Java X500NameBuilder類代碼示例

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
static X500Name buildName(String commonName, String organization, String organizationUnit, String locality,
                          String state, String country) {

    X500NameBuilder nameBuilder = new X500NameBuilder();

    if (!commonName.isEmpty()) {
        nameBuilder.addRDN(BCStyle.CN, commonName);
    }
    if (!organizationUnit.isEmpty()) {
        nameBuilder.addRDN(BCStyle.OU, organizationUnit);
    }
    if (!organization.isEmpty()) {
        nameBuilder.addRDN(BCStyle.O, organization);
    }
    if (!locality.isEmpty()) {
        nameBuilder.addRDN(BCStyle.L, locality);
    }
    if (!state.isEmpty()) {
        nameBuilder.addRDN(BCStyle.ST, state);
    }
    if (!country.isEmpty()) {
        nameBuilder.addRDN(BCStyle.C, country);
    }

    return nameBuilder.build();
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException {
    X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY));
    nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY));
    nameBuilder.addRDN(BCStyle.OU, propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY));
    nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY));
    X500Name x500Name = nameBuilder.build();

    BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG());

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());

    Date startDate = new Date();
    Date endDate = Date.from(startDate.toInstant().plus(propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS));

    X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo);

    String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY);
    certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName));
    return certificateBuilder;
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
public X500Name x500Name() throws IOException {
	if(name==null) {
		X500NameBuilder xnb = new X500NameBuilder();
		xnb.addRDN(BCStyle.CN,cn);
		xnb.addRDN(BCStyle.E,email);
		if(environment==null) {
			xnb.addRDN(BCStyle.OU,mechID);
		} else {
			xnb.addRDN(BCStyle.OU,mechID+':'+environment);
		}
		xnb.addRDN(BCStyle.O,o);
		xnb.addRDN(BCStyle.L,l);
		xnb.addRDN(BCStyle.ST,st);
		xnb.addRDN(BCStyle.C,c);
		name = xnb.build();
	}
	return name;
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
/**
 * Returns a Subject for service certificate.
 */
public X500Name getSubject() {
    // Create subject CN as pod-name-0-task-name.service-name
    String cn = String.format("%s.%s",
            EndpointUtils.removeSlashes(EndpointUtils.replaceDotsWithDashes(taskInstanceName)),
            EndpointUtils.removeSlashes(EndpointUtils.replaceDotsWithDashes(serviceName)));

    if (cn.length() > CN_MAX_LENGTH) {
        cn = cn.substring(cn.length() - CN_MAX_LENGTH);
    }

    return new X500NameBuilder()
            .addRDN(BCStyle.CN, cn)
            .addRDN(BCStyle.O, "Mesosphere, Inc")
            .addRDN(BCStyle.L, "San Francisco")
            .addRDN(BCStyle.ST, "CA")
            .addRDN(BCStyle.C, "US")
            .build();
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
public PKCS10CertificationRequest generateCSR(User user, KeyPair key) throws OperatorCreationException {
    X500Name x500User = new X500NameBuilder()
            .addRDN(BCStyle.C, user.getCountryName())
            .addRDN(BCStyle.ST, user.getProvinceName())
            .addRDN(BCStyle.L,  user.getLocalityName())
            .addRDN(BCStyle.O,  user.getOrganizationName())
            .addRDN(BCStyle.OU, user.getOrganizationUnitName())
            .addRDN(BCStyle.CN, user.getCommonName())
            .addRDN(BCStyle.EmailAddress, user.getEmailAddress())
            .build();
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
            x500User, key.getPublic());
    user.setPrivateKey(key.getPrivate().getEncoded());
    JcaContentSignerBuilder csBuilder= new JcaContentSignerBuilder("SHA512WithRSAEncryption");
    ContentSigner signer = csBuilder.build(key.getPrivate());
    return p10Builder.build(signer);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
	X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
	namebuilder.addRDN(BCStyle.CN, commonNames[0]);
	
	List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
	for (String cn:commonNames)
		subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
	GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));         
	
	ExtensionsGenerator extGen = new ExtensionsGenerator();
	extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
	
	PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
	p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
	JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
	ContentSigner signer = csBuilder.build(pair.getPrivate());
	PKCS10CertificationRequest request = p10Builder.build(signer);
	return request;
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private static void setOID(X500NameBuilder dnBuilder, X509Metadata metadata,
                           String oid, String defaultValue) {

    String value = null;
    if (metadata.oids != null && metadata.oids.containsKey(oid)) {
        value = metadata.oids.get(oid);
    }
    if (Strings.isNullOrEmpty(value)) {
        value = defaultValue;
    }

    if (!Strings.isNullOrEmpty(value)) {
        try {
            Field field = BCStyle.class.getField(oid);
            ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) field.get(null);
            dnBuilder.addRDN(objectId, value);
        } catch (Exception e) {
            logger.error(MessageFormat.format("Failed to set OID \"{0}\"!", oid), e);
        }
    }
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
/**
 * This method creates the PKCS10 Certificate Sign Request which is to be sent to the SCEP Server using the
 * generated PublicKey of the client. The certificate parameters used here are the ones from the AgentManager
 * which are the values read from the configurations file.
 *
 * @return the PKCS10CertificationRequest object created using the client specific configs and the generated
 * PublicKey
 * @throws AgentCoreOperationException if an error occurs when creating a content signer to sign the CSR.
 */
private PKCS10CertificationRequest generateCertSignRequest() throws AgentCoreOperationException {
    // Build the CN for the cert we are requesting.
    X500NameBuilder nameBld = new X500NameBuilder(BCStyle.INSTANCE);
    nameBld.addRDN(BCStyle.CN, AgentManager.getInstance().getAgentConfigs().getDeviceName());
    nameBld.addRDN(BCStyle.O, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
    nameBld.addRDN(BCStyle.OU, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
    nameBld.addRDN(BCStyle.UNIQUE_IDENTIFIER, AgentManager.getInstance().getAgentConfigs().getDeviceId());
    X500Name principal = nameBld.build();

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(SIGNATURE_ALG).setProvider(PROVIDER);
    ContentSigner contentSigner;

    try {
        contentSigner = contentSignerBuilder.build(this.privateKey);
    } catch (OperatorCreationException e) {
        String errorMsg = "Could not create content signer with private key.";
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, e);
    }

    // Generate the certificate signing request (csr = PKCS10)
    PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(principal,
                                                                                            this.publicKey);
    return reqBuilder.build(contentSigner);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
/**
 * Creates an X509 version3 certificate.
 *
 * @param kp           KeyPair that keeps the public and private keys for the new certificate.
 * @param days       time to live
 * @param issuerCommonName     Issuer CN string
 * @param subjectCommonName    Subject CN string
 * @param domain       Domain of the server.
 * @param signAlgoritm Signature algorithm. This can be either a name or an OID.
 * @return X509 V3 Certificate
 * @throws GeneralSecurityException
 * @throws IOException
 */
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, String issuerCommonName,
                                                                    String subjectCommonName, String domain,
                                                                    String signAlgoritm)
        throws GeneralSecurityException, IOException {

    // subjectDN
    X500NameBuilder subjectBuilder = new X500NameBuilder();
    subjectBuilder.addRDN(BCStyle.CN, subjectCommonName);

    // issuerDN
    X500NameBuilder issuerBuilder = new X500NameBuilder();
    issuerBuilder.addRDN(BCStyle.CN, issuerCommonName);

    return createX509V3Certificate(kp, days, issuerBuilder, subjectBuilder, domain, signAlgoritm);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private Pair<Key, X509Certificate> generateKey(String name)
        throws GeneralSecurityException, OperatorCreationException {
    logger.debug("generating self-signed cert for {}", name);
    BouncyCastleProvider provider = new BouncyCastleProvider();
    Security.addProvider(provider);
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", provider);
    kpGen.initialize(1024, new SecureRandom());
    KeyPair pair = kpGen.generateKeyPair();
    X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
    builder.addRDN(BCStyle.OU, "None");
    builder.addRDN(BCStyle.O, "None");
    builder.addRDN(BCStyle.CN, name);
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(365, ChronoUnit.DAYS));
    BigInteger serial = BigInteger.valueOf(now.getEpochSecond());
    X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter,
            builder.build(), pair.getPublic());
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
            .setProvider(provider)
            .build(pair.getPrivate());
    X509Certificate cert = new JcaX509CertificateConverter()
            .setProvider(provider)
            .getCertificate(certGen.build(sigGen));
    return Pair.of(pair.getPrivate(), cert);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private void generationTest(int keySize, String keyName, String sigName, String provider)
    throws Exception
{
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");

    kpg.initialize(keySize);

    KeyPair kp = kpg.genKeyPair();


    X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);

    x500NameBld.addRDN(BCStyle.C, "AU");
    x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
    x500NameBld.addRDN(BCStyle.L, "Melbourne");
    x500NameBld.addRDN(BCStyle.ST, "Victoria");
    x500NameBld.addRDN(BCStyle.EmailAddress, "[email protected]");

    X500Name    subject = x500NameBld.build();

    PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
                        
    PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));

    JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);

    if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
    {
        fail(sigName + ": Failed verify check.");
    }

    if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
    {
        fail(keyName + ": Failed public key check.");
    }
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private static void setOID(X500NameBuilder dnBuilder, X509Metadata metadata,
		String oid, String defaultValue) {
	
	String value = null;
	if (metadata.oids != null && metadata.oids.containsKey(oid)) {
		value = metadata.oids.get(oid);
	}
	if (StringUtils.isEmpty(value)) {
		value = defaultValue;
	}
	
	if (!StringUtils.isEmpty(value)) {
		try {
			Field field = BCStyle.class.getField(oid);
			ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) field.get(null);
			dnBuilder.addRDN(objectId, value);
		} catch (Exception e) {
			logger.error(MessageFormat.format("Failed to set OID \"{0}\"!", oid) ,e);
		}
	}
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
public static X509Certificate generateTestCertificate(KeyPair pair) throws CertificateException, OperatorCreationException {
    final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    final X500Name cn = nameBuilder.addRDN(BCStyle.CN, "Test Certificate").build();

    final byte[] encoded = pair.getPublic().getEncoded();
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded));

    final X509v1CertificateBuilder certBuilder = new X509v1CertificateBuilder(
            cn,
            BigInteger.valueOf(System.currentTimeMillis()),
            new Date(System.currentTimeMillis() - 10000),
            new Date(System.currentTimeMillis() + 10000),
            cn,
            subjectPublicKeyInfo
    );

    final JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
    final ContentSigner contentSigner = contentSignerBuilder.build(pair.getPrivate());
    final X509CertificateHolder certificateHolder = certBuilder.build(contentSigner);

    return new JcaX509CertificateConverter().setProvider( "BC" ).getCertificate(certificateHolder);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private ASN1Encodable createEntryValue(ASN1ObjectIdentifier oid, String value)
{
    X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);

    builder.addRDN(oid, value);
    
    X500Name name = builder.build();

    ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
    ASN1Set set = ASN1Set.getInstance(seq.getObjectAt(0).toASN1Primitive());
    seq = (ASN1Sequence)set.getObjectAt(0);

    return seq.getObjectAt(1);
}
 

import org.bouncycastle.asn1.x500.X500NameBuilder; //導入依賴的package包/類
private ASN1Encodable createEntryValueFromString(ASN1ObjectIdentifier oid, String value)
{
    X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);

    builder.addRDN(oid, value);

    X500Name name = new X500Name(builder.build().toString());

    ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
    ASN1Set set = ASN1Set.getInstance(seq.getObjectAt(0).toASN1Primitive());
    seq = (ASN1Sequence)set.getObjectAt(0);

    return seq.getObjectAt(1);
}