本文整理汇总了Java中com.yahoo.athenz.auth.util.Crypto.generateX509CSR方法的典型用法代码示例。如果您正苦于以下问题:Java Crypto.generateX509CSR方法的具体用法?Java Crypto.generateX509CSR怎么用?Java Crypto.generateX509CSR使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.yahoo.athenz.auth.util.Crypto的用法示例。
在下文中一共展示了Crypto.generateX509CSR方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testX509CSRrequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test(dataProvider = "x500Principal")
public void testX509CSRrequest(String x500Principal, boolean badRequest) throws Exception{
PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey);
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[]{otherName1, otherName2};
try {
certRequest = Crypto.generateX509CSR(privateKey, publicKey, x500Principal, sanArray);
} catch (Exception e){
if (!badRequest){
fail("Should not have failed to create csr");
}
}
if (!badRequest){
//Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
示例2: testX509CSRrequestWithPrivateKeyOnly
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test(dataProvider = "x500Principal")
public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) throws Exception {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[]{otherName1, otherName2};
try {
certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray);
} catch (Exception e){
if (!badRequest){
fail("Should not have failed to create csr");
}
}
if (!badRequest){
//Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
示例3: generateCSR
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public static String generateCSR(String domainName, String serviceName,
String instanceId, String dnsSuffix, PrivateKey key) {
final String dn = "cn=" + domainName + "." + serviceName + ",o=Athenz";
// now let's generate our dsnName field based on our principal's details
StringBuilder dnsName = new StringBuilder(128);
dnsName.append(serviceName);
dnsName.append('.');
dnsName.append(domainName.replace('.', '-'));
dnsName.append('.');
dnsName.append(dnsSuffix);
GeneralName[] sanArray = new GeneralName[2];
sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsName.toString()));
// next we include our instance id
StringBuilder dnsInstance = new StringBuilder(128);
dnsInstance.append(instanceId);
dnsInstance.append(".instanceid.athenz.");
dnsInstance.append(dnsSuffix);
sanArray[1] = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsInstance.toString()));
String csr = null;
try {
csr = Crypto.generateX509CSR(key, dn, sanArray);
} catch (OperatorCreationException | IOException ex) {
System.err.println(ex.getMessage());
}
return csr;
}
示例4: create
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Override
public CertSigner create() {
// extract the private key for this self cert signer
final String pKeyFileName = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_FNAME);
final String pKeyPassword = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_PASSWORD);
final String csrDn = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_CERT_DN,
"cn=Self Signed Athenz CA,o=Athenz,c=US");
if (pKeyFileName == null) {
LOGGER.error("No private key path available for Self Cert Signer Factory");
return null;
}
File caKey = new File(pKeyFileName);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(caKey, pKeyPassword);
// now generate a CSR for our own CA and self sign it
String csr = null;
try {
csr = Crypto.generateX509CSR(caPrivateKey, csrDn, null);
} catch (OperatorCreationException | IOException ex) {
LOGGER.error("Unable to generate X509 CSR for dn: " + csrDn
+ ", error: " + ex.getMessage());
return null;
}
// generate our self signed certificate
X500Principal subject = new X500Principal(csrDn);
X500Name issuer = X500Name.getInstance(subject.getEncoded());
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
X509Certificate caCertificate = Crypto.generateX509Certificate(certReq,
caPrivateKey, issuer, 30 * 24 * 60, true);
return new SelfCertSigner(caPrivateKey, caCertificate);
}
示例5: generateRoleCertificateRequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
/**
* Generate a Role Certificate request that could be sent to ZTS
* to obtain a X509 Certificate for the requested role.
* @param principalDomain name of the principal's domain
* @param principalService name of the principal's service
* @param roleDomainName name of the domain where role is defined
* @param roleName name of the role to get a certificate request for
* @param privateKey private key for the service identity for the caller
* @param csrDn string identifying the dn for the csr without the cn component
* @param csrDomain string identifying the dns domain for generating SAN fields
* @param expiryTime number of seconds to request certificate to be valid for
* @return RoleCertificateRequest object
*/
static public RoleCertificateRequest generateRoleCertificateRequest(final String principalDomain,
final String principalService, final String roleDomainName, final String roleName,
PrivateKey privateKey, final String csrDn, final String csrDomain, int expiryTime) {
if (principalDomain == null || principalService == null) {
throw new IllegalArgumentException("Principal's Domain and Service must be specified");
}
if (roleDomainName == null || roleName == null) {
throw new IllegalArgumentException("Role DomainName and Name must be specified");
}
if (csrDomain == null) {
throw new IllegalArgumentException("X509 CSR Domain must be specified");
}
// Athenz uses lower case for all elements, so let's
// generate our dn which will be our role resource value
final String domain = principalDomain.toLowerCase();
final String service = principalService.toLowerCase();
String dn = "cn=" + roleDomainName.toLowerCase() + ":role." + roleName.toLowerCase();
if (csrDn != null) {
dn = dn.concat(",").concat(csrDn);
}
// now let's generate our dsnName and email fields which will based on
// our principal's details
StringBuilder hostBuilder = new StringBuilder(128);
hostBuilder.append(service);
hostBuilder.append('.');
hostBuilder.append(domain.replace('.', '-'));
hostBuilder.append('.');
hostBuilder.append(csrDomain);
String hostName = hostBuilder.toString();
String email = domain + "." + service + "@" + csrDomain;
GeneralName[] sanArray = new GeneralName[2];
sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
sanArray[1] = new GeneralName(GeneralName.rfc822Name, new DERIA5String(email));
String csr = null;
try {
csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
} catch (OperatorCreationException | IOException ex) {
throw new ZTSClientException(ZTSClientException.BAD_REQUEST, ex.getMessage());
}
RoleCertificateRequest req = new RoleCertificateRequest().setCsr(csr)
.setExpiryTime(Long.valueOf(expiryTime));
return req;
}
示例6: generateInstanceRefreshRequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
/**
* Generate a Instance Refresh request that could be sent to ZTS to
* request a TLS certificate for a service.
* @param principalDomain name of the principal's domain
* @param principalService name of the principal's service
* @param privateKey private key for the service identity for the caller
* @param csrDn string identifying the dn for the csr without the cn component
* @param csrDomain string identifying the dns domain for generating SAN fields
* @param expiryTime number of seconds to request certificate to be valid for
* @return InstanceRefreshRequest object
*/
static public InstanceRefreshRequest generateInstanceRefreshRequest(final String principalDomain,
final String principalService, PrivateKey privateKey, final String csrDn,
final String csrDomain, int expiryTime) {
if (principalDomain == null || principalService == null) {
throw new IllegalArgumentException("Principal's Domain and Service must be specified");
}
if (csrDomain == null) {
throw new IllegalArgumentException("X509 CSR Domain must be specified");
}
// Athenz uses lower case for all elements, so let's
// generate our dn which will be based on our service name
final String domain = principalDomain.toLowerCase();
final String service = principalService.toLowerCase();
final String cn = domain + "." + service;
String dn = "cn=" + cn;
if (csrDn != null) {
dn = dn.concat(",").concat(csrDn);
}
// now let's generate our dsnName field based on our principal's details
StringBuilder hostBuilder = new StringBuilder(128);
hostBuilder.append(service);
hostBuilder.append('.');
hostBuilder.append(domain.replace('.', '-'));
hostBuilder.append('.');
hostBuilder.append(csrDomain);
String hostName = hostBuilder.toString();
GeneralName[] sanArray = new GeneralName[1];
sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
String csr = null;
try {
csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
} catch (OperatorCreationException | IOException ex) {
throw new ZTSClientException(ZTSClientException.BAD_REQUEST, ex.getMessage());
}
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(csr)
.setExpiryTime(Integer.valueOf(expiryTime));
return req;
}