本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.copyAndAddExtension方法的典型用法代码示例。如果您正苦于以下问题:Java JcaX509v3CertificateBuilder.copyAndAddExtension方法的具体用法?Java JcaX509v3CertificateBuilder.copyAndAddExtension怎么用?Java JcaX509v3CertificateBuilder.copyAndAddExtension使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder的用法示例。
在下文中一共展示了JcaX509v3CertificateBuilder.copyAndAddExtension方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: makeRootCert
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入方法依赖的package包/类
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException,
SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {
// Load real root certificate
X509CertificateHolder real = getRealCert("sk-root.pem");
// Use values from real certificate
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), Time.getInstance(new ASN1GeneralizedTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), kp.getPublic());
@SuppressWarnings("unchecked")
List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();
// Copy all extensions verbatim
for (ASN1ObjectIdentifier extoid : list) {
Extension ext = real.getExtension(extoid);
builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
}
// Generate cert
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate());
X509CertificateHolder cert = builder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
示例2: makeEsteidCert
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入方法依赖的package包/类
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException,
NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException,
CertificateException {
// Load current root certificate
X509CertificateHolder real = getRealCert("sk-esteid.pem");
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(),
Time.getInstance(new ASN1UTCTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), esteid.getPublic());
// Basic constraints
@SuppressWarnings("unchecked")
List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();
// Copy all extensions
for (ASN1ObjectIdentifier extoid : list) {
Extension ext = real.getExtension(extoid);
builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
}
// Generate cert
ContentSigner sigGen = new JcaContentSignerBuilder("SHA384withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate());
X509CertificateHolder cert = builder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
示例3: cloneUserCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入方法依赖的package包/类
private X509Certificate cloneUserCertificate(RSAPublicKey pubkey, X509Certificate cert) throws OperatorCreationException, CertificateException, IOException {
if (pubkey.getModulus().bitLength() != 2048) {
throw new IllegalArgumentException("Key must be 2048b RSA");
}
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
// Clone everything
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(holder.getIssuer(), cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter(), holder.getSubject(), pubkey);
@SuppressWarnings("unchecked")
List<ASN1ObjectIdentifier> list = holder.getExtensionOIDs();
// Copy all extensions
for (ASN1ObjectIdentifier extoid : list) {
Extension ext = holder.getExtension(extoid);
builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), holder);
}
// Generate cert. NB! SHA256!
ContentSigner sigGen = new JcaContentSignerBuilder(cert.getSigAlgName()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);
X509CertificateHolder newcert = builder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(newcert);
}
示例4: generateUserCertificate
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //导入方法依赖的package包/类
private X509Certificate generateUserCertificate(RSAPublicKey pubkey, boolean signature, String firstname, String lastname,
String idcode, String email, Date from, Date to) throws InvalidKeyException, ParseException, IOException, IllegalStateException,
NoSuchProviderException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException {
if (pubkey.getModulus().bitLength() != 2048) {
throw new IllegalArgumentException("Key must be 2048b RSA");
}
Date startDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2017-01-01");
Date endDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2017-12-31");
if (from != null) {
startDate = from;
}
if (to != null) {
endDate = to;
}
String template = "C=EE,O=ESTEID,OU=%s,CN=%s\\,%s\\,%s,SURNAME=%s,GIVENNAME=%s,SERIALNUMBER=%s";
// Normalize.
lastname = lastname.toUpperCase();
firstname = firstname.toUpperCase();
idcode = idcode.toUpperCase();
email = email.toLowerCase();
String subject = String.format(template, (signature ? "digital signature" : "authentication"), lastname, firstname, idcode,
lastname, firstname, idcode);
byte[] serialBytes = new byte[16];
random.nextBytes(serialBytes);
serialBytes[0] &= 0x7F; // Can't be negative
BigInteger serial = new BigInteger(serialBytes);
X509CertificateHolder real;
if (signature) {
real = getRealCert("sk-sign.pem");
} else {
real = getRealCert("sk-auth.pem");
}
log.trace("Generating from subject: " + real.getSubject());
log.trace("Generating subject: " + new X500Name(subject).toString());
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), serial, startDate, endDate, new X500Name(subject), pubkey);
@SuppressWarnings("unchecked")
List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();
// Copy all extensions, except altName
for (ASN1ObjectIdentifier extoid : list) {
Extension ext = real.getExtension(extoid);
if (ext.getExtnId().equals(Extension.subjectAlternativeName)) {
// altName must be changed
builder.addExtension(ext.getExtnId(), ext.isCritical(), new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));
} else {
builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
}
}
// Generate cert
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);
X509CertificateHolder cert = builder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}