本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaX509CertificateConverter类的典型用法代码示例。如果您正苦于以下问题:Java JcaX509CertificateConverter类的具体用法?Java JcaX509CertificateConverter怎么用?Java JcaX509CertificateConverter使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
JcaX509CertificateConverter类属于org.bouncycastle.cert.jcajce包,在下文中一共展示了JcaX509CertificateConverter类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
if (subjectAltName != null)
v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例2: getSignersCertificates
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
private Collection<X509Certificate> getSignersCertificates(CMSSignedData previewSignerData) {
Collection<X509Certificate> result = new HashSet<X509Certificate>();
Store<?> certStore = previewSignerData.getCertificates();
SignerInformationStore signers = previewSignerData.getSignerInfos();
Iterator<?> it = signers.getSigners().iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
@SuppressWarnings("unchecked")
Collection<?> certCollection = certStore.getMatches(signer.getSID());
Iterator<?> certIt = certCollection.iterator();
X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
try {
result.add(new JcaX509CertificateConverter().getCertificate(certificateHolder));
} catch (CertificateException error) {
}
}
return result;
}
示例3: createCertificateChain
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
/**
* Utility method to decode a certificate chain PEM encoded string value to an array of
* X509Certificate certificate instances.
* @param certChainPEM
* - a certificate chain (one or more certificates) PEM encoded string value.
* @return - decoded array of X509Certificate certificate instances.
* @throws RuntimeException
* if a certificate can't be decoded to X509Certificate type certificate.
*/
public static X509Certificate[] createCertificateChain(String certChainPEM) {
AssertUtil.assertNotNull(certChainPEM, "certChainPEM should not be null.");
List<X509Certificate> chain = new ArrayList<>();
try (PEMParser parser = new PEMParser(new StringReader(certChainPEM))) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509CertificateHolder certificateHolder;
while ((certificateHolder = (X509CertificateHolder) parser.readObject()) != null) {
chain.add(converter.getCertificate(certificateHolder));
}
} catch (IOException | CertificateException e) {
throw new RuntimeException("Failed to create certificate: " + certChainPEM, e);
}
if (chain.isEmpty()) {
throw new RuntimeException("A valid certificate was not found: " + certChainPEM);
}
return chain.toArray(new X509Certificate[chain.size()]);
}
示例4: createTrustStore
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
/**
* "ca.pem" from Reader
*/
public static KeyStore createTrustStore(final Reader certReader) throws IOException, CertificateException,
KeyStoreException, NoSuchAlgorithmException {
try (PEMParser pemParser = new PEMParser(certReader)) {
X509CertificateHolder certificateHolder = (X509CertificateHolder) pemParser.readObject();
Certificate caCertificate = new JcaX509CertificateConverter()
.setProvider("BC")
.getCertificate(certificateHolder);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null);
trustStore.setCertificateEntry("ca", caCertificate);
return trustStore;
}
}
示例5: addSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
try {
KeyPair keys = generateKeyPair();
Calendar start = Calendar.getInstance();
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
X500Name name = new X500Name(dn);
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException ex) {
throw new RuntimeException("Unable to generate self-signed certificate", ex);
}
}
示例6: generateCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error occurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm)
throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例7: generateCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error occurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm)
throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例8: initialConversationCert
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {
GregorianCalendar gc = new GregorianCalendar();
Date start = gc.getTime();
gc.add(GregorianCalendar.DAY_OF_MONTH,2);
Date end = gc.getTime();
X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
x500Name(),
new BigInteger(12,random), // replace with Serialnumber scheme
start,
end,
x500Name(),
// SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)
new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))
);
return new JcaX509CertificateConverter().getCertificate(
xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));
}
示例9: addKeyPair
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
//generating random KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//generating certificate for KeyPair
X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
BigInteger serial = BigInteger.valueOf(1);
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
//generate certificate
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
X509CertificateHolder certHolder = generator.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
//add certificate
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
示例10: shouldGenerateSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
@Test
public void shouldGenerateSelfSignedCertificate() throws IOException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
CertificateKeyPairGeneratorService keyPairGenerator = new CertificateKeyPairGeneratorService();
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509CertificateHolder certHolder = this.certificateGenerator.generateSelfSignedCertificate(SUBJECT_NAME, keyPair);
assertEquals(new X500Name(FINAL_SUBJECT_NAME), certHolder.getSubject());
assertEquals(new X500Name(FINAL_SUBJECT_NAME), certHolder.getIssuer());
assertEquals(certHolder.isValidOn(new Date()), true);
/*
* On a self signed certificate, issuer and subject names must be the same
*/
assertEquals(certHolder.getIssuer(), certHolder.getSubject());
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certHolder);
certificate.verify(keyPair.getPublic());
}
示例11: runTestCode
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
private void runTestCode(KeyPair userKeyPair, KeyPair issuerKeyPair) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException {
X509CertificateHolder certHolder = this.certificateGenerator.generateCertificate(SUBJECT_NAME, userKeyPair.getPublic(), ISSUER_NAME, issuerKeyPair);
assertEquals(new X500Name(FINAL_ISSUER_NAME), certHolder.getIssuer());
assertEquals(new X500Name(FINAL_SUBJECT_NAME), certHolder.getSubject());
assertEquals(true, certHolder.isValidOn(new Date()));
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certHolder);
certificate.verify(issuerKeyPair.getPublic());
/*
* Saving for verification of the fields of the certificate. Should be done programatically in the future
*/
FileOutputStream fileOut = new FileOutputStream("target" + System.getProperty("file.separator") + "test.cer");
fileOut.write(certHolder.getEncoded());
fileOut.close();
}
示例12: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
throws OperatorCreationException, CertIOException, CertificateException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
}
示例13: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
throws IOException, CertificateException, OperatorCreationException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
GeneralNames generalNames = new GeneralNames(
config.zookeeperserver().stream()
.map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
.toArray(GeneralName[]::new));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
.addExtension(Extension.subjectAlternativeName, false, generalNames);
return new JcaX509CertificateConverter()
.setProvider(provider)
.getCertificate(certificateBuilder.build(contentSigner));
}
示例14: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))),
x500Name, keyPair.getPublic());
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
} catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
示例15: whenSelfSignIsTrue_itGeneratesAValidSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入依赖的package包/类
@Test
public void whenSelfSignIsTrue_itGeneratesAValidSelfSignedCertificate() throws Exception {
final X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
.getCertificate(generateX509SelfSignedCert());
generationParameters.setCaName(null);
generationParameters.setSelfSigned(true);
inputParameters = new CertificateGenerationParameters(generationParameters);
when(keyGenerator.generateKeyPair(anyInt())).thenReturn(rootCaKeyPair);
when(signedCertificateGenerator.getSelfSigned(rootCaKeyPair, inputParameters))
.thenReturn(certificate);
CertificateCredentialValue certificateCredential = subject.generateCredential(inputParameters);
assertThat(certificateCredential.getPrivateKey(),
equalTo(CertificateFormatter.pemOf(rootCaKeyPair.getPrivate())));
assertThat(certificateCredential.getCertificate(),
equalTo(CertificateFormatter.pemOf(certificate)));
assertThat(certificateCredential.getCa(), equalTo(CertificateFormatter.pemOf(certificate)));
verify(signedCertificateGenerator, times(1)).getSelfSigned(rootCaKeyPair, inputParameters);
}