本文整理汇总了Java中org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder类的典型用法代码示例。如果您正苦于以下问题:Java JcaPKCS10CertificationRequestBuilder类的具体用法?Java JcaPKCS10CertificationRequestBuilder怎么用?Java JcaPKCS10CertificationRequestBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
JcaPKCS10CertificationRequestBuilder类属于org.bouncycastle.pkcs.jcajce包,在下文中一共展示了JcaPKCS10CertificationRequestBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createSigningRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* Creates and returns the content of a new singing request for the specified certificate. Signing
* requests are required by Certificate Authorities as part of their signing process. The signing request
* contains information about the certificate issuer, subject DN, subject alternative names and public key.
* Private keys are not included. After the Certificate Authority verified and signed the certificate a new
* certificate is going to be returned.
*
* @param cert the certificate to create a signing request.
* @param privKey the private key of the certificate.
* @return the content of a new singing request for the specified certificate.
*/
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException {
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( //
cert.getSubjectX500Principal(), //
cert.getPublicKey() //
);
String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
StringWriter string = new StringWriter();
PemWriter pemWriter = new PemWriter(string);
PemObjectGenerator objGen = new MiscPEMGenerator(csr);
pemWriter.writeObject(objGen);
pemWriter.close();
return string.toString();
}
示例2: writeCertificationRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
//reading information from self-signed certificate
X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
Principal principal = cert.getSubjectDN();
//generate certification request
X500Name x500Name = new X500Name(principal.toString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
//write certification request
String csrString = csrToString(csr);
dest.write(csrString);
}
示例3: generateCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
示例4: buildCertificateRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
@Override
public String buildCertificateRequest() {
try {
CompanyInfo companyInfo = wsaaDao.loadActiveCompanyInfo();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PEMKeyPair pemPrivateKey = fromPem(companyInfo.getPrivateKey());
PrivateKey privateKey = converter.getPrivateKey(pemPrivateKey
.getPrivateKeyInfo());
PEMKeyPair pemPublicKey = fromPem(companyInfo.getPrivateKey());
PublicKey publicKey = converter.getPublicKey(pemPublicKey
.getPublicKeyInfo());
X500Principal subject = new X500Principal(companyInfo.buildSource());
ContentSigner signGen = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
.build(privateKey);
PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey).build(signGen);
return toPem(csr);
} catch (IOException | OperatorCreationException e) {
throw Throwables.propagate(e);
}
}
示例5: generateCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
public PKCS10CertificationRequest generateCSR(User user, KeyPair key) throws OperatorCreationException {
X500Name x500User = new X500NameBuilder()
.addRDN(BCStyle.C, user.getCountryName())
.addRDN(BCStyle.ST, user.getProvinceName())
.addRDN(BCStyle.L, user.getLocalityName())
.addRDN(BCStyle.O, user.getOrganizationName())
.addRDN(BCStyle.OU, user.getOrganizationUnitName())
.addRDN(BCStyle.CN, user.getCommonName())
.addRDN(BCStyle.EmailAddress, user.getEmailAddress())
.build();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500User, key.getPublic());
user.setPrivateKey(key.getPrivate().getEncoded());
JcaContentSignerBuilder csBuilder= new JcaContentSignerBuilder("SHA512WithRSAEncryption");
ContentSigner signer = csBuilder.build(key.getPrivate());
return p10Builder.build(signer);
}
示例6: generateCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
示例7: generateRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
@Override
public CsrWithPrivateKey generateRequest(final DistinguishedName dn) {
final KeyPair pair = KeysUtil.generateKeyPair();
try {
final PrivateKey privateKey = pair.getPrivate();
final PublicKey publicKey = pair.getPublic();
final X500Name x500Name = dn.getX500Name();
final ContentSigner signGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM)
.build(privateKey);
final PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, publicKey);
final PKCS10CertificationRequest csr = builder.build(signGen);
return new CsrWithPrivateKeyImpl(csr, privateKey);
} catch (final OperatorCreationException e) {
throw new CaException(e);
}
}
示例8: generateCertSignRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* This method creates the PKCS10 Certificate Sign Request which is to be sent to the SCEP Server using the
* generated PublicKey of the client. The certificate parameters used here are the ones from the AgentManager
* which are the values read from the configurations file.
*
* @return the PKCS10CertificationRequest object created using the client specific configs and the generated
* PublicKey
* @throws AgentCoreOperationException if an error occurs when creating a content signer to sign the CSR.
*/
private PKCS10CertificationRequest generateCertSignRequest() throws AgentCoreOperationException {
// Build the CN for the cert we are requesting.
X500NameBuilder nameBld = new X500NameBuilder(BCStyle.INSTANCE);
nameBld.addRDN(BCStyle.CN, AgentManager.getInstance().getAgentConfigs().getDeviceName());
nameBld.addRDN(BCStyle.O, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.OU, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.UNIQUE_IDENTIFIER, AgentManager.getInstance().getAgentConfigs().getDeviceId());
X500Name principal = nameBld.build();
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(SIGNATURE_ALG).setProvider(PROVIDER);
ContentSigner contentSigner;
try {
contentSigner = contentSignerBuilder.build(this.privateKey);
} catch (OperatorCreationException e) {
String errorMsg = "Could not create content signer with private key.";
log.error(errorMsg);
throw new AgentCoreOperationException(errorMsg, e);
}
// Generate the certificate signing request (csr = PKCS10)
PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(principal,
this.publicKey);
return reqBuilder.build(contentSigner);
}
示例9: createSigningRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* This method creates a new certificate signing request (CSR) using the specified key pair
* and subject string. This is a convenience method that really should be part of the
* <code>CertificateManagement</code> interface except that it depends on a Bouncy Castle
* class in the signature. The java security framework does not have a similar class so it
* has been left out of the interface.
*
* @param privateKey The private key to be used to sign the request.
* @param publicKey The corresponding public key that is to be wrapped in the new certificate.
* @param subjectString The subject string to be included in the generated certificate.
*
* @return The newly created CSR.
*/
public PKCS10CertificationRequest createSigningRequest(PrivateKey privateKey,
PublicKey publicKey, String subjectString) {
try {
logger.entry();
logger.debug("Creating the CSR...");
X500Principal subject = new X500Principal(subjectString);
ContentSigner signer = new JcaContentSignerBuilder(ASYMMETRIC_SIGNATURE_ALGORITHM).build(privateKey);
PKCS10CertificationRequest result = new JcaPKCS10CertificationRequestBuilder(subject, publicKey)
.setLeaveOffEmptyAttributes(true).build(signer);
logger.exit();
return result;
} catch (OperatorCreationException e) {
RuntimeException exception = new RuntimeException("An unexpected exception occurred while attempting to generate a new certificate signing request.", e);
logger.error(exception.toString());
throw exception;
}
}
示例10: generationTest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
private void generationTest(int keySize, String keyName, String sigName, String provider)
throws Exception
{
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");
kpg.initialize(keySize);
KeyPair kp = kpg.genKeyPair();
X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBld.addRDN(BCStyle.C, "AU");
x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
x500NameBld.addRDN(BCStyle.L, "Melbourne");
x500NameBld.addRDN(BCStyle.ST, "Victoria");
x500NameBld.addRDN(BCStyle.EmailAddress, "[email protected]");
X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));
JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);
if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
{
fail(sigName + ": Failed verify check.");
}
if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
{
fail(keyName + ": Failed public key check.");
}
}
示例11: generatePKCS10CSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* Create a PKCS #10 certification request (CSR) using the supplied certificate and private key.
*
* @param cert The certificate
* @param privateKey The private key
* @throws CryptoException If there was a problem generating the CSR
* @return The CSR
*/
public static PKCS10CertificationRequest generatePKCS10CSR(X509Certificate cert, PrivateKey privateKey)
throws CryptoException
{
X500Name subject = new X500Name(cert.getSubjectDN().toString());
JcaPKCS10CertificationRequestBuilder csrBuilder =
new JcaPKCS10CertificationRequestBuilder(subject, cert.getPublicKey());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(cert.getSigAlgName());
try
{
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(cert);
PKCS10CertificationRequest csr = csrBuilder.build(signerBuilder.build(privateKey));
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyGenCsr.exception.message"));
}
return csr;
}
catch (OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoGenerateCsr.exception.message"), ex);
}
}
示例12: generateCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException {
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());
if(challenge!=null) {
DERPrintableString password = new DERPrintableString(challenge);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);
}
if(sanList.size()>0) {
GeneralName[] gna = new GeneralName[sanList.size()];
int i=-1;
for(String s : sanList) {
gna[++i]=new GeneralName(GeneralName.dNSName,s);
}
builder.addAttribute(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
new Extensions(new Extension[] {
new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())
})
);
}
// builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))
// .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature
// | KeyUsage.keyEncipherment));
try {
return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
} catch (OperatorCreationException e) {
throw new CertException(e);
}
}
示例13: createCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
private byte[] createCSR() throws IOException, OperatorCreationException {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
X500Name name = new X500NameBuilder()
.addRDN(BCStyle.CN, "issuer")
.build();
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(
Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(
Extension.extendedKeyUsage,
true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth }
));
GeneralNames subAtlNames = new GeneralNames(
new GeneralName[]{
new GeneralName(GeneralName.dNSName, "test.com"),
new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR),
}
);
extensionsGenerator.addExtension(
Extension.subjectAlternativeName, true, subAtlNames);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return PEMUtils.toPEM(csrBuilder.build(signer));
}
示例14: generateCSR
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
/**
* Generate a CSR object.
*
* @param dn The CSR's Distinguished Name (DN).
* @param key The CSR's key pair
* @param extensions The CRT's extension objects.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CSR object.
* @throws IOException if an error occurs during generation.
*/
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key,
List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CSR generation ''{0}'' started...", dn);
// Initialize CSR builder
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
// Add custom extension objects
ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
for (X509ExtensionData extensionData : extensions) {
extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(),
extensionData.encode());
}
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
PKCS10CertificateRequest csr;
try {
// Sign CSR
ContentSigner csrSigner;
csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
csr = fromPKCS10(csrBuilder.build(csrSigner));
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CSR generation ''{0}'' done", dn);
return csr;
}
示例15: makeRequest
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; //导入依赖的package包/类
private PKCS10CertificationRequest makeRequest(String subject, Extensions extensions) throws Exception {
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(subject), clientKeyPair.getPublic());
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
ContentSigner signGen = new JcaContentSignerBuilder(CertificateSigner.SIGNER_ALGORITHM).build(caKeyPair.getPrivate());
return builder.build(signGen);
}