当前位置: 首页>>代码示例>>Java>>正文


Java X509v2CRLBuilder.addExtension方法代码示例

本文整理汇总了Java中org.bouncycastle.cert.X509v2CRLBuilder.addExtension方法的典型用法代码示例。如果您正苦于以下问题:Java X509v2CRLBuilder.addExtension方法的具体用法?Java X509v2CRLBuilder.addExtension怎么用?Java X509v2CRLBuilder.addExtension使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.bouncycastle.cert.X509v2CRLBuilder的用法示例。


在下文中一共展示了X509v2CRLBuilder.addExtension方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: makeCrl

import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
public static X509CRL makeCrl(KeyPair pair)
    throws Exception
{
    Date                 now = new Date();
    X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlGen.setNextUpdate(new Date(now.getTime() + 100000));

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));

    return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:16,代码来源:CMSTestUtil.java

示例2: testIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
    X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:71,代码来源:CertTest.java

示例3: testIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
    X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:59,代码来源:CertTest.java

示例4: testIndirect2

import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect2()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
    X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
    builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
    {
        fail("certificate issuer incorrect");
    }

    cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
    {
        fail("certificate issuer incorrect");
    }

    cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:72,代码来源:CertTest.java


注:本文中的org.bouncycastle.cert.X509v2CRLBuilder.addExtension方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。