当前位置: 首页>>代码示例>>Java>>正文

Java PKCS10CertificationRequest类代码示例

本文整理汇总了Java中org.bouncycastle.pkcs.PKCS10CertificationRequest的典型用法代码示例。如果您正苦于以下问题:Java PKCS10CertificationRequest类的具体用法?Java PKCS10CertificationRequest怎么用?Java PKCS10CertificationRequest使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


PKCS10CertificationRequest类属于org.bouncycastle.pkcs包,在下文中一共展示了PKCS10CertificationRequest类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: testGenerateX509CertificateReqPrivateKey

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Test
public void testGenerateX509CertificateReqPrivateKey() throws IOException {
    
    Path path = Paths.get("src/test/resources/valid.csr");
    String certStr = new String(Files.readAllBytes(path));
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
    X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);

    X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
            caCertificate, 600, false);
    assertNotNull(cert);
    assertEquals(cert.getIssuerX500Principal().getName(),
            "CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
开发者ID:yahoo,项目名称:athenz,代码行数:17,代码来源:CryptoTest.java

示例2: testGenerateX509CertificateInvalid

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Test
public void testGenerateX509CertificateInvalid() throws IOException {
    
    Path path = Paths.get("src/test/resources/valid.csr");
    String certStr = new String(Files.readAllBytes(path));
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);

    try {
        Crypto.generateX509Certificate(certReq, caPrivateKey, (X500Name) null, 600, true);
        fail();
    } catch (CryptoException ex) {
        assertTrue(true, "Caught excepted exception");
    }
}
开发者ID:yahoo,项目名称:athenz,代码行数:17,代码来源:CryptoTest.java

示例3: getPKCS10CertRequest

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
public static PKCS10CertificationRequest getPKCS10CertRequest(String csr) {
    
    if (csr == null || csr.isEmpty()) {
        LOG.error("getPKCS10CertRequest: CSR is null or empty");
        throw new CryptoException("CSR is null or empty");
    }
    
    try {
        Reader csrReader = new StringReader(csr);
        try (PEMParser pemParser = new PEMParser(csrReader)) {
            Object pemObj = pemParser.readObject();
            if (pemObj instanceof PKCS10CertificationRequest) {
                return (PKCS10CertificationRequest) pemObj;
            }
        }
    } catch (IOException ex) {
        LOG.error("getPKCS10CertRequest: unable to parse csr: " + ex.getMessage());
        throw new CryptoException(ex);
    }

    return null;
}
开发者ID:yahoo,项目名称:athenz,代码行数:23,代码来源:Crypto.java

示例4: extractX509CSRDnsNames

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
    
    List<String> dnsNames = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.dNSName) {
                    dnsNames.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return dnsNames;
}
开发者ID:yahoo,项目名称:athenz,代码行数:18,代码来源:Crypto.java

示例5: createSigningRequest

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
/**
 * Creates and returns the content of a new singing request for the specified certificate. Signing
 * requests are required by Certificate Authorities as part of their signing process. The signing request
 * contains information about the certificate issuer, subject DN, subject alternative names and public key.
 * Private keys are not included. After the Certificate Authority verified and signed the certificate a new
 * certificate is going to be returned.
 *
 * @param cert the certificate to create a signing request.
 * @param privKey the private key of the certificate.
 * @return the content of a new singing request for the specified certificate.
 */
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException {

    JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( //
            cert.getSubjectX500Principal(), //
            cert.getPublicKey() //
            );

    String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();

    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
    PKCS10CertificationRequest csr = csrBuilder.build(signer);

    StringWriter string = new StringWriter();
    PemWriter pemWriter = new PemWriter(string);

    PemObjectGenerator objGen = new MiscPEMGenerator(csr);
    pemWriter.writeObject(objGen);
    pemWriter.close();

    return string.toString();
}
开发者ID:igniterealtime,项目名称:Openfire,代码行数:33,代码来源:CertificateManager.java

示例6: loadCSR

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
/**
 * Load a CSR from the specified URL.
 * 
 * @param url The URL to load CSR from
 * @return The CSR
 * @throws CryptoException Problem encountered while loading the CSR
 * @throws FileNotFoundException If the CSR file does not exist, is a directory rather than a regular file, or for
 *             some other reason cannot be opened for reading
 * @throws IOException An I/O error occurred
 */
public static PKCS10CertificationRequest loadCSR(URL url)
    throws CryptoException, IOException
{
	// TODO: handle DER encoded requests too?
	try (PEMParser pr = new PEMParser(new InputStreamReader(NetUtil.openGetStream(url))))
	{
		PKCS10CertificationRequest csr = (PKCS10CertificationRequest) pr.readObject();
		ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(csr.getSubjectPublicKeyInfo());

		if (!csr.isSignatureValid(prov))
		{
			throw new CryptoException(RB.getString("NoVerifyCsr.exception.message"));
		}

		return csr;
	}
	catch (ClassCastException | OperatorCreationException | PKCSException ex)
	{
		throw new CryptoException(RB.getString("NoLoadCsr.exception.message"), ex);
	}
}
开发者ID:gavioto,项目名称:portecle,代码行数:32,代码来源:X509CertUtil.java

示例7: writeCertificationRequest

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
	//reading information from self-signed certificate
	X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
	KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
	Principal principal = cert.getSubjectDN();
	
	//generate certification request
	X500Name x500Name = new X500Name(principal.toString());
	PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
		    x500Name, keyPair.getPublic());
	JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
	ContentSigner signer = csBuilder.build(keyPair.getPrivate());
	PKCS10CertificationRequest csr = p10Builder.build(signer);
	
	//write certification request
	String csrString = csrToString(csr);
	dest.write(csrString);
}
开发者ID:aktin,项目名称:ca,代码行数:20,代码来源:CertificateManager.java

示例8: generateCSR

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
        throws IOException, OperatorCreationException {
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(
                    new KeyPurposeId[] {
                            KeyPurposeId.id_kp_clientAuth,
                            KeyPurposeId.id_kp_serverAuth
                    }
            ));
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());

    PKCS10CertificationRequest csr =
            new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
            .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
            .build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    return PEMUtils.toPEM(csr);
}
开发者ID:mesosphere,项目名称:dcos-commons,代码行数:20,代码来源:TLSArtifactsGenerator.java

示例9: registerInstance

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
AthenzCredentials registerInstance() {
    KeyPair keyPair = CryptoUtils.createKeyPair();
    String rawDocument = identityDocumentService.getSignedIdentityDocument();
    SignedIdentityDocument document = parseSignedIdentityDocument(rawDocument);
    PKCS10CertificationRequest csr = CryptoUtils.createCSR(identityConfig.domain(),
                                                           identityConfig.service(),
                                                           document.dnsSuffix,
                                                           document.providerUniqueId,
                                                           keyPair);
    InstanceRegisterInformation instanceRegisterInformation =
            new InstanceRegisterInformation(document.providerService,
                                            identityConfig.domain(),
                                            identityConfig.service(),
                                            rawDocument,
                                            CryptoUtils.toPem(csr));
    InstanceIdentity instanceIdentity = athenzService.sendInstanceRegisterRequest(instanceRegisterInformation,
                                                                                  document.ztsEndpoint);
    return toAthenzCredentials(instanceIdentity, keyPair, document);
}
开发者ID:vespa-engine,项目名称:vespa,代码行数:20,代码来源:AthenzCredentialsService.java

示例10: updateCredentials

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
AthenzCredentials updateCredentials(AthenzCredentials currentCredentials) {
    SignedIdentityDocument document = currentCredentials.getIdentityDocument();
    KeyPair newKeyPair = CryptoUtils.createKeyPair();
    PKCS10CertificationRequest csr = CryptoUtils.createCSR(identityConfig.domain(),
                                                           identityConfig.service(),
                                                           document.dnsSuffix,
                                                           document.providerUniqueId,
                                                           newKeyPair);
    InstanceRefreshInformation refreshInfo = new InstanceRefreshInformation(CryptoUtils.toPem(csr));
    InstanceIdentity instanceIdentity =
            athenzService.sendInstanceRefreshRequest(document.providerService,
                                                     identityConfig.domain(),
                                                     identityConfig.service(),
                                                     document.providerUniqueId,
                                                     refreshInfo,
                                                     document.ztsEndpoint,
                                                     currentCredentials.getCertificate(),
                                                     currentCredentials.getKeyPair().getPrivate());
    return toAthenzCredentials(instanceIdentity, newKeyPair, document);
}
开发者ID:vespa-engine,项目名称:vespa,代码行数:21,代码来源:AthenzCredentialsService.java

示例11: buildCertificateRequest

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Override
public String buildCertificateRequest() {
	try {
		CompanyInfo companyInfo = wsaaDao.loadActiveCompanyInfo();

		JcaPEMKeyConverter converter = new JcaPEMKeyConverter();

		PEMKeyPair pemPrivateKey = fromPem(companyInfo.getPrivateKey());
		PrivateKey privateKey = converter.getPrivateKey(pemPrivateKey
				.getPrivateKeyInfo());
		PEMKeyPair pemPublicKey = fromPem(companyInfo.getPrivateKey());
		PublicKey publicKey = converter.getPublicKey(pemPublicKey
				.getPublicKeyInfo());

		X500Principal subject = new X500Principal(companyInfo.buildSource());
		ContentSigner signGen = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
				.build(privateKey);

		PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(
				subject, publicKey).build(signGen);

		return toPem(csr);
	} catch (IOException | OperatorCreationException e) {
		throw Throwables.propagate(e);
	}
}
开发者ID:NibiruOS,项目名称:afip,代码行数:27,代码来源:BouncyCastleWsaaManager.java

示例12: testGenerateInstanceRefreshRequestSubDomain

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Test
public void testGenerateInstanceRefreshRequestSubDomain() {
    
    File privkey = new File("./src/test/resources/test_private_k0.pem");
    PrivateKey privateKey = Crypto.loadPrivateKey(privkey);

    InstanceRefreshRequest req = ZTSClient.generateInstanceRefreshRequest("coretech.system",
            "test", privateKey, "aws", 3600);
    assertNotNull(req);
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(req.getCsr());
    assertEquals("coretech.system.test", Crypto.extractX509CSRCommonName(certReq));

    X500Name x500name = certReq.getSubject();
    RDN cnRdn = x500name.getRDNs(BCStyle.CN)[0];
    assertEquals("coretech.system.test", IETFUtils.valueToString(cnRdn.getFirst().getValue()));
    assertEquals("test.coretech-system.aws.athenz.cloud", Crypto.extractX509CSRDnsNames(certReq).get(0));
}
开发者ID:yahoo,项目名称:athenz,代码行数:19,代码来源:ZTSClientTest.java

示例13: extractX509CSRIPAddresses

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) {
   
    List<String> ipAddresses = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.iPAddress) {
                    try {
                        InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets());
                        ipAddresses.add(addr.getHostAddress());
                    } catch (UnknownHostException e) {
                    }
                }
            }
        }
    }
    return ipAddresses;
}
开发者ID:yahoo,项目名称:athenz,代码行数:22,代码来源:Crypto.java

示例14: testGenerateX509Certificate

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Test
public void testGenerateX509Certificate() throws IOException {
    
    Path path = Paths.get("src/test/resources/valid.csr");
    String certStr = new String(Files.readAllBytes(path));
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
    X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(privateEncryptedKey, encryptedKeyPassword);

    X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
            caCertificate, 600, false);
    assertNotNull(cert);
    assertEquals(cert.getIssuerX500Principal().getName(),
            "CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
    
    Date notAfter = cert.getNotAfter();
    long diff = notAfter.getTime() - System.currentTimeMillis();
    assertTrue(diff <= 600 * 60 * 1000); // convert minutes to milliseconds
}
开发者ID:yahoo,项目名称:athenz,代码行数:21,代码来源:CryptoTest.java

示例15: testComparePublicKeysCertCSRFailure

import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入依赖的package包/类
@Test
public void testComparePublicKeysCertCSRFailure() throws IOException {
    
    Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
    String csr = new String(Files.readAllBytes(path));
    
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    
    PKCS10CertificationRequest req = Mockito.mock(PKCS10CertificationRequest.class);
    Mockito.when(req.getSubjectPublicKeyInfo()).thenReturn(null);
    certReq.setCertReq(req);

    path = Paths.get("src/test/resources/valid_provider_refresh.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    
    assertFalse(certReq.comparePublicKeys(cert));
}
开发者ID:yahoo,项目名称:athenz,代码行数:20,代码来源:X509CertRequestTest.java


注:本文中的org.bouncycastle.pkcs.PKCS10CertificationRequest类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。