本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.getCertificate方法的典型用法代码示例。如果您正苦于以下问题:Java JcaX509CertificateConverter.getCertificate方法的具体用法?Java JcaX509CertificateConverter.getCertificate怎么用?Java JcaX509CertificateConverter.getCertificate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.cert.jcajce.JcaX509CertificateConverter的用法示例。
在下文中一共展示了JcaX509CertificateConverter.getCertificate方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: newCert
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public static Certificate newCert(String parentCertFile, String keyFile, String host) {
try {
Date before = Date.from(Instant.now());
Date after = Date.from(Year.now().plus(3, ChronoUnit.YEARS).atDay(1).atStartOfDay(ZoneId.systemDefault()).toInstant());
X509CertificateHolder parent = readPemFromFile(parentCertFile);
PEMKeyPair pemKeyPair = readPemFromFile(keyFile);
KeyPair keyPair = new JcaPEMKeyConverter()
.setProvider(PROVIDER)
.getKeyPair(pemKeyPair);
X509v3CertificateBuilder x509 = new JcaX509v3CertificateBuilder(
parent.getSubject(),
new BigInteger(64, new SecureRandom()),
before,
after,
new X500Name("CN=" + host),
keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.build(keyPair.getPrivate());
JcaX509CertificateConverter x509CertificateConverter = new JcaX509CertificateConverter()
.setProvider(PROVIDER);
return new Certificate(
keyPair,
x509CertificateConverter.getCertificate(x509.build(signer)),
x509CertificateConverter.getCertificate(parent));
} catch (Exception e) {
throw new IllegalStateException(e);
}
}
示例2: generateKeyAndCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(String asymmetric, String sign, int validityYears, String dn) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException {
Preconditions.checkArgument(validityYears > 0, "validityYears <= 0");
KeyPair keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair();
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + validityYears * 31536000000l);
X500Name issuer = new X500Name(new X500Principal(dn).getName());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo);
ContentSigner signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
X509Certificate certificate = converter.getCertificate(holder);
return Pair.of(keyPair.getPrivate(), certificate);
}
示例3: parseCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public X509Certificate parseCertificate(String pemBlock) throws IOException {
PEMParser p2 = new PEMParser(new StringReader(cleanupPEM(pemBlock)));
Object o2 = p2.readObject();
if (o2 == null)
throw new InvalidParameterException("Could not read certificate. Expected the certificate to begin with '-----BEGIN CERTIFICATE-----'.");
if (!(o2 instanceof X509CertificateHolder))
throw new InvalidParameterException("Expected X509CertificateHolder, got " + o2.getClass().getName());
JcaX509CertificateConverter certconv = new JcaX509CertificateConverter().setProvider("BC");
try {
return certconv.getCertificate((X509CertificateHolder) o2);
} catch (CertificateException e) {
throw new IOException(e);
}
}
示例4: readRsaPublicKey
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public static X509Certificate readRsaPublicKey(Reader reader) {
Security.addProvider(new BouncyCastleProvider());
try {
PEMParser pemParser = new PEMParser(reader);
X509CertificateHolder cert = (X509CertificateHolder) pemParser.readObject();
JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter();
return certificateConverter.getCertificate(cert);
} catch (IOException | CertificateException e) {
throw new RuntimeException("Unable to extract public RAS Key .", e);
}
}
示例5: convertX509PemToCert
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
/**
* Convert X509 certificate in PEM format to X509Certificate object
*
* @param x509InPem X509 certificate in PEM format
*
* @return {@code X509Certificate}
*/
public X509Certificate convertX509PemToCert( String x509InPem )
{
try
{
PEMParser pemParser = new PEMParser( new StringReader( x509InPem ) );
JcaX509CertificateConverter x509CertificateConverter = new JcaX509CertificateConverter();
Object o = pemParser.readObject();
return x509CertificateConverter.getCertificate( ( X509CertificateHolder ) o );
}
catch ( Exception e )
{
throw new ActionFailedException( "Failed to convert PEM to certificate", e );
}
}
示例6: provideCertificates
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
@Singleton
@Provides
@Named("eppServerCertificates")
static X509Certificate[] provideCertificates(
@Named("pemObjects") ImmutableList<Object> pemObject) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");
Function<X509CertificateHolder, X509Certificate> certificateConverter =
certificateHolder -> {
try {
return converter.getCertificate(certificateHolder);
} catch (CertificateException e) {
logger.severefmt(e, "Error converting certificate: %s", certificateHolder);
throw new RuntimeException(e);
}
};
ImmutableList<X509Certificate> certificates =
filterAndConvert(pemObject, X509CertificateHolder.class, certificateConverter);
checkState(certificates.size() != 0, "No certificates found in the pem file");
X509Certificate lastCert = null;
for (X509Certificate cert : certificates) {
if (lastCert != null) {
checkState(
lastCert.getIssuerX500Principal().equals(cert.getSubjectX500Principal()),
"Certificate chain error:\n%s\nis not signed by\n%s",
lastCert,
cert);
}
lastCert = cert;
}
X509Certificate[] certificateArray = new X509Certificate[certificates.size()];
certificates.toArray(certificateArray);
return certificateArray;
}
示例7: decodePEMFormattedCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
/**
* Decodes a PEM formatted certificate.
*
* @param pemFormattedCertificate text to be decoded as a PEM certificate.
* @return the Certificate decoded from the input text.
* @throws CertificateParsingException
* thrown if the PEM formatted string cannot be parsed into a Certificate.
*/
public static Certificate decodePEMFormattedCertificate(final String pemFormattedCertificate)
throws CertificateException
{
log.trace("Parsing PEM formatted certificate string:\n{}", pemFormattedCertificate);
// make sure we have something to parse
if (pemFormattedCertificate != null) {
StringReader stringReader = new StringReader(pemFormattedCertificate);
PEMParser pemReader = new PEMParser(stringReader);
try {
Object object = pemReader.readObject();
log.trace("Object found while paring PEM formatted string: {}", object);
if (object instanceof X509CertificateHolder) {
X509CertificateHolder holder = (X509CertificateHolder)object;
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
}
catch (IOException e) {
throw new CertificateParsingException(
"Failed to parse valid certificate from expected PEM formatted certificate:\n"
+ pemFormattedCertificate, e);
}
}
// cert was not a valid object
throw new CertificateParsingException(
"Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate);
}
示例8: getCertificate
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public static CertificateToken getCertificate(final X509CertificateHolder x509CertificateHolder) {
try {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
X509Certificate x509Certificate = converter.getCertificate(x509CertificateHolder);
return new CertificateToken(x509Certificate);
} catch (CertificateException e) {
throw new DSSException(e);
}
}
示例9: generateJca
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public X509Certificate generateJca(String cn, String[] sans) {
try {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509CertificateHolder certificate = generate(cn, sans);
return converter.getCertificate(certificate);
} catch (CertificateException ex) {
throw new CertificateGenerationException(ex);
}
}
示例10: newCertificateAuthority
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
/**
* Creates a new certificate authority PKCS#12 store. This function will
* destroy any existing CA store.
*
* @param metadata
* @param storeFile
* @param x509log
* @return
*/
public static X509Certificate newCertificateAuthority(X509Metadata metadata, File storeFile, X509Log x509log) {
try {
KeyPair caPair = newKeyPair();
ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPair.getPrivate());
// clone metadata
X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password);
X500Name issuerDN = buildDistinguishedName(caMetadata);
// Generate self-signed certificate
X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(
issuerDN,
BigInteger.valueOf(System.currentTimeMillis()),
caMetadata.notBefore,
caMetadata.notAfter,
issuerDN,
caPair.getPublic());
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);
X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));
// confirm the validity of the CA certificate
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());
// Delete existing keystore
if (storeFile.exists()) {
storeFile.delete();
}
// Save private key and certificate to new keystore
KeyStore store = openKeyStore(storeFile, caMetadata.password);
store.setKeyEntry(CA_ALIAS, caPair.getPrivate(), caMetadata.password.toCharArray(),
new Certificate[]{cert});
saveKeyStore(storeFile, store, caMetadata.password);
x509log.log(MessageFormat.format("New CA certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getIssuerDN().getName()));
// update serial number in metadata object
caMetadata.serialNumber = cert.getSerialNumber().toString();
return cert;
} catch (Throwable t) {
throw new RuntimeException("Failed to generate Fathom CA certificate!", t);
}
}
示例11: newCertificateAuthority
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
/**
* Creates a new certificate authority PKCS#12 store. This function will
* destroy any existing CA store.
*
* @param metadata
* @param storeFile
* @param keystorePassword
* @param x509log
* @return
*/
public static X509Certificate newCertificateAuthority(X509Metadata metadata, File storeFile, X509Log x509log) {
try {
KeyPair caPair = newKeyPair();
ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPair.getPrivate());
// clone metadata
X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password);
X500Name issuerDN = buildDistinguishedName(caMetadata);
// Generate self-signed certificate
X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(
issuerDN,
BigInteger.valueOf(System.currentTimeMillis()),
caMetadata.notBefore,
caMetadata.notAfter,
issuerDN,
caPair.getPublic());
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);
X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));
// confirm the validity of the CA certificate
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());
// Delete existing keystore
if (storeFile.exists()) {
storeFile.delete();
}
// Save private key and certificate to new keystore
KeyStore store = openKeyStore(storeFile, caMetadata.password);
store.setKeyEntry(CA_ALIAS, caPair.getPrivate(), caMetadata.password.toCharArray(),
new Certificate[] { cert });
saveKeyStore(storeFile, store, caMetadata.password);
x509log.log(MessageFormat.format("New CA certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getIssuerDN().getName()));
// update serial number in metadata object
caMetadata.serialNumber = cert.getSerialNumber().toString();
return cert;
} catch (Throwable t) {
throw new RuntimeException("Failed to generate Gitblit CA certificate!", t);
}
}
示例12: generatePKCS12
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; //导入方法依赖的package包/类
public KeyStore generatePKCS12(IdentityContainer identity) {
try {
Security.addProvider(new BouncyCastleProvider());
KeyStore keystore = KeyStore.getInstance(P12_EXTENSTION, BouncyCastleProvider.PROVIDER_NAME);
keystore.load(null, null);
String alias = identity.getCertificate().getSubject().toString().replaceFirst("CN=", "");
PrivateKey privateKey = identity.getPrivateKey();
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509_EXTENSTION, BouncyCastleProvider.PROVIDER_NAME);
JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter();
X509Certificate certificate = certificateConverter.getCertificate(identity.getCertificate());
Certificate convertedUserCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
X509Certificate rootCACertificate = certificateConverter.getCertificate(identity.getRootCertificate());
Certificate convertedRootCACertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(rootCACertificate.getEncoded()));;
Certificate[] chain = {convertedUserCertificate, convertedRootCACertificate};
keystore.setKeyEntry(alias, privateKey, null, chain);
return keystore;
} catch (Exception e) {
throw new RuntimeException("Error while generating PKCS12: " + e.getMessage(), e);
}
}