本文整理匯總了Java中org.bouncycastle.asn1.x509.KeyUsage.cRLSign方法的典型用法代碼示例。如果您正苦於以下問題:Java KeyUsage.cRLSign方法的具體用法?Java KeyUsage.cRLSign怎麽用?Java KeyUsage.cRLSign使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類org.bouncycastle.asn1.x509.KeyUsage
的用法示例。
在下文中一共展示了KeyUsage.cRLSign方法的10個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: testFailingOnUnexpectedKeyUsageCrlSign
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
@Test
public void testFailingOnUnexpectedKeyUsageCrlSign() throws Exception {
// setup
KeyPair keyPair = PKITestUtils.generateKeyPair();
DateTime notBefore = new DateTime();
DateTime notAfter = notBefore.plusMonths(1);
KeyUsage keyUsage = new KeyUsage(KeyUsage.cRLSign);
X509Certificate certificate = PKITestUtils
.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
notAfter, true, 0, null, keyUsage);
this.testedInstance.setCRLSigningFilter(false);
// operate
try {
this.testedInstance.check(certificate);
fail();
} catch (TrustLinkerResultException e) {
assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
e.getReason());
}
}
示例2: generateCA
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public void generateCA(String prettyName)
{
this.prettyName = prettyName;
Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR";
size = 4096;
EKU = new KeyPurposeId[4];
EKU[0] = KeyPurposeId.id_kp_codeSigning;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
EKU[2] = KeyPurposeId.id_kp_clientAuth;
EKU[3] = KeyPurposeId.id_kp_emailProtection;
keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign;
generateAll();
}
示例3: createRootCertificate
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public static KeyStore createRootCertificate(Authority authority, String keyStoreType)
throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(), authority.password(), new Certificate[] { cert });
return result;
}
示例4: initializeKeyStore
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public void initializeKeyStore() throws GeneralSecurityException, IOException {
KeyPair keyPair = generateKeyPair(1024);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, commonName);
nameBuilder.addRDN(BCStyle.O, organization);
nameBuilder.addRDN(BCStyle.OU, organizationalUnitName);
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore keystore = KeyStore.getInstance(KEY_STORE_TYPE);
keystore.load(null, null);
keystore.setKeyEntry(alias, keyPair.getPrivate(), password, new Certificate[] { cert });
try (OutputStream os = new FileOutputStream(aliasFile(KEY_STORE_FILE_EXTENSION))) {
keystore.store(os, password);
}
exportPem(aliasFile(".pem"), cert);
}
示例5: buildKeyUsage
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private KeyUsage buildKeyUsage(CertificateGenerationRequestParameters keyUsageList) {
if (keyUsageList.getKeyUsage() == null){
return null;
}
int bitmask = 0;
for (String keyUsage : keyUsageList.getKeyUsage()) {
switch (keyUsage) {
case DIGITAL_SIGNATURE:
bitmask |= KeyUsage.digitalSignature;
break;
case NON_REPUDIATION:
bitmask |= KeyUsage.nonRepudiation;
break;
case KEY_ENCIPHERMENT:
bitmask |= KeyUsage.keyEncipherment;
break;
case DATA_ENCIPHERMENT:
bitmask |= KeyUsage.dataEncipherment;
break;
case KEY_AGREEMENT:
bitmask |= KeyUsage.keyAgreement;
break;
case KEY_CERT_SIGN:
bitmask |= KeyUsage.keyCertSign;
break;
case CRL_SIGN:
bitmask |= KeyUsage.cRLSign;
break;
case ENCIPHER_ONLY:
bitmask |= KeyUsage.encipherOnly;
break;
case DECIPHER_ONLY:
bitmask |= KeyUsage.decipherOnly;
break;
default:
throw new ParameterizedValidationException("error.invalid_key_usage", keyUsage);
}
}
return new KeyUsage(bitmask);
}
示例6: okPressed
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private void okPressed() {
if (!jcbDigitalSignature.isSelected() && !jcbNonRepudiation.isSelected() && !jcbKeyEncipherment.isSelected()
&& !jcbDataEncipherment.isSelected() && !jcbKeyAgreement.isSelected()
&& !jcbCertificateSigning.isSelected() && !jcbCrlSign.isSelected() && !jcbEncipherOnly.isSelected()
&& !jcbDecipherOnly.isSelected()) {
JOptionPane.showMessageDialog(this, res.getString("DKeyUsage.ValueReq.message"), getTitle(),
JOptionPane.WARNING_MESSAGE);
return;
}
int keyUsageIntValue = 0;
keyUsageIntValue |= jcbDigitalSignature.isSelected() ? KeyUsage.digitalSignature : 0;
keyUsageIntValue |= jcbNonRepudiation.isSelected() ? KeyUsage.nonRepudiation : 0;
keyUsageIntValue |= jcbKeyEncipherment.isSelected() ? KeyUsage.keyEncipherment : 0;
keyUsageIntValue |= jcbDataEncipherment.isSelected() ? KeyUsage.dataEncipherment : 0;
keyUsageIntValue |= jcbKeyAgreement.isSelected() ? KeyUsage.keyAgreement : 0;
keyUsageIntValue |= jcbCertificateSigning.isSelected() ? KeyUsage.keyCertSign : 0;
keyUsageIntValue |= jcbCrlSign.isSelected() ? KeyUsage.cRLSign : 0;
keyUsageIntValue |= jcbEncipherOnly.isSelected() ? KeyUsage.encipherOnly : 0;
keyUsageIntValue |= jcbDecipherOnly.isSelected() ? KeyUsage.decipherOnly : 0;
KeyUsage keyUsage = new KeyUsage(keyUsageIntValue);
try {
value = keyUsage.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
示例7: nullPointerTest
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private void nullPointerTest()
throws Exception
{
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
keyGen.initialize(1024, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
Extension[] ext = new Extension[] {
new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true))),
new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign))),
new Extension(Extension.subjectKeyIdentifier, false, new DEROctetString(extUtils.createSubjectKeyIdentifier(pair.getPublic())))
};
PKCS10CertificationRequest p1 = new JcaPKCS10CertificationRequestBuilder(
new X500Name("cn=csr"),
pair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext))
.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate()));
PKCS10CertificationRequest p2 = new JcaPKCS10CertificationRequestBuilder(
new X500Name("cn=csr"),
pair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext))
.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate()));
if (!p1.equals(p2))
{
fail("cert request comparison failed");
}
Attribute[] attr1 = p1.getAttributes();
Attribute[] attr2 = p1.getAttributes();
checkAttrs(1, attr1, attr2);
attr1 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
attr2 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
checkAttrs(1, attr1, attr2);
}
示例8: genKeyStoreWithSelfSignedCert
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
* Generates a self-signed certificate stored in memory
* @param name Distinguished Name to be used in certificate
* @param keyAlgorithm Algorithm for key generation (e.g.: RSA)
* @param keySize Key size (e.g.: 1024)
* @param days Number of days in future for expiration of generated certificate
* @param sigAlgorithm Algorithm for certificate signature
* @param keystorePassword Password for both keystore and private key
* @param keystoreAlias Alias in keystore for holding key entry
*/
public static KeyStore genKeyStoreWithSelfSignedCert(String name,String keyAlgorithm,int keySize,int days,String sigAlgorithm,
char[] keystorePassword, String keystoreAlias)
throws NoSuchAlgorithmException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException,
KeyStoreException {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME)==null)
Security.addProvider(new BouncyCastleProvider());
SecureRandom sr = new SecureRandom();
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(keyAlgorithm, "BC");
keyGen.initialize( keySize, sr);
KeyPair keypair = keyGen.generateKeyPair();
X500Name subjectName = new X500Name("CN="+name);
X500Name issuerName = subjectName; // subjects name: the same as we are self signed.
Date NOT_BEFORE = new Date(System.currentTimeMillis());
Date NOT_AFTER = new Date(System.currentTimeMillis() + 86400000L * days);
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName,
serial, NOT_BEFORE, NOT_AFTER, subjectName, keypair.getPublic());
builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
builder.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(sigAlgorithm, builder, keypair.getPrivate());
Certificate[] certChain = new Certificate[]{ cert };
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, keystorePassword);
ks.setKeyEntry(keystoreAlias, keypair.getPrivate(), keystorePassword, certChain);
return ks;
}
示例9: createRootCertificate
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public static KeyStore createRootCertificate(Authority authority,
String keyStoreType) throws NoSuchAlgorithmException,
NoSuchProviderException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(
issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
| KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false,
new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore
.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(),
authority.password(), new Certificate[] { cert });
return result;
}
示例10: MinimalCertificateGenerator
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
* Basic common path.
* @param subjectDN the distinguished name of the subject.
* @param subjectPublicKey the public key of the subject.
* @param issuerDN the distinguished name of the issuer.
* @param duration the validity duration of the certificate.
* @param isCA
* @param allUsage if isCA is true, add "regular" KeyUsage flags, for dual-use cert
*/
public MinimalCertificateGenerator(String subjectDN, PublicKey subjectPublicKey,
X500Principal issuerDN, long duration, boolean isCA,
Integer chainLength,
boolean allUsage) {
_generator.setSubjectDN(new X509Name(subjectDN));
_generator.setIssuerDN(issuerDN);
_generator.setSerialNumber(new BigInteger(64, cachedRandom));
_generator.setPublicKey(subjectPublicKey);
Date startTime = new Date();
Date stopTime = new Date(startTime.getTime() + duration);
_generator.setNotBefore(startTime);
_generator.setNotAfter(stopTime);
// CA key usage
final int caKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyCertSign | KeyUsage.cRLSign;
// Non-CA key usage
final int nonCAKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement;
int ourUsage;
if (isCA) {
if (!allUsage) {
ourUsage = caKeyUsage;
} else {
ourUsage = caKeyUsage | nonCAKeyUsage;
}
} else {
ourUsage = nonCAKeyUsage;
}
_generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(ourUsage));
BasicConstraints bc =
((isCA == false) || (null == chainLength)) ? new BasicConstraints(isCA) :
new BasicConstraints(chainLength.intValue());
_generator.addExtension(X509Extensions.BasicConstraints, true, bc);
SubjectKeyIdentifier ski = new SubjectKeyIdentifier(CryptoUtil.generateKeyID(subjectPublicKey));
_generator.addExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
}