本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils类的典型用法代码示例。如果您正苦于以下问题:Java JcaX509ExtensionUtils类的具体用法?Java JcaX509ExtensionUtils怎么用?Java JcaX509ExtensionUtils使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
JcaX509ExtensionUtils类属于org.bouncycastle.cert.jcajce包,在下文中一共展示了JcaX509ExtensionUtils类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getAuthorityKeyIdentifier
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
public String getAuthorityKeyIdentifier() {
byte[] e = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
if (e == null) {
return "";
}
ASN1Primitive ap;
byte[] k = {};
try {
ap = JcaX509ExtensionUtils.parseExtensionValue(e);
k = ASN1Sequence.getInstance(ap.getEncoded()).getEncoded();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
// Very ugly hack to extract the SHA1 Hash (59 Hex Chars) from the
// Extension :(
return CertificateHelper.addHexColons(CertificateHelper.byteArrayToHex(k)).substring(12, k.length * 3 - 1);
}
示例2: createSelfSignedSSLKeyPair
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) {
try {
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY;
org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName);
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey);
JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey));
certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true));
addASN1AndKeyUsageExtensions(certificateBuilder);
X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);
return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert});
} catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
}
}
示例3: getServerExtensions
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
List<ExtensionHolder> extensions = new ArrayList<>();
// SSO forces us to allow data encipherment
extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature
| KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment)));
extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));
Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
new DEROctetString(new JcaX509ExtensionUtils()
.createAuthorityKeyIdentifier(issuerCertificate)));
extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(),
authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue()));
return extensions;
}
示例4: getSubjectKeyIdentifier
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
public String getSubjectKeyIdentifier() {
// https://stackoverflow.com/questions/6523081/why-doesnt-my-key-identifier-match
byte[] e = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
if (e == null) {
return "";
}
ASN1Primitive ap;
byte[] k = {};
try {
ap = JcaX509ExtensionUtils.parseExtensionValue(e);
k = ASN1OctetString.getInstance(ap.getEncoded()).getOctets();
} catch (IOException e1) {
e1.printStackTrace();
}
return CertificateHelper.addHexColons(CertificateHelper.byteArrayToHex(k));
}
示例5: generateCertificate
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
public static X509Certificate generateCertificate(Credential credential, String entityId) throws Exception {
X500Name issuer = new X500Name("o=keymanager, ou=oiosaml-sp");
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date();
Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L * 24L * 365L * 10L);
X500Name subject = new X500Name("cn=" + entityId + ", ou=oiosaml-sp");
ByteArrayInputStream bIn = new ByteArrayInputStream(credential.getPublicKey().getEncoded());
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(bIn).readObject());
X509v3CertificateBuilder gen = new X509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKeyInfo);
gen.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(credential.getPublicKey()));
gen.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(credential.getPublicKey()));
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey());
X509CertificateHolder certificateHolder = gen.build(sigGen);
X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
return x509Certificate;
}
示例6: checkAuthorityKeyIdentifierExtenstion
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private void checkAuthorityKeyIdentifierExtenstion(final X509Certificate cert, final CaCert caCert) throws CertificateEncodingException, IOException {
final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils();
final byte[] extValue = cert.getExtensionValue(OID.AUTHORITY_KEY_IDENIFIER.oid.getId());
assertThat(extValue, is(notNullValue()));
final byte[] expectedExtValue = X509CertExtension.builder()
.oid(Extension.authorityKeyIdentifier)
.value(extUtils.createAuthorityKeyIdentifier(caCert.getCert()))
.critical(false)
.build()
.toExtension()
.getExtnValue()
.getEncoded(DER.name());
assertThat(Arrays.areEqual(extValue, expectedExtValue), is(true));
final X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert);
final Extension ext = certHolder.getExtensions().getExtension(OID.AUTHORITY_KEY_IDENIFIER.oid);
assertThat(ext, is(notNullValue()));
assertThat(Arrays.areEqual(ext.getExtnValue().getEncoded(DER.name()), expectedExtValue), is(true));
}
示例7: checkSubjectKeyIdentifierExtenstion
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private void checkSubjectKeyIdentifierExtenstion(final X509Certificate cert) throws CertificateEncodingException, IOException {
final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils();
final byte[] extValue = cert.getExtensionValue(OID.SUBJECT_KEY_IDENIFIER.oid.getId());
assertThat(extValue, is(notNullValue()));
final byte[] expectedExtValue = X509CertExtension.builder()
.oid(Extension.subjectKeyIdentifier)
.value(extUtils.createSubjectKeyIdentifier(cert.getPublicKey()))
.critical(false)
.build()
.toExtension()
.getExtnValue()
.getEncoded(DER.name());
assertThat(Arrays.areEqual(extValue, expectedExtValue), is(true));
final X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert);
final Extension ext = certHolder.getExtensions().getExtension(OID.SUBJECT_KEY_IDENIFIER.oid);
assertThat(ext, is(notNullValue()));
assertThat(Arrays.areEqual(ext.getExtnValue().getEncoded(DER.name()), expectedExtValue), is(true));
}
示例8: addSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
public void addSignedCertificate(final XTFKeyStore signerKeyStore, final String signerAlias, final String signerPassword, final String dn, final String certificateAlias, final String password) {
try {
final X509Certificate caCert = (X509Certificate) signerKeyStore.keystore.getCertificate(signerAlias);
final PrivateKey caKey = (PrivateKey) signerKeyStore.keystore.getKey(signerAlias, signerPassword.toCharArray());
final Calendar start = Calendar.getInstance();
final Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
final KeyPair keyPair = generateKeyPair();
final X500Name certName = new X500Name(dn);
final X500Name issuerName = new X500Name(caCert.getSubjectDN().getName());
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
issuerName,
BigInteger.valueOf(System.nanoTime()),
start.getTime(),
expiry.getTime(),
certName,
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final JcaX509ExtensionUtils u = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(Extension.authorityKeyIdentifier, false,
u.createAuthorityKeyIdentifier(caCert));
certificateBuilder.addExtension(Extension.subjectKeyIdentifier, false,
u.createSubjectKeyIdentifier(keyPair.getPublic()));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(caKey);
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] {cert, caCert});
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException | CertIOException ex) {
throw new RuntimeException("Unable to generate signed certificate", ex);
}
}
示例9: generateCert
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority,
PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException,
CertIOException, OperatorCreationException, CertificateException,
NoSuchAlgorithmException {
Calendar startDate = DateTimeUtils.calendar();
Calendar endDate = DateTimeUtils.calendar();
endDate.add(Calendar.YEAR, 100);
BigInteger serialNumber = BigInteger.valueOf(startDate.getTimeInMillis());
X500Name issuer = new X500Name(
IETFUtils.rDNsFromString("cn=localhost", RFC4519Style.INSTANCE));
JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer,
serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
certGen.addExtension(Extension.subjectKeyIdentifier, false,
extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
certGen.addExtension(Extension.basicConstraints, false,
new BasicConstraints(isCertAuthority));
certGen.addExtension(Extension.authorityKeyIdentifier, false,
extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
if (isCertAuthority) {
certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
}
X509CertificateHolder cert = certGen.build(
new JcaContentSignerBuilder(SIGNING_ALGORITHM).build(signerPrivateKey));
return new X509CertificateObject(cert.toASN1Structure());
}
示例10: generateSelfSignedX509Certificate
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
/**
* Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
*
* @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for
* @param dn the distinguished name to user for the {@link X509Certificate}
* @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate}
* @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
* @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
* @throws CertificateException if there is an generating the new certificate
*/
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(dn)),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
| KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例11: generateIssuedCertificate
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
/**
* Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
*
* @param dn the distinguished name to use
* @param publicKey the public key to issue the certificate to
* @param extensions extensions extracted from the CSR
* @param issuer the issuer's certificate
* @param issuerKeyPair the issuer's keypair
* @param signingAlgorithm the signing algorithm to use
* @param days the number of days it should be valid for
* @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
* @throws CertificateException if there is an error issuing the certificate
*/
public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// (3) subjectAlternativeName
if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) {
certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
}
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例12: addJcaX509Extension
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private static JcaX509v3CertificateBuilder addJcaX509Extension(String commonsName, RSAPublicKey publicKey, X509Certificate issuerCertificate, long duration, boolean isCaCertificate) throws NoSuchAlgorithmException, CertIOException {
long end = System.currentTimeMillis() + duration;
BigInteger serial = BigInteger.valueOf(new SecureRandom(publicKey.getEncoded()).nextLong());
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(issuerCertificate.getSubjectDN().getName()), serial, new Date(), new Date(end), new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName), publicKey);
JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
certificateBuilder.addExtension(basicConstraints, isCaCertificate, new BasicConstraints(isCaCertificate));
return certificateBuilder;
}
示例13: addSubjectAlternativeNames
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
protected void addSubjectAlternativeNames(
X509v3CertificateBuilder certificateBuilder,
KeyPair keyPair,
String applicationUri,
List<String> dnsNames,
List<String> ipAddresses) throws CertIOException, NoSuchAlgorithmException {
List<GeneralName> generalNames = new ArrayList<>();
generalNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, applicationUri));
dnsNames.stream()
.distinct()
.map(s -> new GeneralName(GeneralName.dNSName, s))
.forEach(generalNames::add);
ipAddresses.stream()
.distinct()
.map(s -> new GeneralName(GeneralName.iPAddress, s))
.forEach(generalNames::add);
certificateBuilder.addExtension(
Extension.subjectAlternativeName,
false,
new GeneralNames(generalNames.toArray(new GeneralName[]{}))
);
// Subject Key Identifier
certificateBuilder.addExtension(
Extension.subjectKeyIdentifier,
false,
new JcaX509ExtensionUtils()
.createSubjectKeyIdentifier(keyPair.getPublic())
);
}
示例14: addAuthorityKeyIdentifier
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
protected void addAuthorityKeyIdentifier(
X509v3CertificateBuilder certificateBuilder,
KeyPair keyPair) throws CertIOException, NoSuchAlgorithmException {
certificateBuilder.addExtension(
Extension.authorityKeyIdentifier,
false,
new JcaX509ExtensionUtils()
.createAuthorityKeyIdentifier(keyPair.getPublic())
);
}
示例15: createCRTSafeBagBuilder
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; //导入依赖的package包/类
private static PKCS12SafeBagBuilder createCRTSafeBagBuilder(String alias, X509Certificate crt, boolean addKeyId)
throws IOException, GeneralSecurityException {
PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(crt);
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(alias));
if (addKeyId) {
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(crt.getPublicKey());
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier);
}
return safeBagBuilder;
}