本文整理汇总了Java中org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder类的典型用法代码示例。如果您正苦于以下问题:Java JcaContentVerifierProviderBuilder类的具体用法?Java JcaContentVerifierProviderBuilder怎么用?Java JcaContentVerifierProviderBuilder使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
JcaContentVerifierProviderBuilder类属于org.bouncycastle.operator.jcajce包,在下文中一共展示了JcaContentVerifierProviderBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifyOcspCertificates
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
/**
* Verifies an OCSP response against a KeyStore.
* @param ocsp the OCSP response
* @param keystore the <CODE>KeyStore</CODE>
* @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(certStoreX509.getPublicKey())))
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
示例2: loadCSR
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
/**
* Load a CSR from the specified URL.
*
* @param url The URL to load CSR from
* @return The CSR
* @throws CryptoException Problem encountered while loading the CSR
* @throws FileNotFoundException If the CSR file does not exist, is a directory rather than a regular file, or for
* some other reason cannot be opened for reading
* @throws IOException An I/O error occurred
*/
public static PKCS10CertificationRequest loadCSR(URL url)
throws CryptoException, IOException
{
// TODO: handle DER encoded requests too?
try (PEMParser pr = new PEMParser(new InputStreamReader(NetUtil.openGetStream(url))))
{
PKCS10CertificationRequest csr = (PKCS10CertificationRequest) pr.readObject();
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(csr.getSubjectPublicKeyInfo());
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyCsr.exception.message"));
}
return csr;
}
catch (ClassCastException | OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoLoadCsr.exception.message"), ex);
}
}
示例3: isSignedBy
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
@Override
public boolean isSignedBy(final CertificateToken issuerToken) {
if (this.issuerToken != null) {
return this.issuerToken.equals(issuerToken);
}
if (basicOCSPResp == null) {
return false;
}
try {
signatureInvalidityReason = "";
JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
final PublicKey publicKey = issuerToken.getCertificate().getPublicKey();
ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(publicKey);
signatureValid = basicOCSPResp.isSignatureValid(contentVerifierProvider);
if (signatureValid) {
this.issuerToken = issuerToken;
}
issuerX500Principal = issuerToken.getSubjectX500Principal();
} catch (Exception e) {
signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage();
signatureValid = false;
}
return signatureValid;
}
示例4: isSignatureValid
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
/**
* Checks to see if the signature in the OCSP request is valid.
*
* @param ocspReq The OCSP request.
* @return {@code true} if the signature is valid, {@code false} otherwise.
*/
private boolean isSignatureValid(OCSPReq ocspReq) throws OCSPException {
try {
return ocspReq.isSignatureValid(
new JcaContentVerifierProviderBuilder() // Can we reuse this builder?
.setProvider("BC")
.build(ocspReq.getCerts()[0])
);
} catch (CertificateException | OperatorCreationException e) {
LOG.warn("Could not read signature!", e);
return false;
}
}
示例5: makeV3Certificate
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
private static X509CertificateHolder makeV3Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
throws GeneralSecurityException, IOException, OperatorCreationException, CertException
{
PublicKey subPub = subKP.getPublic();
PrivateKey issPriv = issKP.getPrivate();
PublicKey issPub = issKP.getPublic();
X509v3CertificateBuilder v1CertGen = new JcaX509v3CertificateBuilder(
new X500Name(_issDN),
BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
new X500Name(_subDN),
subPub);
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(issPriv);
X509CertificateHolder certHolder = v1CertGen.build(signer);
ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(BC).build(issPub);
assertTrue(certHolder.isSignatureValid(verifier));
return certHolder;
}
示例6: generationTest
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
private void generationTest(int keySize, String keyName, String sigName, String provider)
throws Exception
{
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");
kpg.initialize(keySize);
KeyPair kp = kpg.genKeyPair();
X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBld.addRDN(BCStyle.C, "AU");
x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
x500NameBld.addRDN(BCStyle.L, "Melbourne");
x500NameBld.addRDN(BCStyle.ST, "Victoria");
x500NameBld.addRDN(BCStyle.EmailAddress, "[email protected]");
X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));
JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);
if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
{
fail(sigName + ": Failed verify check.");
}
if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
{
fail(keyName + ": Failed public key check.");
}
}
示例7: generatePKCS10CSR
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
/**
* Create a PKCS #10 certification request (CSR) using the supplied certificate and private key.
*
* @param cert The certificate
* @param privateKey The private key
* @throws CryptoException If there was a problem generating the CSR
* @return The CSR
*/
public static PKCS10CertificationRequest generatePKCS10CSR(X509Certificate cert, PrivateKey privateKey)
throws CryptoException
{
X500Name subject = new X500Name(cert.getSubjectDN().toString());
JcaPKCS10CertificationRequestBuilder csrBuilder =
new JcaPKCS10CertificationRequestBuilder(subject, cert.getPublicKey());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(cert.getSigAlgName());
try
{
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(cert);
PKCS10CertificationRequest csr = csrBuilder.build(signerBuilder.build(privateKey));
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyGenCsr.exception.message"));
}
return csr;
}
catch (OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoGenerateCsr.exception.message"), ex);
}
}
示例8: testProofOfPossessionWithoutSender
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProofOfPossessionWithoutSender()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
certReqBuild.setPublicKey(kp.getPublic())
.setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray())
.setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
.addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
.build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
// check that internal check on popo signing is working okay
try
{
certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()));
fail("IllegalStateException not thrown");
}
catch (IllegalStateException e)
{
// ignore
}
assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()));
assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
}
示例9: testProofOfPossessionWithSender
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProofOfPossessionWithSender()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
certReqBuild.setPublicKey(kp.getPublic())
.setAuthInfoSender(new X500Principal("CN=Test"))
.setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
.addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
.build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
// check that internal check on popo signing is working okay
try
{
certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray());
fail("IllegalStateException not thrown");
}
catch (IllegalStateException e)
{
// ignore
}
assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
}
示例10: testProofOfPossessionWithTemplate
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProofOfPossessionWithTemplate()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
certReqBuild.setPublicKey(kp.getPublic())
.setSubject(new X500Principal("CN=Test"))
.setAuthInfoSender(new X500Principal("CN=Test"))
.setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
.addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
.build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
}
示例11: testProtectedMessage
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProtectedMessage()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
.setBody(new PKIBody(PKIBody.TYPE_INIT_REP, CertRepMessage.getInstance(new DERSequence(new DERSequence()))))
.addCMPCertificate(cert)
.build(signer);
X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
assertTrue(message.verify(verifierProvider));
assertEquals(sender, message.getHeader().getSender());
assertEquals(recipient, message.getHeader().getRecipient());
}
示例12: testConfirmationMessage
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testConfirmationMessage()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
.addAcceptedCertificate(cert, BigInteger.valueOf(1))
.build(new JcaDigestCalculatorProviderBuilder().build());
ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
.setBody(new PKIBody(PKIBody.TYPE_CERT_CONFIRM, content.toASN1Structure()))
.addCMPCertificate(cert)
.build(signer);
X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
assertTrue(message.verify(verifierProvider));
assertEquals(sender, message.getHeader().getSender());
assertEquals(recipient, message.getHeader().getRecipient());
content = new CertificateConfirmationContent(CertConfirmContent.getInstance(message.getBody().getContent()));
CertificateStatus[] statusList = content.getStatusMessages();
assertEquals(1, statusList.length);
assertTrue(statusList[0].isVerified(cert, new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()));
}
示例13: testIrregularVersionReq
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
private void testIrregularVersionReq()
throws Exception
{
OCSPReq ocspRequest = new OCSPReq(irregReq);
X509CertificateHolder cert = ocspRequest.getCerts()[0];
if (!ocspRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(cert)))
{
fail("extra version encoding test failed");
}
}
示例14: testProofOfPossessionWithoutSender
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProofOfPossessionWithoutSender()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
certReqBuild.setPublicKey(kp.getPublic())
.setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray())
.setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Name("CN=test"))
.addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
.build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build());
// check that internal check on popo signing is working okay
try
{
certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()));
fail("IllegalStateException not thrown");
}
catch (IllegalStateException e)
{
// ignore
}
assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()));
assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
}
示例15: testProofOfPossessionWithSender
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; //导入依赖的package包/类
public void testProofOfPossessionWithSender()
throws Exception
{
KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
kGen.initialize(512);
KeyPair kp = kGen.generateKeyPair();
X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
certReqBuild.setPublicKey(kp.getPublic())
.setAuthInfoSender(new X500Name("CN=Test"))
.setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Name("CN=test"))
.addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
.build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build());
// check that internal check on popo signing is working okay
try
{
certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray());
fail("IllegalStateException not thrown");
}
catch (IllegalStateException e)
{
// ignore
}
assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
}