本文整理汇总了Java中org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance方法的典型用法代码示例。如果您正苦于以下问题:Java SubjectPublicKeyInfo.getInstance方法的具体用法?Java SubjectPublicKeyInfo.getInstance怎么用?Java SubjectPublicKeyInfo.getInstance使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
的用法示例。
在下文中一共展示了SubjectPublicKeyInfo.getInstance方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getAlgorithmIdentifier
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
protected static AlgorithmIdentifier getAlgorithmIdentifier(
PublicKey key)
throws CertPathValidatorException
{
try
{
ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
return info.getAlgorithmId();
}
catch (Exception e)
{
throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
}
}
示例2: addSelfSignedCertificate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
try {
KeyPair keys = generateKeyPair();
Calendar start = Calendar.getInstance();
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
X500Name name = new X500Name(dn);
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException ex) {
throw new RuntimeException("Unable to generate self-signed certificate", ex);
}
}
示例3: POPOSigningKeyInput
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
private POPOSigningKeyInput(ASN1Sequence seq)
{
ASN1Encodable authInfo = (ASN1Encodable)seq.getObjectAt(0);
if (authInfo instanceof ASN1TaggedObject)
{
ASN1TaggedObject tagObj = (ASN1TaggedObject)authInfo;
if (tagObj.getTagNo() != 0)
{
throw new IllegalArgumentException(
"Unknown authInfo tag: " + tagObj.getTagNo());
}
sender = GeneralName.getInstance(tagObj.getObject());
}
else
{
publicKeyMAC = PKMACValue.getInstance(authInfo);
}
publicKey = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(1));
}
示例4: generateSelfSignedX509Certificate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
/**
* Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
*
* @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for
* @param dn the distinguished name to user for the {@link X509Certificate}
* @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate}
* @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
* @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
* @throws CertificateException if there is an generating the new certificate
*/
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(dn)),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
| KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例5: engineInitVerify
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
protected void engineInitVerify(
PublicKey publicKey)
throws InvalidKeyException
{
CipherParameters param;
if (publicKey instanceof DSAKey)
{
param = DSAUtil.generatePublicKeyParameter(publicKey);
}
else
{
try
{
byte[] bytes = publicKey.getEncoded();
publicKey = new BCDSAPublicKey(SubjectPublicKeyInfo.getInstance(bytes));
if (publicKey instanceof DSAKey)
{
param = DSAUtil.generatePublicKeyParameter(publicKey);
}
else
{
throw new InvalidKeyException("can't recognise key type in DSA based signer");
}
}
catch (Exception e)
{
throw new InvalidKeyException("can't recognise key type in DSA based signer");
}
}
digest.reset();
signer.init(false, param);
}
示例6: genSelfSignedCert
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
private static Certificate genSelfSignedCert(KeyPair keyPair, String signAlgo) throws CertificateException {
X500Name issuer = new X500Name("CN=localhost, OU=test, O=Dremio, L=Mountain View, ST=CA, C=US");
X500Name subject = issuer; // self signed
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
Date notBefore = new Date(System.currentTimeMillis() - (24 * 3600 * 1000));
Date notAfter = new Date(System.currentTimeMillis() + (24 * 3600 * 1000));
SubjectPublicKeyInfo pubkeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, pubkeyInfo);
ContentSigner signer = newSigner(keyPair.getPrivate(), signAlgo);
X509CertificateHolder certHolder = certBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
return cert;
}
示例7: JceKeyAgreeRecipientInfoGenerator
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, PrivateKey senderPrivateKey, PublicKey senderPublicKey, ASN1ObjectIdentifier keyEncryptionOID)
{
super(keyAgreementOID, SubjectPublicKeyInfo.getInstance(senderPublicKey.getEncoded()), keyEncryptionOID);
this.senderPublicKey = senderPublicKey;
this.senderPrivateKey = senderPrivateKey;
}
示例8: createCertID
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
private static CertID createCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert,
ASN1Integer serialNumber, String provider)
throws OCSPException
{
try
{
MessageDigest digest = OCSPUtil.createDigestInstance(hashAlg.getAlgorithm() .getId(),
provider);
X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert);
digest.update(issuerName.getEncoded());
ASN1OctetString issuerNameHash = new DEROctetString(digest.digest());
PublicKey issuerKey = issuerCert.getPublicKey();
ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
digest.update(info.getPublicKeyData().getBytes());
ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest());
return new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
}
catch (Exception e)
{
throw new OCSPException("problem creating ID: " + e, e);
}
}
示例9: generateIssuedCertificate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
/**
* Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
*
* @param dn the distinguished name to use
* @param publicKey the public key to issue the certificate to
* @param extensions extensions extracted from the CSR
* @param issuer the issuer's certificate
* @param issuerKeyPair the issuer's keypair
* @param signingAlgorithm the signing algorithm to use
* @param days the number of days it should be valid for
* @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair}
* @throws CertificateException if there is an error issuing the certificate
*/
public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days)
throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
// (3) subjectAlternativeName
if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) {
certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
}
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
示例10: generateKeyAndCertificate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(String asymmetric, String sign, int validityYears, String dn) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException {
Preconditions.checkArgument(validityYears > 0, "validityYears <= 0");
KeyPair keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair();
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + validityYears * 31536000000l);
X500Name issuer = new X500Name(new X500Principal(dn).getName());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo);
ContentSigner signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
X509Certificate certificate = converter.getCertificate(holder);
return Pair.of(keyPair.getPrivate(), certificate);
}
示例11: addSignedCertificate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
public void addSignedCertificate(final XTFKeyStore signerKeyStore, final String signerAlias, final String signerPassword, final String dn, final String certificateAlias, final String password) {
try {
final X509Certificate caCert = (X509Certificate) signerKeyStore.keystore.getCertificate(signerAlias);
final PrivateKey caKey = (PrivateKey) signerKeyStore.keystore.getKey(signerAlias, signerPassword.toCharArray());
final Calendar start = Calendar.getInstance();
final Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
final KeyPair keyPair = generateKeyPair();
final X500Name certName = new X500Name(dn);
final X500Name issuerName = new X500Name(caCert.getSubjectDN().getName());
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
issuerName,
BigInteger.valueOf(System.nanoTime()),
start.getTime(),
expiry.getTime(),
certName,
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final JcaX509ExtensionUtils u = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(Extension.authorityKeyIdentifier, false,
u.createAuthorityKeyIdentifier(caCert));
certificateBuilder.addExtension(Extension.subjectKeyIdentifier, false,
u.createSubjectKeyIdentifier(keyPair.getPublic()));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(caKey);
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] {cert, caCert});
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException | CertIOException ex) {
throw new RuntimeException("Unable to generate signed certificate", ex);
}
}
示例12: generate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
public static RTCCertificate generate(String commonName) {
try {
//generate certificate
//TODO sign it by lets-encrypt
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",
BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
Date startDate = new Date(System.currentTimeMillis());// time from which certificate is valid
Date expiryDate = new Date(System.currentTimeMillis() + 365L * 24L * 60L * 60L * 1000L);// time after which certificate is not valid
BigInteger serialNumber = new BigInteger("1");// serial number for certificate
X500Name dnName = new X500Name("CN=" + commonName);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic()
.getEncoded());
final X509v1CertificateBuilder x509v1CertificateBuilder = new X509v1CertificateBuilder(dnName,
serialNumber,
startDate,
expiryDate,
dnName,
subPubKeyInfo);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate()
.getEncoded());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId,
digAlgId).build(privateKeyAsymKeyParam);
final X509CertificateHolder x509CertificateHolder = x509v1CertificateBuilder.build(sigGen);
return new RTCCertificate(fingerprint(x509CertificateHolder),
keyPair,
x509CertificateHolder);
}
catch (IOException | CertificateException | NoSuchAlgorithmException | NoSuchProviderException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
示例13: parseObject
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
public Object parseObject(PemObject obj)
throws IOException
{
return SubjectPublicKeyInfo.getInstance(obj.getContent());
}
示例14: generatePublic
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
/**
* Converts, if possible, a key specification into a
* {@link BCMcEliecePublicKey}. Currently, the following key specifications
* are supported: {@link McEliecePublicKeySpec}, {@link X509EncodedKeySpec}.
*
* @param keySpec the key specification
* @return the McEliece public key
* @throws InvalidKeySpecException if the key specification is not supported.
*/
public PublicKey generatePublic(KeySpec keySpec)
throws InvalidKeySpecException
{
if (keySpec instanceof McEliecePublicKeySpec)
{
return new BCMcEliecePublicKey((McEliecePublicKeySpec)keySpec);
}
else if (keySpec instanceof X509EncodedKeySpec)
{
// get the DER-encoded Key according to X.509 from the spec
byte[] encKey = ((X509EncodedKeySpec)keySpec).getEncoded();
// decode the SubjectPublicKeyInfo data structure to the pki object
SubjectPublicKeyInfo pki;
try
{
pki = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey));
}
catch (IOException e)
{
throw new InvalidKeySpecException(e.toString());
}
try
{
// --- Build and return the actual key.
ASN1Primitive innerType = pki.parsePublicKey();
ASN1Sequence publicKey = (ASN1Sequence)innerType;
// decode oidString (but we don't need it right now)
String oidString = ((ASN1ObjectIdentifier)publicKey.getObjectAt(0))
.toString();
// decode <n>
BigInteger bigN = ((ASN1Integer)publicKey.getObjectAt(1)).getValue();
int n = bigN.intValue();
// decode <t>
BigInteger bigT = ((ASN1Integer)publicKey.getObjectAt(2)).getValue();
int t = bigT.intValue();
// decode <matrixG>
byte[] matrixG = ((ASN1OctetString)publicKey.getObjectAt(3)).getOctets();
return new BCMcEliecePublicKey(new McEliecePublicKeySpec(OID, t, n,
matrixG));
}
catch (IOException cce)
{
throw new InvalidKeySpecException(
"Unable to decode X509EncodedKeySpec: "
+ cce.getMessage());
}
}
throw new InvalidKeySpecException("Unsupported key specification: "
+ keySpec.getClass() + ".");
}
示例15: CertTemplate
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; //导入方法依赖的package包/类
private CertTemplate(ASN1Sequence seq)
{
this.seq = seq;
Enumeration en = seq.getObjects();
while (en.hasMoreElements())
{
ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement();
switch (tObj.getTagNo())
{
case 0:
version = ASN1Integer.getInstance(tObj, false);
break;
case 1:
serialNumber = ASN1Integer.getInstance(tObj, false);
break;
case 2:
signingAlg = AlgorithmIdentifier.getInstance(tObj, false);
break;
case 3:
issuer = X500Name.getInstance(tObj, true); // CHOICE
break;
case 4:
validity = OptionalValidity.getInstance(ASN1Sequence.getInstance(tObj, false));
break;
case 5:
subject = X500Name.getInstance(tObj, true); // CHOICE
break;
case 6:
publicKey = SubjectPublicKeyInfo.getInstance(tObj, false);
break;
case 7:
issuerUID = DERBitString.getInstance(tObj, false);
break;
case 8:
subjectUID = DERBitString.getInstance(tObj, false);
break;
case 9:
extensions = Extensions.getInstance(tObj, false);
break;
default:
throw new IllegalArgumentException("unknown tag: " + tObj.getTagNo());
}
}
}