本文整理汇总了Java中org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder类的典型用法代码示例。如果您正苦于以下问题:Java PKCS10CertificationRequestBuilder类的具体用法?Java PKCS10CertificationRequestBuilder怎么用?Java PKCS10CertificationRequestBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
PKCS10CertificationRequestBuilder类属于org.bouncycastle.pkcs包,在下文中一共展示了PKCS10CertificationRequestBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: writeCertificationRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
//reading information from self-signed certificate
X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
Principal principal = cert.getSubjectDN();
//generate certification request
X500Name x500Name = new X500Name(principal.toString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
//write certification request
String csrString = csrToString(csr);
dest.write(csrString);
}
示例2: generateCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
示例3: generateRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
@Override
public CsrWithPrivateKey generateRequest(final DistinguishedName dn) {
final KeyPair pair = KeysUtil.generateKeyPair();
try {
final PrivateKey privateKey = pair.getPrivate();
final PublicKey publicKey = pair.getPublic();
final X500Name x500Name = dn.getX500Name();
final ContentSigner signGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM)
.build(privateKey);
final PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, publicKey);
final PKCS10CertificationRequest csr = builder.build(signGen);
return new CsrWithPrivateKeyImpl(csr, privateKey);
} catch (final OperatorCreationException e) {
throw new CaException(e);
}
}
示例4: generateCertSignRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* This method creates the PKCS10 Certificate Sign Request which is to be sent to the SCEP Server using the
* generated PublicKey of the client. The certificate parameters used here are the ones from the AgentManager
* which are the values read from the configurations file.
*
* @return the PKCS10CertificationRequest object created using the client specific configs and the generated
* PublicKey
* @throws AgentCoreOperationException if an error occurs when creating a content signer to sign the CSR.
*/
private PKCS10CertificationRequest generateCertSignRequest() throws AgentCoreOperationException {
// Build the CN for the cert we are requesting.
X500NameBuilder nameBld = new X500NameBuilder(BCStyle.INSTANCE);
nameBld.addRDN(BCStyle.CN, AgentManager.getInstance().getAgentConfigs().getDeviceName());
nameBld.addRDN(BCStyle.O, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.OU, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.UNIQUE_IDENTIFIER, AgentManager.getInstance().getAgentConfigs().getDeviceId());
X500Name principal = nameBld.build();
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(SIGNATURE_ALG).setProvider(PROVIDER);
ContentSigner contentSigner;
try {
contentSigner = contentSignerBuilder.build(this.privateKey);
} catch (OperatorCreationException e) {
String errorMsg = "Could not create content signer with private key.";
log.error(errorMsg);
throw new AgentCoreOperationException(errorMsg, e);
}
// Generate the certificate signing request (csr = PKCS10)
PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(principal,
this.publicKey);
return reqBuilder.build(contentSigner);
}
示例5: generationTest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
private void generationTest(int keySize, String keyName, String sigName, String provider)
throws Exception
{
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");
kpg.initialize(keySize);
KeyPair kp = kpg.genKeyPair();
X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBld.addRDN(BCStyle.C, "AU");
x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
x500NameBld.addRDN(BCStyle.L, "Melbourne");
x500NameBld.addRDN(BCStyle.ST, "Victoria");
x500NameBld.addRDN(BCStyle.EmailAddress, "[email protected]");
X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));
JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);
if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
{
fail(sigName + ": Failed verify check.");
}
if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
{
fail(keyName + ": Failed public key check.");
}
}
示例6: generateRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
private PKCS10CertificationRequest generateRequest(ConcurrentContentSigner signer,
SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn,
Map<ASN1ObjectIdentifier, ASN1Encodable> attributes) throws XiSecurityException {
ParamUtil.requireNonNull("signer", signer);
ParamUtil.requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
ParamUtil.requireNonNull("subjectDn", subjectDn);
PKCS10CertificationRequestBuilder csrBuilder =
new PKCS10CertificationRequestBuilder(subjectDn, subjectPublicKeyInfo);
if (CollectionUtil.isNonEmpty(attributes)) {
for (ASN1ObjectIdentifier attrType : attributes.keySet()) {
csrBuilder.addAttribute(attrType, attributes.get(attrType));
}
}
ConcurrentBagEntrySigner signer0;
try {
signer0 = signer.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
try {
return csrBuilder.build(signer0.value());
} finally {
signer.requiteSigner(signer0);
}
}
示例7: generateCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException {
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());
if(challenge!=null) {
DERPrintableString password = new DERPrintableString(challenge);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);
}
if(sanList.size()>0) {
GeneralName[] gna = new GeneralName[sanList.size()];
int i=-1;
for(String s : sanList) {
gna[++i]=new GeneralName(GeneralName.dNSName,s);
}
builder.addAttribute(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
new Extensions(new Extension[] {
new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())
})
);
}
// builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))
// .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature
// | KeyUsage.keyEncipherment));
try {
return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
} catch (OperatorCreationException e) {
throw new CertException(e);
}
}
示例8: createCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
private byte[] createCSR() throws IOException, OperatorCreationException {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
X500Name name = new X500NameBuilder()
.addRDN(BCStyle.CN, "issuer")
.build();
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(
Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(
Extension.extendedKeyUsage,
true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth }
));
GeneralNames subAtlNames = new GeneralNames(
new GeneralName[]{
new GeneralName(GeneralName.dNSName, "test.com"),
new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR),
}
);
extensionsGenerator.addExtension(
Extension.subjectAlternativeName, true, subAtlNames);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return PEMUtils.toPEM(csrBuilder.build(signer));
}
示例9: generateCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* Generate a CSR object.
*
* @param dn The CSR's Distinguished Name (DN).
* @param key The CSR's key pair
* @param extensions The CRT's extension objects.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CSR object.
* @throws IOException if an error occurs during generation.
*/
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key,
List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CSR generation ''{0}'' started...", dn);
// Initialize CSR builder
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
// Add custom extension objects
ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
for (X509ExtensionData extensionData : extensions) {
extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(),
extensionData.encode());
}
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
PKCS10CertificateRequest csr;
try {
// Sign CSR
ContentSigner csrSigner;
csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
csr = fromPKCS10(csrBuilder.build(csrSigner));
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CSR generation ''{0}'' done", dn);
return csr;
}
示例10: makeRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
private PKCS10CertificationRequest makeRequest(String subject, Extensions extensions) throws Exception {
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(subject), clientKeyPair.getPublic());
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
ContentSigner signGen = new JcaContentSignerBuilder(CertificateSigner.SIGNER_ALGORITHM).build(caKeyPair.getPrivate());
return builder.build(signGen);
}
示例11: getCertificateRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
private static PKCS10CertificationRequest getCertificateRequest(PublicKey publicKey, PrivateKey privateKey, String subject, Attribute extensions) {
try {
KeyPair keyPair = new KeyPair(publicKey, privateKey);
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(subject), keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("sha256WithRSA");
requestBuilder.addAttribute(extensions.getAttrType(), extensions.getAttrValues());
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
return requestBuilder.build(signer);
} catch (OperatorCreationException e) {
e.printStackTrace();
return null;
}
}
示例12: generateX509CSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey,
String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
// Create Distinguished Name
X500Principal subject = new X500Principal(x500Principal);
// Create ContentSigner
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
ContentSigner signer = csBuilder.build(privateKey);
// Create the CSR
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey);
// Add SubjectAlternativeNames (SAN) if specified
if (sanArray != null) {
ExtensionsGenerator extGen = new ExtensionsGenerator();
GeneralNames subjectAltNames = new GeneralNames(sanArray);
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
// write to openssl PEM format
PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
StringWriter strWriter;
try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
pemWriter.writeObject(pemObject);
}
return strWriter.toString();
}
示例13: sign
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* Signs the completed CSR.
*
* @param keypair
* {@link KeyPair} to sign the CSR with
*/
public void sign(KeyPair keypair) throws IOException {
Objects.requireNonNull(keypair, "keypair");
if (namelist.isEmpty()) {
throw new IllegalStateException("No domain was set");
}
try {
GeneralName[] gns = new GeneralName[namelist.size()];
for (int ix = 0; ix < namelist.size(); ix++) {
gns[ix] = new GeneralName(GeneralName.dNSName, namelist.get(ix));
}
GeneralNames subjectAltName = new GeneralNames(gns);
PKCS10CertificationRequestBuilder p10Builder =
new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), keypair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
PrivateKey pk = keypair.getPrivate();
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(
pk instanceof ECKey ? EC_SIGNATURE_ALG : SIGNATURE_ALG);
ContentSigner signer = csBuilder.build(pk);
csr = p10Builder.build(signer);
} catch (OperatorCreationException ex) {
throw new IOException("Could not generate CSR", ex);
}
}
示例14: newCertificateRequest
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public static PKCS10CertificationRequest newCertificateRequest(X500Name principal, KeyPair p) {
try {
PKCS10CertificationRequestBuilder b = new JcaPKCS10CertificationRequestBuilder(principal, p.getPublic());
ContentSigner s = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider("BC").build(p.getPrivate());
return b.build(s);
} catch(OperatorCreationException ex) {
Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex);
return null;
}
}
示例15: generateCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; //导入依赖的package包/类
public byte[] generateCSR(X500Name name) throws OperatorCreationException, IOException {
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, this.publicKey);
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(this.privateKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr.getEncoded();
}