本文整理汇总了Java中org.bouncycastle.cert.X509v2CRLBuilder.addExtension方法的典型用法代码示例。如果您正苦于以下问题:Java X509v2CRLBuilder.addExtension方法的具体用法?Java X509v2CRLBuilder.addExtension怎么用?Java X509v2CRLBuilder.addExtension使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.cert.X509v2CRLBuilder
的用法示例。
在下文中一共展示了X509v2CRLBuilder.addExtension方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: makeCrl
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
public static X509CRL makeCrl(KeyPair pair)
throws Exception
{
Date now = new Date();
X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));
return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}
示例2: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例3: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例4: testIndirect2
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect2()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
}