Java KeyUsage類代碼示例

本文整理匯總了Java中org.bouncycastle.asn1.x509.KeyUsage類的典型用法代碼示例。如果您正苦於以下問題：Java KeyUsage類的具體用法？Java KeyUsage怎麽用？Java KeyUsage使用的例子？那麽, 這裏精選的類代碼示例或許可以為您提供幫助。

KeyUsage類屬於org.bouncycastle.asn1.x509包，在下文中一共展示了KeyUsage類的15個代碼示例，這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚，您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: testFailingOnMissingKeyUsage

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void testFailingOnMissingKeyUsage() throws Exception {
	// setup
	KeyPair keyPair = PKITestUtils.generateKeyPair();
	DateTime notBefore = new DateTime();
	DateTime notAfter = notBefore.plusMonths(1);
	KeyUsage keyUsage = new KeyUsage(KeyUsage.decipherOnly);
	X509Certificate certificate = PKITestUtils
			.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
					notAfter, true, 0, null, keyUsage);

	this.testedInstance.setCRLSigningFilter(true);

	// operate
	try {
		this.testedInstance.check(certificate);
		fail();
	} catch (TrustLinkerResultException e) {
		assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
				e.getReason());
	}
}

開發者ID:e-Contract，項目名稱:jtrust，代碼行數:23，代碼來源:KeyUsageCertificateConstraintTest.java

示例2: validateKeyUsage

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}

開發者ID:Appdome，項目名稱:ipack，代碼行數:18，代碼來源:TlsUtils.java

示例3: generateSignedCertificate

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private X509Certificate generateSignedCertificate(
        PKCS10CertificationRequest csr) throws NoSuchAlgorithmException,
        NoSuchProviderException, InvalidKeyException,
        CertificateParsingException, CertificateEncodingException,
        SignatureException {

    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(rootCert.getSubjectX500Principal());
    Calendar c = Calendar.getInstance();
    certGen.setNotBefore(c.getTime());
    c.add(Calendar.YEAR, 1);
    certGen.setNotAfter(c.getTime());
    certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
    certGen.setPublicKey(csr.getPublicKey("BC"));
    certGen.setSignatureAlgorithm(ALGORITHM_SHA256_RSA);
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(rootCert.getPublicKey()));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
    certGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    X509Certificate issuedCert = certGen.generate(rootPrivateKeyEntry
            .getPrivateKey());
    return issuedCert;
}

開發者ID:servicecatalog，項目名稱:oscm，代碼行數:30，代碼來源:CertificateHandler.java

示例4: validate

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
    throws CertPathValidationException
{
    context.addHandledExtension(Extension.keyUsage);

    if (!context.isEndEntity())
    {
        KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

        if (usage != null)
        {
            if (!usage.hasUsages(KeyUsage.keyCertSign))
            {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        }
        else
        {
            if (isMandatory)
            {
                throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
            }
        }
    }
}

開發者ID:ttt43ttt，項目名稱:gwt-crypto，代碼行數:26，代碼來源:KeyUsageValidation.java

示例5: getServerExtensions

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
        throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
    List<ExtensionHolder> extensions = new ArrayList<>();

    // SSO forces us to allow data encipherment
    extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature
                    | KeyUsage.keyEncipherment
                    | KeyUsage.dataEncipherment)));

    extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));

    Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
            new DEROctetString(new JcaX509ExtensionUtils()
                    .createAuthorityKeyIdentifier(issuerCertificate)));
    extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(),
            authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue()));

    return extensions;
}

開發者ID:vmware，項目名稱:photon-model，代碼行數:22，代碼來源:CertificateUtil.java

示例6: generateCSR

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
        throws IOException, OperatorCreationException {
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(
                    new KeyPurposeId[] {
                            KeyPurposeId.id_kp_clientAuth,
                            KeyPurposeId.id_kp_serverAuth
                    }
            ));
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());

    PKCS10CertificationRequest csr =
            new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
            .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
            .build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    return PEMUtils.toPEM(csr);
}

開發者ID:mesosphere，項目名稱:dcos-commons，代碼行數:20，代碼來源:TLSArtifactsGenerator.java

示例7: givenASelfSignedCertificate_setsCertificateFieldsCorrectly

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void givenASelfSignedCertificate_setsCertificateFieldsCorrectly() {
  final String distinguishedName =
      "O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
  final GeneralNames generalNames = new GeneralNames(
      new GeneralName(GeneralName.dNSName, "SolarSystem"));

  CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);

  assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
  assertThat(certificateReader.getKeyLength(), equalTo(4096));
  assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
  assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
      containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
  assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
      equalTo(true));
  assertThat(certificateReader.getDurationDays(), equalTo(30));
  assertThat(certificateReader.isSelfSigned(), equalTo(false));
  assertThat(certificateReader.isCa(), equalTo(false));
}

開發者ID:cloudfoundry-incubator，項目名稱:credhub，代碼行數:21，代碼來源:CertificateReaderTest.java

示例8: returnsParametersCorrectly

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void returnsParametersCorrectly() {
  final String distinguishedName =
      "O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
  final GeneralNames generalNames = new GeneralNames(
      new GeneralName(GeneralName.dNSName, "SolarSystem"));

  CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);

  assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
  assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
      containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
  assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
      equalTo(true));
  assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
}

開發者ID:cloudfoundry-incubator，項目名稱:credhub，代碼行數:17，代碼來源:CertificateReaderTest.java

示例9: prepopulateWithValue

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private void prepopulateWithValue(byte[] value) throws IOException {
	@SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed
	DERBitString keyUsage = DERBitString.getInstance(new ASN1InputStream(value).readObject());

	int keyUsageValue = keyUsage.intValue();

	jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature));
	jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation));
	jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment));
	jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment));
	jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement));
	jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign));
	jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign));
	jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly));
	jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly));
}

開發者ID:kaikramer，項目名稱:keystore-explorer，代碼行數:17，代碼來源:DKeyUsage.java

示例10: generateRootCertificateWithCrl

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private CertificateToken generateRootCertificateWithCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey,
		PublicKey publicKey, Date notBefore, Date notAfter) throws Exception {

	// generate certificate
	final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());

	final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
			new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);

	certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));

	// Sign the new certificate with the private key of the trusted third
	final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey);
	final X509CertificateHolder holder = certBuilder.build(signer);

	final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
			.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));

	return new CertificateToken(cert);
}

開發者ID:esig，項目名稱:dss，代碼行數:21，代碼來源:CertificateService.java

示例11: generateRootCertificateWithoutCrl

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private CertificateToken generateRootCertificateWithoutCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey,
		PublicKey publicKey, Date notBefore, Date notAfter) throws Exception {

	// generate certificate
	final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());

	final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
			new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);

	certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));

	// Sign the new certificate with the private key of the trusted third
	final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey);
	final X509CertificateHolder holder = certBuilder.build(signer);

	final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
			.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));

	return new CertificateToken(cert);
}

開發者ID:esig，項目名稱:dss，代碼行數:21，代碼來源:CertificateService.java

示例12: caCert

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
private CaCert caCert() throws NoSuchAlgorithmException, NoSuchProviderException {
    final DistinguishedName issuer = issuer();

    final X500Principal issuerPrincipal = issuer.toX500Principal();

    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE);
    final KeyPair certKeyPair = keyPairGenerator.generateKeyPair();

    final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder()
            .add(keyUsage(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)))
            .build();
    final SelfSignedX509V3CertRequest selfSignedRequest = new SelfSignedX509V3CertRequest(
            issuerPrincipal,
            BigInteger.ONE,
            Instant.now(),
            Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)),
            certKeyPair,
            x509CertExtensions,
            new BasicConstraints(Integer.MAX_VALUE)
    );

    return new CaCert(certificateService.generateSelfSignedX509CertificateV3(selfSignedRequest), certKeyPair.getPrivate());
}

開發者ID:runrightfast，項目名稱:runrightfast-vertx，代碼行數:24，代碼來源:CertificateServiceImplTest.java

示例13: testDigitalSignatureKeyUsage

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void testDigitalSignatureKeyUsage() throws Exception {
	// setup
	KeyPair keyPair = PKITestUtils.generateKeyPair();
	DateTime notBefore = new DateTime();
	DateTime notAfter = notBefore.plusMonths(1);
	KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
	X509Certificate certificate = PKITestUtils
			.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
					notAfter, true, 0, null, keyUsage);

	this.testedInstance.setDigitalSignatureFilter(true);

	// operate
	this.testedInstance.check(certificate);
}

開發者ID:e-Contract，項目名稱:jtrust，代碼行數:17，代碼來源:KeyUsageCertificateConstraintTest.java

示例14: testDigitalSignatureNoNonRepudiationKeyUsage

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void testDigitalSignatureNoNonRepudiationKeyUsage() throws Exception {
	// setup
	KeyPair keyPair = PKITestUtils.generateKeyPair();
	DateTime notBefore = new DateTime();
	DateTime notAfter = notBefore.plusMonths(1);
	KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
	X509Certificate certificate = PKITestUtils
			.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
					notAfter, true, 0, null, keyUsage);

	this.testedInstance.setDigitalSignatureFilter(true);
	this.testedInstance.setNonRepudiationFilter(false);

	// operate
	this.testedInstance.check(certificate);
}

開發者ID:e-Contract，項目名稱:jtrust，代碼行數:18，代碼來源:KeyUsageCertificateConstraintTest.java

示例15: testFailingOnUnexpectedKeyUsageKeyEncipherment

import org.bouncycastle.asn1.x509.KeyUsage; //導入依賴的package包/類
@Test
public void testFailingOnUnexpectedKeyUsageKeyEncipherment()
		throws Exception {
	// setup
	KeyPair keyPair = PKITestUtils.generateKeyPair();
	DateTime notBefore = new DateTime();
	DateTime notAfter = notBefore.plusMonths(1);
	KeyUsage keyUsage = new KeyUsage(KeyUsage.keyEncipherment);
	X509Certificate certificate = PKITestUtils
			.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
					notAfter, true, 0, null, keyUsage);

	this.testedInstance.setKeyEnciphermentFilter(false);

	// operate
	try {
		this.testedInstance.check(certificate);
		fail();
	} catch (TrustLinkerResultException e) {
		assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
				e.getReason());
	}
}

開發者ID:e-Contract，項目名稱:jtrust，代碼行數:24，代碼來源:KeyUsageCertificateConstraintTest.java

注：本文中的org.bouncycastle.asn1.x509.KeyUsage類示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台，相關代碼片段篩選自各路編程大神貢獻的開源項目，源碼版權歸原作者所有，傳播和使用請參考對應項目的License；未經允許，請勿轉載。