本文整理汇总了Java中org.bouncycastle.jce.X509KeyUsage类的典型用法代码示例。如果您正苦于以下问题:Java X509KeyUsage类的具体用法?Java X509KeyUsage怎么用?Java X509KeyUsage使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
X509KeyUsage类属于org.bouncycastle.jce包,在下文中一共展示了X509KeyUsage类的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createPSSCert
import org.bouncycastle.jce.X509KeyUsage; //导入依赖的package包/类
private void createPSSCert(String algorithm)
throws Exception
{
KeyPair pair = generateLongFixedKeys();
PrivateKey privKey = pair.getPrivate();
PublicKey pubKey = pair.getPublic();
//
// distinguished name table.
//
X500NameBuilder builder = createStdBuilder();
//
// create base certificate - version 3
//
ContentSigner sigGen = new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey);
JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),
new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
new X509KeyUsage(X509KeyUsage.encipherOnly));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
new GeneralNames(new GeneralName(GeneralName.rfc822Name, "[email protected]")));
X509Certificate baseCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
baseCert.verify(pubKey);
}
示例2: addCertificateExtensions
import org.bouncycastle.jce.X509KeyUsage; //导入依赖的package包/类
private static void addCertificateExtensions(PublicKey pubKey,
PublicKey caPubKey, X509V3CertificateGenerator certGen)
throws IOException, InvalidKeyException {
// CertificateExtensions ext = new CertificateExtensions();
//
// ext.set(SubjectKeyIdentifierExtension.NAME,
// new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey)
// .getIdentifier()));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(pubKey));
//
// ext.set(AuthorityKeyIdentifierExtension.NAME,
// new AuthorityKeyIdentifierExtension(
// new KeyIdentifier(caPubKey), null, null));
//
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caPubKey));
// // Basic Constraints
// ext.set(BasicConstraintsExtension.NAME, new
// BasicConstraintsExtension(
// /* isCritical */true, /* isCA */false, /* pathLen */5));
//
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
// Netscape Cert Type Extension
// boolean[] ncteOk = new boolean[8];
// ncteOk[0] = true; // SSL_CLIENT
// ncteOk[1] = true; // SSL_SERVER
// NetscapeCertTypeExtension ncte = new
// NetscapeCertTypeExtension(ncteOk);
// ncte = new NetscapeCertTypeExtension(false,
// ncte.getExtensionValue());
// ext.set(NetscapeCertTypeExtension.NAME, ncte);
// Key Usage Extension
// boolean[] kueOk = new boolean[9];
// kueOk[0] = true;
// kueOk[2] = true;
// "digitalSignature", // (0),
// "nonRepudiation", // (1)
// "keyEncipherment", // (2),
// "dataEncipherment", // (3),
// "keyAgreement", // (4),
// "keyCertSign", // (5),
// "cRLSign", // (6),
// "encipherOnly", // (7),
// "decipherOnly", // (8)
// "contentCommitment" // also (1)
// KeyUsageExtension kue = new KeyUsageExtension(kueOk);
// ext.set(KeyUsageExtension.NAME, kue);
certGen.addExtension(X509Extensions.KeyUsage, true, new X509KeyUsage(
X509KeyUsage.digitalSignature + X509KeyUsage.keyEncipherment));
// Extended Key Usage Extension
// int[] serverAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 1 };
// ObjectIdentifier serverAuthOid = new
// ObjectIdentifier(serverAuthOidData);
// int[] clientAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 2 };
// ObjectIdentifier clientAuthOid = new
// ObjectIdentifier(clientAuthOidData);
// Vector<ObjectIdentifier> v = new Vector<ObjectIdentifier>();
// v.add(serverAuthOid);
// v.add(clientAuthOid);
// ExtendedKeyUsageExtension ekue = new ExtendedKeyUsageExtension(false,
// v);
// ext.set(ExtendedKeyUsageExtension.NAME, ekue);
// ExtendedKeyUsage extendedKeyUsage = new
// ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage);
Vector<KeyPurposeId> usages = new Vector<KeyPurposeId>();
usages.add(KeyPurposeId.id_kp_serverAuth);
usages.add(KeyPurposeId.id_kp_clientAuth);
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(usages));
}
示例3: createPSSCert
import org.bouncycastle.jce.X509KeyUsage; //导入依赖的package包/类
private void createPSSCert(String algorithm)
throws Exception
{
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16));
RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16),
new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
PrivateKey privKey = fact.generatePrivate(privKeySpec);
PublicKey pubKey = fact.generatePublic(pubKeySpec);
//
// distinguished name table.
//
Hashtable attrs = new Hashtable();
attrs.put(X509Principal.C, "AU");
attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
attrs.put(X509Principal.L, "Melbourne");
attrs.put(X509Principal.ST, "Victoria");
attrs.put(X509Principal.E, "[email protected]");
Vector ord = new Vector();
Vector values = new Vector();
ord.addElement(X509Principal.C);
ord.addElement(X509Principal.O);
ord.addElement(X509Principal.L);
ord.addElement(X509Principal.ST);
ord.addElement(X509Principal.E);
values.addElement("AU");
values.addElement("The Legion of the Bouncy Castle");
values.addElement("Melbourne");
values.addElement("Victoria");
values.addElement("[email protected]");
//
// create base certificate - version 3
//
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X509Principal(attrs));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal(attrs));
certGen.setPublicKey(pubKey);
certGen.setSignatureAlgorithm(algorithm);
certGen.addExtension("2.5.29.15", true,
new X509KeyUsage(X509KeyUsage.encipherOnly));
certGen.addExtension("2.5.29.37", true,
new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
certGen.addExtension("2.5.29.17", true,
new GeneralNames(new GeneralName(GeneralName.rfc822Name, "[email protected]")));
X509Certificate baseCert = certGen.generate(privKey, "BC");
baseCert.verify(pubKey);
}
示例4: genCert
import org.bouncycastle.jce.X509KeyUsage; //导入依赖的package包/类
public static X509Certificate genCert(String dn, long validity, String policyId, PrivateKey privKey,
PublicKey pubKey, boolean isCA, String caDn, PrivateKey caPrivateKey, PublicKey acPubKey)
throws NoSuchAlgorithmException, SignatureException, InvalidKeyException,
CertificateEncodingException, IllegalStateException {
// Create self signed certificate
String sigAlg = "SHA1WithRSA";
Date firstDate = new Date();
// Set back startdate ten minutes to avoid some problems with wrongly set clocks.
firstDate.setTime(firstDate.getTime() - (10 * 60 * 1000));
Date lastDate = new Date();
// validity in days = validity*24*60*60*1000 milliseconds
lastDate.setTime(lastDate.getTime() + (validity * (24 * 60 * 60 * 1000)));
X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
// Serialnumber is random bits, where random generator is initialized with Date.getTime() when this
// bean is created.
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
certgen.setSerialNumber((new java.math.BigInteger(serno)).abs());
certgen.setNotBefore(firstDate);
certgen.setNotAfter(lastDate);
certgen.setSignatureAlgorithm(sigAlg);
certgen.setSubjectDN(CertTools.stringToBcX509Name(dn));
certgen.setIssuerDN(CertTools.stringToBcX509Name(caDn));
certgen.setPublicKey(pubKey);
// Basic constranits is always critical and MUST be present at-least in CA-certificates.
BasicConstraints bc = new BasicConstraints(isCA);
certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc);
// Put critical KeyUsage in CA-certificates
if (false) {
//if (isCA == true) {
int keyusage = X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign;
X509KeyUsage ku = new X509KeyUsage(keyusage);
certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku);
}
// Subject and Authority key identifier is always non-critical and MUST be present for certificates to verify in Mozilla.
try {
if (false) {
//if (isCA == true) {
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
new ByteArrayInputStream(pubKey.getEncoded())).readObject());
SubjectKeyIdentifier ski = new SubjectKeyIdentifier(spki);
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
new ByteArrayInputStream(acPubKey.getEncoded())).readObject());
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
certgen.addExtension(X509Extensions.SubjectKeyIdentifier.getId(), false, ski);
certgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(), false, aki);
}
} catch (IOException e) { // do nothing
}
// CertificatePolicies extension if supplied policy ID, always non-critical
if (policyId != null) {
PolicyInformation pi = new PolicyInformation(new DERObjectIdentifier(policyId));
DERSequence seq = new DERSequence(pi);
certgen.addExtension(X509Extensions.CertificatePolicies.getId(), false, seq);
}
X509Certificate cert = certgen.generate(caPrivateKey);
return cert;
}