本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder类的典型用法代码示例。如果您正苦于以下问题:Java JcaX509v3CertificateBuilder类的具体用法?Java JcaX509v3CertificateBuilder怎么用?Java JcaX509v3CertificateBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
JcaX509v3CertificateBuilder类属于org.bouncycastle.cert.jcajce包,在下文中一共展示了JcaX509v3CertificateBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateServerCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public static X500PrivateCredential generateServerCertificate(KeyPair caKeyPair) throws NoSuchAlgorithmException, CertificateException, OperatorCreationException, CertIOException {
X500Name issuerName = new X500Name("CN=bouncrca");
X500Name subjectName = new X500Name("CN=bouncr");
BigInteger serial = BigInteger.valueOf(2);
long t1 = System.currentTimeMillis();
KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
rsa.initialize(2048, SecureRandom.getInstance("NativePRNGNonBlocking"));
KeyPair kp = rsa.generateKeyPair();
System.out.println(System.currentTimeMillis() - t1);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, kp.getPublic());
DERSequence subjectAlternativeNames = new DERSequence(new ASN1Encodable[] {
new GeneralName(GeneralName.dNSName, "localhost"),
new GeneralName(GeneralName.dNSName, "127.0.0.1")
});
builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNames);
X509Certificate cert = signCertificate(builder, caKeyPair.getPrivate());
return new X500PrivateCredential(cert, kp.getPrivate());
}
示例2: addKeyPair
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
//generating random KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//generating certificate for KeyPair
X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
BigInteger serial = BigInteger.valueOf(1);
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
//generate certificate
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
X509CertificateHolder certHolder = generator.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
//add certificate
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
示例3: createSSLKeyPair
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public static SSLKeyPair createSSLKeyPair(String commonsName, PrivateKey caPrivateKey, PublicKey caPublicKey, X509Certificate[] issuerCertificateChain, long duration, boolean isCaCertificate) {
try {
KeyPair keyPair = RSAUtils.generateRsaKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
JcaX509v3CertificateBuilder certificateBuilder = addJcaX509Extension(commonsName, publicKey, issuerCertificateChain[0], duration, isCaCertificate);
if (isCaCertificate) {
addASN1AndKeyUsageExtensions(certificateBuilder);
}
X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);
List<X509Certificate> x509Certificates = new ArrayList<>(Arrays.asList(issuerCertificateChain));
x509Certificates.add(0, cert);
return new SSLKeyPair(privateKey, publicKey, x509Certificates.toArray(new X509Certificate[x509Certificates.size()]));
} catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
}
}
示例4: createSelfSignedSSLKeyPair
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) {
try {
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY;
org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName);
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey);
JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey));
certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true));
addASN1AndKeyUsageExtensions(certificateBuilder);
X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder);
return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert});
} catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) {
throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e);
}
}
示例5: constructCert
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
@Test
public void constructCert() throws Exception {
Security.addProvider(new BouncyCastleProvider());
((Logger)LoggerFactory.getLogger(CertificateGenerator.class)).setLevel(Level.DEBUG);
File file = new File("/tmp/dm-agent.jks");//Files.createTempFile("dm-agent", ".jks");
KeyPair keypair = createKeypair();
JcaX509v3CertificateBuilder cb = createRootCert(keypair);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keypair.getPrivate());
X509CertificateHolder rootCert = cb.build(signer);
KeystoreConfig cert = CertificateGenerator.constructCert(rootCert,
keypair.getPrivate(),
file,
ImmutableSet.of("test1", "test2"));
assertNotNull(cert);
}
示例6: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
throws OperatorCreationException, CertIOException, CertificateException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
}
示例7: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
throws IOException, CertificateException, OperatorCreationException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
GeneralNames generalNames = new GeneralNames(
config.zookeeperserver().stream()
.map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
.toArray(GeneralName[]::new));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
.addExtension(Extension.subjectAlternativeName, false, generalNames);
return new JcaX509CertificateConverter()
.setProvider(provider)
.getCertificate(certificateBuilder.build(contentSigner));
}
示例8: createSelfSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))),
x500Name, keyPair.getPublic());
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
} catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
示例9: createSignedCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
/**
* Create a certificate using key pair and signing certificate with CA certificate, common name and a list of subjective alternate name
*
* @return signed sever identity certificate
* */
@Override
public X509Certificate createSignedCertificate(PublicKey publicKey, PrivateKey privateKey, String commonName,
List<ASN1Encodable> sans)
throws CertificateException, IOException, OperatorCreationException, NoSuchProviderException,
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
X500Name issuer = new X509CertificateHolder(_issuerCertificate.getEncoded()).getSubject();
BigInteger serial = getSerial();
X500Name subject = getSubject(commonName);
X509v3CertificateBuilder x509v3CertificateBuilder =
new JcaX509v3CertificateBuilder(issuer, serial, getValidDateFrom(), getValidDateTo(), subject, publicKey);
buildExtensions(x509v3CertificateBuilder, publicKey);
fillSans(sans, x509v3CertificateBuilder);
X509Certificate signedCertificate = createCertificate(_issuerPrivateKey, x509v3CertificateBuilder);
signedCertificate.checkValidity();
signedCertificate.verify(_issuerCertificate.getPublicKey());
return signedCertificate;
}
示例10: x509v3CertificateBuilder
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public X509v3CertificateBuilder x509v3CertificateBuilder() {
final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
issuerPrincipal,
serialNumber,
Date.from(notBefore),
Date.from(notAfter),
subjectPrincipal,
subjectPublicKey
);
extensions.stream().forEach(ext -> {
try {
builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
} catch (final CertIOException ex) {
throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
}
});
return builder;
}
示例11: x509v3CertificateBuilder
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
public X509v3CertificateBuilder x509v3CertificateBuilder() {
final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
x509V3CertRequest.getIssuerPrincipal(),
x509V3CertRequest.getSerialNumber(),
Date.from(x509V3CertRequest.getNotBefore()),
Date.from(x509V3CertRequest.getNotAfter()),
x509V3CertRequest.getSubjectPrincipal(),
x509V3CertRequest.getSubjectPublicKey()
);
x509V3CertRequest.getExtensions().stream().forEach(ext -> {
try {
builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
} catch (final CertIOException ex) {
throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
}
});
return builder;
}
示例12: makeCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
/**
* create a basic X509 certificate from the given keys
*/
static X509Certificate makeCertificate(
KeyPair subKP,
String subDN,
KeyPair issKP,
String issDN)
throws GeneralSecurityException, IOException, OperatorCreationException
{
PublicKey subPub = subKP.getPublic();
PrivateKey issPriv = issKP.getPrivate();
PublicKey issPub = issKP.getPublic();
X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name(issDN), BigInteger.valueOf(serialNo++), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(subDN), subPub);
v3CertGen.addExtension(
X509Extension.subjectKeyIdentifier,
false,
createSubjectKeyId(subPub));
v3CertGen.addExtension(
X509Extension.authorityKeyIdentifier,
false,
createAuthorityKeyId(issPub));
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(issPriv)));
}
示例13: testServerIdentitiesCommonNameOnly
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>no other identifiers than its CommonName</li>
* </ul>
*/
@Test
public void testServerIdentitiesCommonNameOnly() throws Exception
{
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name( "CN=MyIssuer" ), // Issuer
BigInteger.valueOf( Math.abs( new SecureRandom().nextInt() ) ), // Random serial number
new Date( System.currentTimeMillis() - ( 1000L * 60 * 60 * 24 * 30 ) ), // Not before 30 days ago
new Date( System.currentTimeMillis() + ( 1000L * 60 * 60 * 24 * 99 ) ), // Not after 99 days from now
new X500Name( "CN=" + subjectCommonName ), // Subject
subjectKeyPair.getPublic()
);
final X509CertificateHolder certificateHolder = builder.build( contentSigner );
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certificateHolder );
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities( cert );
// Verify result
assertEquals( 1, serverIdentities.size() );
assertEquals( subjectCommonName, serverIdentities.get( 0 ) );
}
示例14: generateKey
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
private Pair<Key, X509Certificate> generateKey(String name)
throws GeneralSecurityException, OperatorCreationException {
logger.debug("generating self-signed cert for {}", name);
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", provider);
kpGen.initialize(1024, new SecureRandom());
KeyPair pair = kpGen.generateKeyPair();
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.OU, "None");
builder.addRDN(BCStyle.O, "None");
builder.addRDN(BCStyle.CN, name);
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(365, ChronoUnit.DAYS));
BigInteger serial = BigInteger.valueOf(now.getEpochSecond());
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter,
builder.build(), pair.getPublic());
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.setProvider(provider)
.build(pair.getPrivate());
X509Certificate cert = new JcaX509CertificateConverter()
.setProvider(provider)
.getCertificate(certGen.build(sigGen));
return Pair.of(pair.getPrivate(), cert);
}
示例15: generateCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入依赖的package包/类
private void generateCertificate() throws Exception {
Date NOT_BEFORE=new Date();
Calendar NOT_AFTER=Calendar.getInstance();
NOT_AFTER.add(Calendar.YEAR, 100);
X500Name subjectAndIssuer= new X500Name("CN=peercentrum node");
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
subjectAndIssuer, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER.getTime(), subjectAndIssuer, localPublicECKey);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withECDSA").setProvider(BC_PROVIDER).build(localPrivateECKey);
X509CertificateHolder certHolder = certificateBuilder.build(signer);
cert = new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(certHolder);
// if(certHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC_PROVIDER).build(localKeypair.getPublic()))==false){
// throw new Exception("Verification failed");
// }
cert.verify(localPublicECKey, BC_PROVIDER);
localCertificateChainArray=new Certificate[] {cert};
}