本文整理汇总了Java中org.spongycastle.cert.X509CertificateHolder类的典型用法代码示例。如果您正苦于以下问题:Java X509CertificateHolder类的具体用法?Java X509CertificateHolder怎么用?Java X509CertificateHolder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
X509CertificateHolder类属于org.spongycastle.cert包,在下文中一共展示了X509CertificateHolder类的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: setCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public void setCertificate(byte[] certificateBytes){
try {
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
this.certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (Exception e) {
Log.e("Server", "setCertificate");
Log.e("StackTrace", Log.getStackTraceString(e));
}
}
示例2: getCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private static X509Certificate getCertificate(Context c){
SharedPreferences deviceKeyPref = c.getSharedPreferences(c.getString(R.string.device_key_and_cert), MODE_PRIVATE);
try {
byte[] certificateBytes = Base64.decode(deviceKeyPref.getString(c.getString(R.string.certificate), ""), Base64.DEFAULT);
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (Exception e) {
Log.e("TlsHelper", "getCertificate");
Log.e("StackTrace", Log.getStackTraceString(e));
return null;
}
}
示例3: generateSelfSignedCertChain
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname)
throws CertificateException, OperatorCreationException, IOException {
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(
ASN1Sequence.getInstance(pubKey.getEncoded()));
Date now = new Date(); // now
/* force it to use a English/Gregorian dates for the cert, hardly anyone
ever looks at the cert metadata anyway, and its very likely that they
understand English/Gregorian dates */
Calendar c = new GregorianCalendar(Locale.ENGLISH);
c.setTime(now);
c.add(Calendar.YEAR, 1);
Time startTime = new Time(now, Locale.ENGLISH);
Time endTime = new Time(c.getTime(), Locale.ENGLISH);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
subject,
BigInteger.valueOf(rand.nextLong()),
startTime,
endTime,
subject,
subPubKeyInfo);
if (hostname != null) {
GeneralNames subjectAltName = new GeneralNames(
new GeneralName(GeneralName.iPAddress, hostname));
v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
}
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
示例4: generateSignedCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static X509Certificate generateSignedCertificate(X509Certificate caCertificate, PrivateKey caPrivateKey, PublicKey publicKey, String CN)
throws NoSuchAlgorithmException, OperatorCreationException, CertificateException,
KeyStoreException, UnrecoverableKeyException, IOException,
InvalidKeyException, NoSuchPaddingException, InvalidParameterSpecException,
InvalidKeySpecException, InvalidAlgorithmParameterException, IllegalBlockSizeException,
BadPaddingException {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.CN, CN);
// We want this root certificate to be valid for one year
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 1);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(caPrivateKey);
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
caCertificate,
new BigInteger(80, new Random()),
new Date(System.currentTimeMillis() - 50000),
calendar.getTime(),
new X500Principal(builder.build().getEncoded()),
publicKey);
// Those are the extensions needed for the certificate to be a leaf certificate that authenticates a SSL server
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, new X509KeyUsage(X509KeyUsage.keyEncipherment));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true, new DERSequence(KeyPurposeId.id_kp_serverAuth));
X509CertificateHolder certificateHolder = certGen.build(sigGen);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
return certificate;
}
示例5: generateRootCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static X509Certificate generateRootCertificate(KeyPair keys, String CN)
throws NoSuchAlgorithmException, OperatorCreationException, CertificateException,
KeyStoreException, UnrecoverableKeyException, IOException,
InvalidKeyException, NoSuchPaddingException, InvalidParameterSpecException,
InvalidKeySpecException, InvalidAlgorithmParameterException, IllegalBlockSizeException,
BadPaddingException {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.CN, CN);
// We want this root certificate to be valid for one year
Calendar calendar = Calendar.getInstance();
calendar.add( Calendar.YEAR, 1 );
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(keys.getPrivate());
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
builder.build(),
new BigInteger(80, new Random()),
new Date(System.currentTimeMillis() - 50000),
calendar.getTime(),
builder.build(),
keys.getPublic());
// Those are the extensions needed for a CA certificate
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, new X509KeyUsage(X509KeyUsage.digitalSignature));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
X509CertificateHolder certificateHolder = certGen.build(sigGen);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
return certificate;
}
示例6: sign
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
@Override
public byte[] sign(InputStream content) throws IOException
{
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
SignatureData input = new SignatureData(content);
List<Certificate> certs = new ArrayList<Certificate>();
for (int i = 0; i < chain.length; i ++) {
certs.add(chain[i]);
}
try
{
Store certStore = new JcaCertStore(certs);
Certificate cert = chain[0];
org.spongycastle.asn1.x509.Certificate x509Cert =
org.spongycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").build(privKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().build())
.build(sha256Signer, new X509CertificateHolder(x509Cert)));
gen.addCertificates(certStore);
CMSSignedData signedData = gen.generate(input, false);
return signedData.getEncoded();
}
catch (Exception e)
{
e.printStackTrace();
}
throw new RuntimeException("Signing error, look at the stack trace");
}
示例7: generateSelfSignedCertChain
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname)
throws CertificateException, OperatorCreationException, IOException {
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(
ASN1Sequence.getInstance(pubKey.getEncoded()));
Date startDate = new Date(); // now
Calendar c = Calendar.getInstance();
c.setTime(startDate);
c.add(Calendar.YEAR, 1);
Date endDate = c.getTime();
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
subject,
BigInteger.valueOf(rand.nextLong()),
startDate, endDate,
subject,
subPubKeyInfo);
if (hostname != null) {
GeneralNames subjectAltName = new GeneralNames(
new GeneralName(GeneralName.iPAddress, hostname));
v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
}
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
示例8: generateCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
/**
* Generates a short-living certificate for the keyPair.
*/
private X509Certificate generateCertificate() throws NoSuchProviderException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
/* The certificate starts to be valid one minute in the past to be safe
* if the clocks are a bit out of sync. */
Calendar startDate = Calendar.getInstance();
startDate.add(Calendar.MINUTE, -1);
/* The certificate is not valid anymore after two minutes. This should
* be enough to complete the protocol. */
Calendar expiryDate = Calendar.getInstance();
expiryDate.add(Calendar.MINUTE, +2);
AlgorithmIdentifier sha1withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
ContentSigner signer = new BcRSAContentSignerBuilder(
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"),
new DefaultDigestAlgorithmIdentifierFinder().find(sha1withRSA))
.build(keyPair.getPrivate());
X500Name subjectName = new X500Name("CN=Wallet Protocol Server Ephemeral Certificate");
BcX509v3CertificateBuilder certBuilder = new BcX509v3CertificateBuilder(
subjectName,
BigInteger.ONE,
startDate.getTime(), expiryDate.getTime(),
subjectName,
keyPair.getPublic()
);
X509CertificateHolder certHolder = certBuilder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
return cert;
}
示例9: generateCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static X509Certificate generateCertificate(OutputStream output) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, NoSuchProviderException, IOException {
BouncyCastleProvider provider = new BouncyCastleProvider(); // Use SpongyCastle provider, supports creating X509 certs
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048, new SecureRandom());
KeyPair keyPair = generator.generateKeyPair();
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build(keyPair.getPrivate());
Date startDate = new Date();
Calendar calendar = Calendar.getInstance();
calendar.setTime(startDate);
calendar.add(Calendar.YEAR, YEARS_VALID);
Date endDate = calendar.getTime();
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(ISSUER),
BigInteger.ONE,
startDate, endDate, new X500Name(ISSUER),
publicKeyInfo);
X509CertificateHolder certificateHolder = certBuilder.build(signer);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(provider).getCertificate(certificateHolder);
KeyStore keyStore = KeyStore.getInstance("PKCS12", provider);
keyStore.load(null, null);
keyStore.setKeyEntry("Jumble Key", keyPair.getPrivate(), null, new X509Certificate[] { certificate });
keyStore.store(output, "".toCharArray());
return certificate;
}
示例10: generateSelfSignedCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static void generateSelfSignedCertificate() throws Exception {
String alias = "nuntius";
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
Enumeration<String> aliases = ks.aliases();
boolean found = false;
while (aliases.hasMoreElements()) {
String currentAlias = aliases.nextElement();
if (alias.equals(currentAlias)) {
found = true;
Log.i(TAG, "Self Signed Certificate found in keystore");
Key key = ks.getKey(alias, pwd);
Log.i(TAG, "Key: " + key);
Certificate certificate = ks.getCertificate(alias);
Log.i(TAG, "Certificate: " + certificate);
}
}
if (found) {
return;
}
Log.i(TAG, "Self Signed Certificate not found in keystore. Generating a new one...");
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
KeyPair keyPair = keyGen.generateKeyPair();
X500Name subject = new X500Name("CN=nuntius");
X500Name issuer = subject ;
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
issuer,
new BigInteger(64, new SecureRandom()),
NOT_BEFORE,
NOT_AFTER,
subject,
keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
X509CertificateHolder certHolder = builder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
cert.verify(keyPair.getPublic());
Log.i(TAG, "Certificate generated: " + cert);
ks.setKeyEntry(alias, keyPair.getPrivate(), pwd, new Certificate[] { cert });
}
示例11: generateCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
*/
private X509Certificate generateCertificate(String dn) throws Exception {
X500Name x500nameIssuer = new X500Name("CN=TestCA,L=Den Haag, C=NL");
X500Name x500nameSubject = new X500Name(dn);
BigInteger serial = new BigInteger(64, new Random());
Date notBefore = new Date();
// Set Expiration Date
Calendar tempCal = Calendar.getInstance();
tempCal.setTime(notBefore);
tempCal.add(Calendar.DATE, 365);
Date notAfter = tempCal.getTime();
// Create Pubkey
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
keyGen.init(new RSAKeyGenerationParameters(new BigInteger("10001", 16), SecureRandom.getInstance("SHA1PRNG"), 1024, 80));
AsymmetricCipherKeyPair keys = keyGen.generateKeyPair();
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(keys.getPublic());
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
x500nameIssuer,
serial,
notBefore,
notAfter,
Locale.US,
x500nameSubject,
subPubKeyInfo
);
try {
// Export Private Key Info into Java PrivateKey
BigInteger modulus = ((RSAKeyParameters) keys.getPrivate()).getModulus();
BigInteger exponent = ((RSAKeyParameters) keys.getPrivate()).getExponent();
RSAPrivateKeySpec privateSpec = new RSAPrivateKeySpec(modulus, exponent);
KeyFactory factory = KeyFactory.getInstance("RSA");
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(factory.generatePrivate(privateSpec));
X509CertificateHolder holder = builder.build(sigGen);
InputStream is = new ByteArrayInputStream(holder.toASN1Structure().getEncoded());
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
} catch (OperatorCreationException e) {
e.printStackTrace();
}
throw new Exception("Unable to Create Test X509 Cert");
}
示例12: Certificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public Certificate(RtPkcs11 pkcs11, NativeLong session, NativeLong object)
throws Pkcs11CallerException {
CK_ATTRIBUTE[] attributes = (CK_ATTRIBUTE[]) (new CK_ATTRIBUTE()).toArray(2);
attributes[0].type = Pkcs11Constants.CKA_SUBJECT;
attributes[1].type = Pkcs11Constants.CKA_VALUE;
NativeLong rv = pkcs11.C_GetAttributeValue(session, object,
attributes, new NativeLong(attributes.length));
if (!rv.equals(Pkcs11Constants.CKR_OK)) throw Pkcs11Exception.exceptionWithCode(rv);
for (CK_ATTRIBUTE attr : attributes) {
attr.pValue = new Memory(attr.ulValueLen.intValue());
}
rv = pkcs11.C_GetAttributeValue(session, object,
attributes, new NativeLong(attributes.length));
if (!rv.equals(Pkcs11Constants.CKR_OK)) throw Pkcs11Exception.exceptionWithCode(rv);
byte[] subjectValue =
attributes[0].pValue.getByteArray(0, attributes[0].ulValueLen.intValue());
mSubject = X500Name.getInstance(subjectValue);
if (mSubject == null) throw new CertNotFoundException();
byte[] keyValue = null;
try {
X509CertificateHolder certificateHolder = new X509CertificateHolder(
attributes[1].pValue.getByteArray(0, attributes[1].ulValueLen.intValue()));
SubjectPublicKeyInfo publicKeyInfo = certificateHolder.getSubjectPublicKeyInfo();
keyValue = publicKeyInfo.parsePublicKey().getEncoded();
} catch (IOException exception) {
throw new CertParsingException();
}
if (keyValue == null) throw new KeyNotFoundException();
// уберём заголовок ключа (первые 2 байта)
keyValue = Arrays.copyOfRange(keyValue, 2, keyValue.length);
CK_ATTRIBUTE[] template = (CK_ATTRIBUTE[]) (new CK_ATTRIBUTE()).toArray(2);
final NativeLongByReference keyClass =
new NativeLongByReference(Pkcs11Constants.CKO_PUBLIC_KEY);
template[0].type = Pkcs11Constants.CKA_CLASS;
template[0].pValue = keyClass.getPointer();
template[0].ulValueLen = new NativeLong(NativeLong.SIZE);
ByteBuffer valueBuffer = ByteBuffer.allocateDirect(keyValue.length);
valueBuffer.put(keyValue);
template[1].type = Pkcs11Constants.CKA_VALUE;
template[1].pValue = Native.getDirectBufferPointer(valueBuffer);
template[1].ulValueLen = new NativeLong(keyValue.length);
NativeLong pubKeyHandle = findObject(pkcs11, session, template);
if (pubKeyHandle == null) throw new KeyNotFoundException();
CK_ATTRIBUTE[] idTemplate = (CK_ATTRIBUTE[]) (new CK_ATTRIBUTE()).toArray(1);
idTemplate[0].type = Pkcs11Constants.CKA_ID;
rv = pkcs11.C_GetAttributeValue(session, pubKeyHandle,
idTemplate, new NativeLong(idTemplate.length));
if (!rv.equals(Pkcs11Constants.CKR_OK)) throw Pkcs11Exception.exceptionWithCode(rv);
idTemplate[0].pValue = new Memory(idTemplate[0].ulValueLen.intValue());
rv = pkcs11.C_GetAttributeValue(session, pubKeyHandle,
idTemplate, new NativeLong(idTemplate.length));
if (!rv.equals(Pkcs11Constants.CKR_OK)) throw Pkcs11Exception.exceptionWithCode(rv);
mKeyPairId = idTemplate[0].pValue.getByteArray(0, idTemplate[0].ulValueLen.intValue());
}
示例13: parseCertificate
import org.spongycastle.cert.X509CertificateHolder; //导入依赖的package包/类
public static Certificate parseCertificate(byte[] certificateBytes) throws IOException, CertificateException {
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
return new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
}