本文整理匯總了Java中org.bouncycastle.asn1.x509.KeyUsage.keyEncipherment方法的典型用法代碼示例。如果您正苦於以下問題:Java KeyUsage.keyEncipherment方法的具體用法?Java KeyUsage.keyEncipherment怎麽用?Java KeyUsage.keyEncipherment使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類org.bouncycastle.asn1.x509.KeyUsage
的用法示例。
在下文中一共展示了KeyUsage.keyEncipherment方法的12個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: testFailingOnUnexpectedKeyUsageKeyEncipherment
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
@Test
public void testFailingOnUnexpectedKeyUsageKeyEncipherment()
throws Exception {
// setup
KeyPair keyPair = PKITestUtils.generateKeyPair();
DateTime notBefore = new DateTime();
DateTime notAfter = notBefore.plusMonths(1);
KeyUsage keyUsage = new KeyUsage(KeyUsage.keyEncipherment);
X509Certificate certificate = PKITestUtils
.generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
notAfter, true, 0, null, keyUsage);
this.testedInstance.setKeyEnciphermentFilter(false);
// operate
try {
this.testedInstance.check(certificate);
fail();
} catch (TrustLinkerResultException e) {
assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
e.getReason());
}
}
示例2: createKeyStore
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public static KeyStore createKeyStore(KeyPair keyPair, BadRandom random) throws CertificateException, IOException,
InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException,
SignatureException, OperatorCreationException {
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X500Name issuerName = new X500Name("CN=127.0.0.1, O=TLS-Attacker, L=RUB, ST=NRW, C=DE");
X500Name subjectName = issuerName;
BigInteger serial = BigInteger.valueOf(random.nextInt());
Date before = new Date(System.currentTimeMillis() - 5000);
Date after = new Date(System.currentTimeMillis() + 600000);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, before, after,
subjectName, publicKey);
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment);
builder.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
String algorithm = createSigningAlgorithm(keyPair);
X509Certificate cert = signCertificate(algorithm, builder, privateKey);
cert.checkValidity(new Date());
cert.verify(publicKey);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry(ALIAS, privateKey, PASSWORD.toCharArray(), new java.security.cert.Certificate[] { cert });
return keyStore;
}
示例3: createRootCertificate
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public static KeyStore createRootCertificate(Authority authority, String keyStoreType)
throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(), authority.password(), new Certificate[] { cert });
return result;
}
示例4: initializeKeyStore
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public void initializeKeyStore() throws GeneralSecurityException, IOException {
KeyPair keyPair = generateKeyPair(1024);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, commonName);
nameBuilder.addRDN(BCStyle.O, organization);
nameBuilder.addRDN(BCStyle.OU, organizationalUnitName);
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore keystore = KeyStore.getInstance(KEY_STORE_TYPE);
keystore.load(null, null);
keystore.setKeyEntry(alias, keyPair.getPrivate(), password, new Certificate[] { cert });
try (OutputStream os = new FileOutputStream(aliasFile(KEY_STORE_FILE_EXTENSION))) {
keystore.store(os, password);
}
exportPem(aliasFile(".pem"), cert);
}
示例5: buildKeyUsage
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private KeyUsage buildKeyUsage(CertificateGenerationRequestParameters keyUsageList) {
if (keyUsageList.getKeyUsage() == null){
return null;
}
int bitmask = 0;
for (String keyUsage : keyUsageList.getKeyUsage()) {
switch (keyUsage) {
case DIGITAL_SIGNATURE:
bitmask |= KeyUsage.digitalSignature;
break;
case NON_REPUDIATION:
bitmask |= KeyUsage.nonRepudiation;
break;
case KEY_ENCIPHERMENT:
bitmask |= KeyUsage.keyEncipherment;
break;
case DATA_ENCIPHERMENT:
bitmask |= KeyUsage.dataEncipherment;
break;
case KEY_AGREEMENT:
bitmask |= KeyUsage.keyAgreement;
break;
case KEY_CERT_SIGN:
bitmask |= KeyUsage.keyCertSign;
break;
case CRL_SIGN:
bitmask |= KeyUsage.cRLSign;
break;
case ENCIPHER_ONLY:
bitmask |= KeyUsage.encipherOnly;
break;
case DECIPHER_ONLY:
bitmask |= KeyUsage.decipherOnly;
break;
default:
throw new ParameterizedValidationException("error.invalid_key_usage", keyUsage);
}
}
return new KeyUsage(bitmask);
}
示例6: okPressed
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
private void okPressed() {
if (!jcbDigitalSignature.isSelected() && !jcbNonRepudiation.isSelected() && !jcbKeyEncipherment.isSelected()
&& !jcbDataEncipherment.isSelected() && !jcbKeyAgreement.isSelected()
&& !jcbCertificateSigning.isSelected() && !jcbCrlSign.isSelected() && !jcbEncipherOnly.isSelected()
&& !jcbDecipherOnly.isSelected()) {
JOptionPane.showMessageDialog(this, res.getString("DKeyUsage.ValueReq.message"), getTitle(),
JOptionPane.WARNING_MESSAGE);
return;
}
int keyUsageIntValue = 0;
keyUsageIntValue |= jcbDigitalSignature.isSelected() ? KeyUsage.digitalSignature : 0;
keyUsageIntValue |= jcbNonRepudiation.isSelected() ? KeyUsage.nonRepudiation : 0;
keyUsageIntValue |= jcbKeyEncipherment.isSelected() ? KeyUsage.keyEncipherment : 0;
keyUsageIntValue |= jcbDataEncipherment.isSelected() ? KeyUsage.dataEncipherment : 0;
keyUsageIntValue |= jcbKeyAgreement.isSelected() ? KeyUsage.keyAgreement : 0;
keyUsageIntValue |= jcbCertificateSigning.isSelected() ? KeyUsage.keyCertSign : 0;
keyUsageIntValue |= jcbCrlSign.isSelected() ? KeyUsage.cRLSign : 0;
keyUsageIntValue |= jcbEncipherOnly.isSelected() ? KeyUsage.encipherOnly : 0;
keyUsageIntValue |= jcbDecipherOnly.isSelected() ? KeyUsage.decipherOnly : 0;
KeyUsage keyUsage = new KeyUsage(keyUsageIntValue);
try {
value = keyUsage.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
示例7: genKeyStoreWithSelfSignedCert
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
* Generates a self-signed certificate stored in memory
* @param name Distinguished Name to be used in certificate
* @param keyAlgorithm Algorithm for key generation (e.g.: RSA)
* @param keySize Key size (e.g.: 1024)
* @param days Number of days in future for expiration of generated certificate
* @param sigAlgorithm Algorithm for certificate signature
* @param keystorePassword Password for both keystore and private key
* @param keystoreAlias Alias in keystore for holding key entry
*/
public static KeyStore genKeyStoreWithSelfSignedCert(String name,String keyAlgorithm,int keySize,int days,String sigAlgorithm,
char[] keystorePassword, String keystoreAlias)
throws NoSuchAlgorithmException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException,
KeyStoreException {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME)==null)
Security.addProvider(new BouncyCastleProvider());
SecureRandom sr = new SecureRandom();
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(keyAlgorithm, "BC");
keyGen.initialize( keySize, sr);
KeyPair keypair = keyGen.generateKeyPair();
X500Name subjectName = new X500Name("CN="+name);
X500Name issuerName = subjectName; // subjects name: the same as we are self signed.
Date NOT_BEFORE = new Date(System.currentTimeMillis());
Date NOT_AFTER = new Date(System.currentTimeMillis() + 86400000L * days);
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName,
serial, NOT_BEFORE, NOT_AFTER, subjectName, keypair.getPublic());
builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
builder.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(sigAlgorithm, builder, keypair.getPrivate());
Certificate[] certChain = new Certificate[]{ cert };
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, keystorePassword);
ks.setKeyEntry(keystoreAlias, keypair.getPrivate(), keystorePassword, certChain);
return ks;
}
示例8: initialize
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
* Create a self-signed certificate and store in a keystore (if it doesn't already exist)
*
* @param keystore path to the keystore to save to
* @param password password to use to encrypt keystore
* @param alias name to give the certificate in the keystore
* @param x500String X500 name for the certificate. (e.g. "CN=localhost,OU=issuer)
* @param duration length of time a newly created certificate should remain valid (in seconds)
*
* @throws @RuntimeException if an error occurs in creating the certificate
*/
public static void initialize(Path keystore, String password, String alias, String commonName, String organization, long duration) {
if (keystore.toFile().exists()) {
LOG.info("Keystore {} found.", keystore);
return;
}
try {
Security.addProvider(new BouncyCastleProvider());
// generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER_NAME);
keyPairGenerator.initialize(KEY_LENGTH, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey pubKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
// build name
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, commonName);
nameBuilder.addRDN(BCStyle.O, organization);
nameBuilder.addRDN(BCStyle.OU, organization);
X500Name issuerName = nameBuilder.build();
X500Name subjectName = issuerName;
// build serial
BigInteger serial = BigInteger.valueOf(new Random().nextInt());
// build a certificate generator
X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
issuerName,
serial,
new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // yesterday
new Date(System.currentTimeMillis() + duration * 1000),
subjectName,
pubKey);
KeyUsage usage = new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
certBuilder.addExtension(Extension.keyUsage, true, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
certBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate[] chain = new X509Certificate[1];
chain[0] = signCertificate(certBuilder, keyPair.getPrivate());
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null,null);
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), chain);
keyStore.store(new FileOutputStream(keystore.toFile()), password.toCharArray());
Files.setPosixFilePermissions(keystore, ImmutableSet.of(PosixFilePermission.OWNER_READ));
LOG.info("Created keystore at {}.", keystore);
} catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateException
| KeyStoreException | IOException | OperatorCreationException e) {
LOG.error(e.getLocalizedMessage());
throw new RuntimeException(e);
}
}
示例9: createRootCertificate
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public static KeyStore createRootCertificate(Authority authority,
String keyStoreType) throws NoSuchAlgorithmException,
NoSuchProviderException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(
issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
| KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false,
new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore
.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(),
authority.password(), new Certificate[] { cert });
return result;
}
示例10: MinimalCertificateGenerator
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
/**
* Basic common path.
* @param subjectDN the distinguished name of the subject.
* @param subjectPublicKey the public key of the subject.
* @param issuerDN the distinguished name of the issuer.
* @param duration the validity duration of the certificate.
* @param isCA
* @param allUsage if isCA is true, add "regular" KeyUsage flags, for dual-use cert
*/
public MinimalCertificateGenerator(String subjectDN, PublicKey subjectPublicKey,
X500Principal issuerDN, long duration, boolean isCA,
Integer chainLength,
boolean allUsage) {
_generator.setSubjectDN(new X509Name(subjectDN));
_generator.setIssuerDN(issuerDN);
_generator.setSerialNumber(new BigInteger(64, cachedRandom));
_generator.setPublicKey(subjectPublicKey);
Date startTime = new Date();
Date stopTime = new Date(startTime.getTime() + duration);
_generator.setNotBefore(startTime);
_generator.setNotAfter(stopTime);
// CA key usage
final int caKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyCertSign | KeyUsage.cRLSign;
// Non-CA key usage
final int nonCAKeyUsage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement;
int ourUsage;
if (isCA) {
if (!allUsage) {
ourUsage = caKeyUsage;
} else {
ourUsage = caKeyUsage | nonCAKeyUsage;
}
} else {
ourUsage = nonCAKeyUsage;
}
_generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(ourUsage));
BasicConstraints bc =
((isCA == false) || (null == chainLength)) ? new BasicConstraints(isCA) :
new BasicConstraints(chainLength.intValue());
_generator.addExtension(X509Extensions.BasicConstraints, true, bc);
SubjectKeyIdentifier ski = new SubjectKeyIdentifier(CryptoUtil.generateKeyID(subjectPublicKey));
_generator.addExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
}
示例11: generateClientCert
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public void generateClientCert(String prettyName, X509CertificateHolder authority, PrivateKey issuerPrivateKey, String subject)
{
this.prettyName = prettyName;
authorityCertificate = authority;
authorityKey = issuerPrivateKey;
this.Subject = subject;
size = 2048;
EKU = new KeyPurposeId[1];
EKU[0] = KeyPurposeId.id_kp_clientAuth;
keyUsage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment;
generateAll();
}
示例12: generateServerCert
import org.bouncycastle.asn1.x509.KeyUsage; //導入方法依賴的package包/類
public void generateServerCert(String prettyName, X509CertificateHolder authority, PrivateKey issuerPrivateKey, String subject)
{
this.prettyName = prettyName;
authorityCertificate = authority;
authorityKey = issuerPrivateKey;
this.Subject = subject;
size = 2048;
EKU = new KeyPurposeId[1];
EKU[0] = KeyPurposeId.id_kp_serverAuth;
keyUsage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment;
generateAll();
}