSubjectKeyIdentifier
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
/**
* Create subjectKeyIdentifier
* The Subject Key Identifier extension identifies the public key certified by this certificate.
* This extension provides a way of distinguishing public keys if more than one is available for
* a given subject name.
* i.e.
* Identifier: Subject Key Identifier - 2.5.29.14
* Critical: no
* Key Identifier:
* 3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
* 9C:37:85:84
*
* */
protected SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey)
throws IOException {
try (ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
ASN1InputStream ais = new ASN1InputStream(bais)) {
ASN1Sequence asn1Sequence = (ASN1Sequence) ais.readObject();
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(asn1Sequence);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(subjectPublicKeyInfo);
}
}
示例10: createSubjectKeyIdentifier
import org.bouncycastle.cert.bc.BcX509ExtensionUtils; //导入依赖的package包/类
/**
* Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
*
* @param key public key to identify
* @return SubjectKeyIdentifier for the specified key
*/
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}