本文整理汇总了Java中org.bouncycastle.pkcs.PKCS10CertificationRequest.isSignatureValid方法的典型用法代码示例。如果您正苦于以下问题:Java PKCS10CertificationRequest.isSignatureValid方法的具体用法?Java PKCS10CertificationRequest.isSignatureValid怎么用?Java PKCS10CertificationRequest.isSignatureValid使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.pkcs.PKCS10CertificationRequest的用法示例。
在下文中一共展示了PKCS10CertificationRequest.isSignatureValid方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: loadCSR
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
/**
* Load a CSR from the specified URL.
*
* @param url The URL to load CSR from
* @return The CSR
* @throws CryptoException Problem encountered while loading the CSR
* @throws FileNotFoundException If the CSR file does not exist, is a directory rather than a regular file, or for
* some other reason cannot be opened for reading
* @throws IOException An I/O error occurred
*/
public static PKCS10CertificationRequest loadCSR(URL url)
throws CryptoException, IOException
{
// TODO: handle DER encoded requests too?
try (PEMParser pr = new PEMParser(new InputStreamReader(NetUtil.openGetStream(url))))
{
PKCS10CertificationRequest csr = (PKCS10CertificationRequest) pr.readObject();
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(csr.getSubjectPublicKeyInfo());
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyCsr.exception.message"));
}
return csr;
}
catch (ClassCastException | OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoLoadCsr.exception.message"), ex);
}
}
示例2: generatePKCS10CSR
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
/**
* Create a PKCS #10 certification request (CSR) using the supplied certificate and private key.
*
* @param cert The certificate
* @param privateKey The private key
* @throws CryptoException If there was a problem generating the CSR
* @return The CSR
*/
public static PKCS10CertificationRequest generatePKCS10CSR(X509Certificate cert, PrivateKey privateKey)
throws CryptoException
{
X500Name subject = new X500Name(cert.getSubjectDN().toString());
JcaPKCS10CertificationRequestBuilder csrBuilder =
new JcaPKCS10CertificationRequestBuilder(subject, cert.getPublicKey());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(cert.getSigAlgName());
try
{
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(cert);
PKCS10CertificationRequest csr = csrBuilder.build(signerBuilder.build(privateKey));
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyGenCsr.exception.message"));
}
return csr;
}
catch (OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoGenerateCsr.exception.message"), ex);
}
}
示例3: rsaCreationTest
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
private void rsaCreationTest()
throws Exception
{
//
// a lightweight key pair.
//
RSAKeyParameters lwPubKey = new RSAKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
RSAPrivateCrtKeyParameters lwPrivKey = new RSAPrivateCrtKeyParameters(
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16),
new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
//
// distinguished name table.
//
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "AU");
builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
builder.addRDN(BCStyle.L, "Melbourne");
builder.addRDN(BCStyle.ST, "Victoria");
builder.addRDN(BCStyle.E, "[email protected]");
//
// extensions
//
//
// create the certificate - version 3 - without extensions
//
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(lwPrivKey);
SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()));
X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBld.addRDN(BCStyle.C, "AU");
x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
x500NameBld.addRDN(BCStyle.L, "Melbourne");
x500NameBld.addRDN(BCStyle.ST, "Victoria");
x500NameBld.addRDN(BCStyle.EmailAddress, "[email protected]");
X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder = new PKCS10CertificationRequestBuilder(subject, pubInfo);
PKCS10CertificationRequest req1 = requestBuilder.build(sigGen);
PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(req1.getEncoded());
if (!req2.isSignatureValid(new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey)))
{
fail("Failed verify check.");
}
if (!Arrays.areEqual(req2.getSubjectPublicKeyInfo().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
{
fail("Failed public key check.");
}
}
示例4: testCreateCsrFromPemV2_bcprov_jdk15on_1_50
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
/**
* Read the pkcs#10 CSR pem text and create a BC CSR object for subsequent
* verifying and manipulation. This test uses bcprov-jdk15on-1.50.jar and
* bcpkix-jdk15on-1.50.jar
*
* @throws Exception
*/
@Test
public void testCreateCsrFromPemV2_bcprov_jdk15on_1_50() throws Exception {
SignatureAlgorithmIdentifierFinder algFinder = new DefaultSignatureAlgorithmIdentifierFinder();
String csrPemStr = this.getCsrIrregularOrderDN();
PemReader pemReader = new PemReader(new StringReader(csrPemStr));
PemObject obj = pemReader.readPemObject();
pemReader.close();
byte[] pembytes = obj.getContent();
PKCS10CertificationRequest req = new PKCS10CertificationRequest(pembytes);
assertEquals("CN=some body,C=UK,L=DL,O=eScience,OU=CLRC", req.getSubject().toString());
//System.out.println(req.getSubject().toString());
SubjectPublicKeyInfo pkInfo = req.getSubjectPublicKeyInfo();
// get the algorithm of the pubkey RSA
AlgorithmIdentifier pubKeyAlgId = pkInfo.getAlgorithm();
//System.out.println(pubKeyAlgId.getAlgorithm().getId()); // 1.2.840.113549.1.1.1
//System.out.println(pubKeyAlgId.getAlgorithm().toString());// 1.2.840.113549.1.1.1
assertEquals("1.2.840.113549.1.1.1", pubKeyAlgId.getAlgorithm().getId());
// get the algorithm of the request (we expect SHA1 with RSA)
AlgorithmIdentifier reqSigAlgId = req.getSignatureAlgorithm();
AlgorithmIdentifier algIdExpected = algFinder.find("SHA1WITHRSAENCRYPTION"); // or "SHA1withRSA", "SHA1withRSAEncryption"
assertEquals(reqSigAlgId.getAlgorithm().getId(), algIdExpected.getAlgorithm().getId());
assertEquals("1.2.840.113549.1.1.5", algIdExpected.getAlgorithm().getId());
// Get java.security.PublicKey so we can validate and get the DB formatted pub key
// Looks like we can get the public key in two ways:
//
// 1)
//http://stackoverflow.com/questions/11028932/how-to-get-publickey-from-pkcs10certificationrequest-using-new-bouncy-castle-lib
RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(pkInfo);
assertEquals(2048, rsa.getModulus().bitLength());
RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(), rsa.getExponent());
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey pubKey1 = kf.generatePublic(rsaSpec);
String pubkey1DBFormat = getDBFormattedRSAPublicKey(pubKey1);
boolean valid = req.isSignatureValid((new JcaContentVerifierProviderBuilder()).build(pubKey1));
assertTrue(valid);
//
// 2)
JcaPKCS10CertificationRequest jcaReq = new JcaPKCS10CertificationRequest(req);
PublicKey pubKey2 = jcaReq.getPublicKey();
RSAPublicKey rsa2 = (RSAPublicKey) pubKey2;
assertEquals(2048, rsa2.getModulus().bitLength());
String pubkey2DBFormat = getDBFormattedRSAPublicKey(pubKey2);
assertTrue(jcaReq.isSignatureValid((new JcaContentVerifierProviderBuilder()).build(pubKey2)));
// Test that the two DB formated pubkeys are the same
assertEquals(pubkey1DBFormat, pubkey2DBFormat);
}
示例5: createPSSTest
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
private void createPSSTest(String algorithm)
throws Exception
{
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16));
RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16),
new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
PrivateKey privKey = fact.generatePrivate(privKeySpec);
PublicKey pubKey = fact.generatePublic(pubKeySpec);
PKCS10CertificationRequest req = new JcaPKCS10CertificationRequestBuilder(
new X500Name("CN=XXX"), pubKey).build(new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey));
if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
{
fail("Failed verify check PSS.");
}
JcaPKCS10CertificationRequest jcaReq = new JcaPKCS10CertificationRequest(req.getEncoded()).setProvider(BC);
if (!jcaReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaReq.getPublicKey())))
{
fail("Failed verify check PSS encoded.");
}
if (!jcaReq.getSignatureAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
{
fail("PSS oid incorrect.");
}
if (jcaReq.getSignatureAlgorithm().getParameters() == null)
{
fail("PSS parameters incorrect.");
}
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initVerify(pubKey);
sig.update(jcaReq.toASN1Structure().getCertificationRequestInfo().getEncoded());
if (!sig.verify(req.getSignature()))
{
fail("signature not mapped correctly.");
}
}
示例6: createPSSTest
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
private void createPSSTest(String algorithm)
throws Exception
{
AsymmetricKeyParameter pubKey = new RSAKeyParameters(
false,
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16));
AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16),
new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm);
AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
PKCS10CertificationRequest req = new BcPKCS10CertificationRequestBuilder(new X500Name("CN=XXX"), pubKey).build(contentSignerBuilder.build(privKey));
if (!req.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
{
fail("Failed verify check PSS.");
}
BcPKCS10CertificationRequest bcReq = new BcPKCS10CertificationRequest(req.getEncoded());
if (!bcReq.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(bcReq.getPublicKey())))
{
fail("Failed verify check PSS encoded.");
}
if (!bcReq.getSignatureAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
{
fail("PSS oid incorrect.");
}
if (bcReq.getSignatureAlgorithm().getParameters() == null)
{
fail("PSS parameters incorrect.");
}
}
示例7: getPkcs10_Pkcs8_AsPemStrings
import org.bouncycastle.pkcs.PKCS10CertificationRequest; //导入方法依赖的package包/类
/**
* Get the PKCS#10 PEM string and encrypted PKCS#8 PEM string.
* @param subject
* @param email Added as a Subject Alt Name extension if not null
* @param pw
* @return First element contains the PKCS#10 PEM, second element contains the private key.
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OperatorCreationException
* @throws PKCSException
*/
public String[] getPkcs10_Pkcs8_AsPemStrings(X500Name subject, String email, String pw)
throws IOException, NoSuchAlgorithmException,
NoSuchProviderException, OperatorCreationException, PKCSException {
// Create a PKCS10 cert signing request
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
kpg.initialize(2048);
KeyPair kp = kpg.genKeyPair();
PrivateKey priKey = kp.getPrivate();
// X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
// x500NameBld.addRDN(BCStyle.C, csrRequestValidationConfigParams.getCountryOID());
// x500NameBld.addRDN(BCStyle.O, csrRequestValidationConfigParams.getOrgNameOID());
// x500NameBld.addRDN(BCStyle.OU, ou);
// x500NameBld.addRDN(BCStyle.L, loc);
// x500NameBld.addRDN(BCStyle.CN, cn);
// X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder
= new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if(email != null){
extGen.addExtension(Extension.subjectAlternativeName, false,
new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));
}
requestBuilder.addAttribute(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
String sigName = "SHA1withRSA";
PKCS10CertificationRequest req1 = requestBuilder.build(
new JcaContentSignerBuilder(sigName).setProvider("BC").build(kp.getPrivate()));
if (req1.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(kp.getPublic()))) {
//log.info(sigName + ": PKCS#10 request verified.");
} else {
//log.error(sigName + ": Failed verify check.");
throw new RuntimeException(sigName + ": Failed verify check.");
}
StringWriter writer = new StringWriter();
PEMWriter pemWrite = new PEMWriter(writer);
pemWrite.writeObject(req1);
pemWrite.close();
String csr = writer.toString();
JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder
= new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
SecureRandom random = new SecureRandom();
encryptorBuilder.setRandom(random);
encryptorBuilder.setPasssword(pw.toCharArray());
OutputEncryptor oe = encryptorBuilder.build();
JcaPKCS8Generator pkcs8GeneratorEnc = new JcaPKCS8Generator(priKey, oe);
// Output encrypted private key pkcs8 PEM string (todo use later api)
PemObject pkcs8PemEnc = pkcs8GeneratorEnc.generate();
StringWriter writer2 = new StringWriter();
PEMWriter pemWrite2 = new PEMWriter(writer2);
pemWrite2.writeObject(pkcs8PemEnc);
pemWrite2.close();
String pkcs8StrEnc = writer2.toString();
String[] pems = new String[2];
pems[0] = csr;
pems[1] = pkcs8StrEnc;
return pems;
}