Java KeyUsage.keyAgreement方法代碼示例

import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
@Test
public void testFailingOnUnexpectedKeyUsageKeyAgreement() throws Exception {
	// setup
	KeyPair keyPair = PKITestUtils.generateKeyPair();
	DateTime notBefore = new DateTime();
	DateTime notAfter = notBefore.plusMonths(1);
	KeyUsage keyUsage = new KeyUsage(KeyUsage.keyAgreement);
	X509Certificate certificate = PKITestUtils
			.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
					notAfter, true, 0, null, keyUsage);

	this.testedInstance.setKeyAgreementFilter(false);

	// operate
	try {
		this.testedInstance.check(certificate);
		fail();
	} catch (TrustLinkerResultException e) {
		assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
				e.getReason());
	}
}
 

import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private KeyUsage buildKeyUsage(CertificateGenerationRequestParameters keyUsageList) {
  if (keyUsageList.getKeyUsage() == null){
    return null;
  }
  int bitmask = 0;
  for (String keyUsage : keyUsageList.getKeyUsage()) {
    switch (keyUsage) {
      case DIGITAL_SIGNATURE:
        bitmask |= KeyUsage.digitalSignature;
        break;
      case NON_REPUDIATION:
        bitmask |= KeyUsage.nonRepudiation;
        break;
      case KEY_ENCIPHERMENT:
        bitmask |= KeyUsage.keyEncipherment;
        break;
      case DATA_ENCIPHERMENT:
        bitmask |= KeyUsage.dataEncipherment;
        break;
      case KEY_AGREEMENT:
        bitmask |= KeyUsage.keyAgreement;
        break;
      case KEY_CERT_SIGN:
        bitmask |= KeyUsage.keyCertSign;
        break;
      case CRL_SIGN:
        bitmask |= KeyUsage.cRLSign;
        break;
      case ENCIPHER_ONLY:
        bitmask |= KeyUsage.encipherOnly;
        break;
      case DECIPHER_ONLY:
        bitmask |= KeyUsage.decipherOnly;
        break;
      default:
        throw new ParameterizedValidationException("error.invalid_key_usage", keyUsage);
    }
  }
  return new KeyUsage(bitmask);
}
 

import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private void okPressed() {
	if (!jcbDigitalSignature.isSelected() && !jcbNonRepudiation.isSelected() && !jcbKeyEncipherment.isSelected()
			&& !jcbDataEncipherment.isSelected() && !jcbKeyAgreement.isSelected()
			&& !jcbCertificateSigning.isSelected() && !jcbCrlSign.isSelected() && !jcbEncipherOnly.isSelected()
			&& !jcbDecipherOnly.isSelected()) {
		JOptionPane.showMessageDialog(this, res.getString("DKeyUsage.ValueReq.message"), getTitle(),
				JOptionPane.WARNING_MESSAGE);
		return;
	}

	int keyUsageIntValue = 0;
	keyUsageIntValue |= jcbDigitalSignature.isSelected() ? KeyUsage.digitalSignature : 0;
	keyUsageIntValue |= jcbNonRepudiation.isSelected() ? KeyUsage.nonRepudiation : 0;
	keyUsageIntValue |= jcbKeyEncipherment.isSelected() ? KeyUsage.keyEncipherment : 0;
	keyUsageIntValue |= jcbDataEncipherment.isSelected() ? KeyUsage.dataEncipherment : 0;
	keyUsageIntValue |= jcbKeyAgreement.isSelected() ? KeyUsage.keyAgreement : 0;
	keyUsageIntValue |= jcbCertificateSigning.isSelected() ? KeyUsage.keyCertSign : 0;
	keyUsageIntValue |= jcbCrlSign.isSelected() ? KeyUsage.cRLSign : 0;
	keyUsageIntValue |= jcbEncipherOnly.isSelected() ? KeyUsage.encipherOnly : 0;
	keyUsageIntValue |= jcbDecipherOnly.isSelected() ? KeyUsage.decipherOnly : 0;

	KeyUsage keyUsage = new KeyUsage(keyUsageIntValue);

	try {
		value = keyUsage.getEncoded(ASN1Encoding.DER);
	} catch (IOException ex) {
		DError dError = new DError(this, ex);
		dError.setLocationRelativeTo(this);
		dError.setVisible(true);
		return;
	}

	closeDialog();
}
 

import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
 * Basic common path.
 * @param subjectDN the distinguished name of the subject.
 * @param subjectPublicKey the public key of the subject.
 * @param issuerDN the distinguished name of the issuer.
 * @param duration the validity duration of the certificate.
 * @param isCA
 * @param allUsage if isCA is true, add "regular" KeyUsage flags, for dual-use cert
 */
public MinimalCertificateGenerator(String subjectDN, PublicKey subjectPublicKey, 
								   X500Principal issuerDN, long duration, boolean isCA, 
								   Integer chainLength,
								   boolean allUsage) {
	
	_generator.setSubjectDN(new X509Name(subjectDN));
	_generator.setIssuerDN(issuerDN);
	_generator.setSerialNumber(new BigInteger(64, cachedRandom));
	_generator.setPublicKey(subjectPublicKey);
	
	Date startTime = new Date();
	Date stopTime = new Date(startTime.getTime() + duration);
	_generator.setNotBefore(startTime);
	_generator.setNotAfter(stopTime);

	// CA key usage
	final int caKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyCertSign | KeyUsage.cRLSign;
	// Non-CA key usage
	final int nonCAKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement;
	
	int ourUsage;
	if (isCA) {
		if (!allUsage) {
			ourUsage = caKeyUsage;
		} else {
			ourUsage = caKeyUsage | nonCAKeyUsage;
		}
	} else {
		ourUsage = nonCAKeyUsage;
	}
	_generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(ourUsage));			
	
	BasicConstraints bc = 
		((isCA == false) || (null == chainLength)) ? new BasicConstraints(isCA) :
													 new BasicConstraints(chainLength.intValue());
	_generator.addExtension(X509Extensions.BasicConstraints, true, bc);

    SubjectKeyIdentifier ski = new SubjectKeyIdentifier(CryptoUtil.generateKeyID(subjectPublicKey));
    _generator.addExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
}