本文整理汇总了Java中sun.security.x509.X509CertInfo类的典型用法代码示例。如果您正苦于以下问题:Java X509CertInfo类的具体用法?Java X509CertInfo怎么用?Java X509CertInfo使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
X509CertInfo类属于sun.security.x509包,在下文中一共展示了X509CertInfo类的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createSignedCertificate
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
private X509Certificate createSignedCertificate(X509Certificate cetrificate,
X509Certificate issuerCertificate,
PrivateKey issuerPrivateKey) throws Exception {
Principal issuer = issuerCertificate.getSubjectDN();
String issuerSigAlg = issuerCertificate.getSigAlgName();
byte[] inCertBytes = cetrificate.getTBSCertificate();
X509CertInfo info = new X509CertInfo(inCertBytes);
info.set(X509CertInfo.ISSUER, issuer);
//No need to add the BasicContraint for leaf cert
if (!cetrificate.getSubjectDN().getName().equals("CN=TOP")) {
CertificateExtensions exts = new CertificateExtensions();
BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1);
exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue()));
info.set(X509CertInfo.EXTENSIONS, exts);
}
X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerSigAlg);
return outCert;
}
示例2: setKeyEntry
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
private static void setKeyEntry(KeyStore ks, String dn, long expire)
throws GeneralSecurityException, IOException {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
long now = System.currentTimeMillis();
X509CertInfo info = new X509CertInfo();
info.set("version", new CertificateVersion(2));
info.set("serialNumber", new CertificateSerialNumber(new BigInteger(128, random)));
info.set("algorithmID",
new CertificateAlgorithmId(AlgorithmId.get("SHA1withRSA")));
X500Name x500Name = new X500Name(dn);
info.set("subject", x500Name);
info.set("key", new CertificateX509Key(keyPair.getPublic()));
info.set("validity", new CertificateValidity(new
Date(now), new Date(now + expire)));
info.set("issuer", x500Name);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA1withRSA");
ks.setKeyEntry(Bytes.toHexLower(Bytes.random(16)),
keyPair.getPrivate(), new char[0], new X509Certificate[] {cert});
}
示例3: populateCertIssuerNames
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
示例4: createEphemeralCert
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
private String createEphemeralCert(Duration shiftIntoPast)
throws GeneralSecurityException, IOException {
Duration validFor = Duration.standardHours(1);
DateTime notBefore = DateTime.now().minus(shiftIntoPast);
DateTime notAfter = notBefore.plus(validFor);
CertificateValidity interval = new CertificateValidity(notBefore.toDate(), notAfter.toDate());
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get("SHA1withRSA")));
info.set(
X509CertInfo.SUBJECT, new X500Name("C = US, O = Google\\, Inc, CN=temporary-subject"));
info.set(X509CertInfo.KEY, new CertificateX509Key(clientKeyPair.getPublic()));
info.set(X509CertInfo.VALIDITY, interval);
info.set(
X509CertInfo.ISSUER,
new X500Name("C = US, O = Google\\, Inc, CN=Google Cloud SQL Signing CA foo:baz"));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec =
new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(
TestKeys.SIGNING_CA_PRIVATE_KEY));
PrivateKey signingKey = keyFactory.generatePrivate(keySpec);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(signingKey, "SHA1withRSA");
StringBuilder sb = new StringBuilder();
sb.append("-----BEGIN CERTIFICATE-----\n");
sb.append(
DatatypeConverter.printBase64Binary(cert.getEncoded())
.replaceAll("(.{64})", "$1\n"));
sb.append("\n");
sb.append("-----END CERTIFICATE-----\n");
return sb.toString();
}
示例5: generateCertificate
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws IOException thrown if an IO error ocurred.
* @throws GeneralSecurityException thrown if an Security error ocurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm)
throws GeneralSecurityException, IOException {
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info
.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
// Update the algorith, and resign.
algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
info
.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
return cert;
}
示例6: populateCertIssuerNames
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(CertificateIssuerName.NAME + "." +
CertificateIssuerName.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
示例7: generateCert
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
private static X509Certificate generateCert(
String hostname, KeyPair kp, boolean isCertAuthority,
PublicKey signerPublicKey, PrivateKey signerPrivateKey)
throws IOException, CertificateException, NoSuchProviderException,
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
X500Name issuer = new X500Name("CN=root" + issuerDirString);
X500Name subject;
if (hostname == null) {
subject = issuer;
} else {
subject = new X500Name("CN=" + hostname + issuerDirString);
}
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + 365 * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
info.set(X509CertInfo.KEY, new CertificateX509Key(kp.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(signerPrivateKey, signingAlgorithm);
// Update the algorithm, and resign.
algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(signerPrivateKey, signingAlgorithm);
return cert;
}
示例8: getSSLContext
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
private static SSLContext getSSLContext(String dn, long expire)
throws IOException, GeneralSecurityException {
KeyManager[] kms;
if (dn == null) {
kms = SSLManagers.DEFAULT_KEY_MANAGERS;
} else {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
long now = System.currentTimeMillis();
X509CertInfo info = new X509CertInfo();
info.set("version", new CertificateVersion(2));
info.set("serialNumber", new CertificateSerialNumber(0));
info.set("algorithmID",
new CertificateAlgorithmId(AlgorithmId.get("SHA1withRSA")));
X500Name x500Name = new X500Name(dn);
info.set("subject", x500Name);
info.set("key", new CertificateX509Key(keyPair.getPublic()));
info.set("validity", new CertificateValidity(new
Date(now), new Date(now + expire)));
info.set("issuer", x500Name);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA1withRSA");
ks.setKeyEntry("", keyPair.getPrivate(), new char[0],
new X509Certificate[] {cert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, new char[0]);
kms = kmf.getKeyManagers();
}
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(kms, SSLManagers.DEFAULT_TRUST_MANAGERS, null);
return sslc;
}
示例9: get
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
static SSLContext get(String dn, long expire)
throws IOException, GeneralSecurityException {
KeyManager[] kms;
if (dn == null) {
kms = SSLManagers.DEFAULT_KEY_MANAGERS;
} else {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
long now = System.currentTimeMillis();
X509CertInfo info = new X509CertInfo();
info.set("version", new CertificateVersion(2));
info.set("serialNumber", new CertificateSerialNumber(new BigInteger(128, random)));
info.set("algorithmID",
new CertificateAlgorithmId(AlgorithmId.get("SHA1withRSA")));
X500Name x500Name = new X500Name(dn);
info.set("subject", x500Name);
info.set("key", new CertificateX509Key(keyPair.getPublic()));
info.set("validity", new CertificateValidity(new
Date(now), new Date(now + expire)));
info.set("issuer", x500Name);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA1withRSA");
ks.setKeyEntry("", keyPair.getPrivate(), new char[0],
new X509Certificate[] {cert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, new char[0]);
kms = kmf.getKeyManagers();
}
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(kms, SSLManagers.DEFAULT_TRUST_MANAGERS, null);
return sslc;
}
示例10: F
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
public F() {
// jdk internal API
cert = new X509CertInfo();
}
示例11: createCert
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
/**
* Create an X509 Certificate signed using SHA1withRSA with a 2048 bit key.
* @param dname Domain Name to represent the certificate
* @param notBefore The date by which the certificate starts being valid. Cannot be null.
* @param validity The number of days the certificate is valid after notBefore.
* @return An X509 certificate setup with properties using the specified parameters.
* @throws Exception
*/
public static X509Certificate createCert(String dname, Date notBefore, int validity)
throws Exception {
int keysize = 2048;
String keyAlgName = "RSA";
String sigAlgName = "SHA1withRSA";
if (dname == null)
throw new Exception("Required DN is null. Please specify cert Domain Name via dname");
if (notBefore == null)
throw new Exception("Required start date is null. Please specify the date at which the cert is valid via notBefore");
if (validity < 0)
throw new Exception("Required validity is negative. Please specify the number of days for which the cert is valid after the start date.");
// KeyTool#doGenKeyPair
X500Name x500Name = new X500Name(dname);
KeyPair keyPair = new KeyPair(keyAlgName, sigAlgName, keysize);
PrivateKey privKey = keyPair.getPrivateKey();
X509Certificate oldCert = keyPair.getSelfCertificate(x500Name, notBefore, validity);
// KeyTool#doSelfCert
byte[] encoded = oldCert.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded);
X509CertInfo certInfo = (X509CertInfo) certImpl.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO);
Date notAfter = new Date(notBefore.getTime() + validity*1000L*24L*60L*60L);
CertificateValidity interval = new CertificateValidity(notBefore,
notAfter);
certInfo.set(X509CertInfo.VALIDITY, interval);
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
new java.util.Random().nextInt() & 0x7fffffff));
certInfo.set(X509CertInfo.SUBJECT + "." + CertificateSubjectName.DN_NAME, x500Name);
certInfo.set(X509CertInfo.ISSUER + "." + CertificateIssuerName.DN_NAME, x500Name);
// The inner and outer signature algorithms have to match.
// The way we achieve that is really ugly, but there seems to be no
// other solution: We first sign the cert, then retrieve the
// outer sigalg and use it to set the inner sigalg
X509CertImpl newCert = new X509CertImpl(certInfo);
newCert.sign(privKey, sigAlgName);
AlgorithmId sigAlgid = (AlgorithmId)newCert.get(X509CertImpl.SIG_ALG);
certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, sigAlgid);
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
// FIXME Figure out extensions
// CertificateExtensions ext = createV3Extensions(
// null,
// (CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS),
// v3ext,
// oldCert.getPublicKey(),
// null);
// certInfo.set(X509CertInfo.EXTENSIONS, ext);
newCert = new X509CertImpl(certInfo);
newCert.sign(privKey, sigAlgName);
return newCert;
}
示例12: generateCertificate
import sun.security.x509.X509CertInfo; //导入依赖的package包/类
/**
* Create a self-signed X.509 Example
*
* @param dn
* the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair
* the KeyPair
* @param days
* how many days from now the Example is valid for
* @param algorithm
* the signing algorithm, eg "SHA1withRSA"
*/
public static CX509Certificate generateCertificate(final String aDn,
final KeyPair aKeyPair, final int aNbDays, String aAlgorithm)
throws IOException, CertificateException, InvalidKeyException,
NoSuchAlgorithmException, NoSuchProviderException,
SignatureException {
if (aAlgorithm == null) {
aAlgorithm = "SHA1withRSA";
}
PrivateKey privkey = aKeyPair.getPrivate();
X509CertInfo wInfo = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + aNbDays * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to); // compute
// certificate
// validatity
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(aDn);
wInfo.set(X509CertInfo.VALIDITY, interval);
wInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
wInfo.set(X509CertInfo.SUBJECT, owner);
wInfo.set(X509CertInfo.ISSUER, owner);
wInfo.set(X509CertInfo.KEY,
new CertificateX509Key(aKeyPair.getPublic()));
wInfo.set(X509CertInfo.VERSION, new CertificateVersion(
CertificateVersion.V3));
AlgorithmId wAlgo = new AlgorithmId(
AlgorithmId.md5WithRSAEncryption_oid);
wInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(wAlgo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl wCert = new X509CertImpl(wInfo);
wCert.sign(privkey, aAlgorithm);
// Update the algorith, and resign.
wAlgo = (AlgorithmId) wCert.get(X509CertImpl.SIG_ALG);
wInfo.set(CertificateAlgorithmId.NAME + "."
+ CertificateAlgorithmId.ALGORITHM, wAlgo);
wCert = new X509CertImpl(wInfo);
wCert.sign(privkey, aAlgorithm);
return new CX509Certificate(wCert);
}