本文整理汇总了Java中org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.setProvider方法的典型用法代码示例。如果您正苦于以下问题:Java JcaContentSignerBuilder.setProvider方法的具体用法?Java JcaContentSignerBuilder.setProvider怎么用?Java JcaContentSignerBuilder.setProvider使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.operator.jcajce.JcaContentSignerBuilder的用法示例。
在下文中一共展示了JcaContentSignerBuilder.setProvider方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateCrl
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
X509v2CRLBuilder builder = new X509v2CRLBuilder(
new X500Name(ca.getSubjectDN().getName()),
new Date()
);
for (X509Certificate certificate : revoked) {
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
}
JcaContentSignerBuilder contentSignerBuilder =
new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
return converter.getCRL(crlHolder);
}
示例2: toSignerInfoGenerator
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
SignerInfoGenerator toSignerInfoGenerator(
SecureRandom random,
Provider sigProvider,
boolean addDefaultAttributes)
throws IOException, CertificateEncodingException, CMSException, OperatorCreationException, NoSuchAlgorithmException
{
String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
if (addDefaultAttributes)
{
builder.setSignedAttributeGenerator(sAttr);
}
builder.setDirectSignature(!addDefaultAttributes);
builder.setUnsignedAttributeGenerator(unsAttr);
JcaContentSignerBuilder signerBuilder;
try
{
signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(random);
}
catch (IllegalArgumentException e)
{
throw new NoSuchAlgorithmException(e.getMessage());
}
if (sigProvider != null)
{
signerBuilder.setProvider(sigProvider);
}
ContentSigner contentSigner = signerBuilder.build(key);
if (signerIdentifier instanceof X509Certificate)
{
return builder.build(contentSigner, (X509Certificate)signerIdentifier);
}
else
{
return builder.build(contentSigner, (byte[])signerIdentifier);
}
}
示例3: generateCertificationRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
/**
* generateCertificationRequest
*
* @param subject The subject to be added to the certificate
* @param pair Public private key pair
* @return PKCS10CertificationRequest Certificate Signing Request.
* @throws OperatorCreationException
*/
public String generateCertificationRequest(String subject, KeyPair pair)
throws InvalidArgumentException {
try {
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("CN=" + subject), pair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA");
if (null != SECURITY_PROVIDER) {
csBuilder.setProvider(SECURITY_PROVIDER);
}
ContentSigner signer = csBuilder.build(pair.getPrivate());
return certificationRequestToPEM(p10Builder.build(signer));
} catch (Exception e) {
logger.error(e);
throw new InvalidArgumentException(e);
}
}
示例4: testDirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例5: testIndirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例6: testMalformedIndirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}
示例7: testIndirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例8: testMalformedIndirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}
示例9: testIndirect2
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testIndirect2()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
}
示例10: testDirect
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}