當前位置: 首頁>>代碼示例>>Java>>正文


Java JcaX509v3CertificateBuilder.copyAndAddExtension方法代碼示例

本文整理匯總了Java中org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.copyAndAddExtension方法的典型用法代碼示例。如果您正苦於以下問題:Java JcaX509v3CertificateBuilder.copyAndAddExtension方法的具體用法?Java JcaX509v3CertificateBuilder.copyAndAddExtension怎麽用?Java JcaX509v3CertificateBuilder.copyAndAddExtension使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder的用法示例。


在下文中一共展示了JcaX509v3CertificateBuilder.copyAndAddExtension方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: makeRootCert

import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //導入方法依賴的package包/類
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException,
        SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load real root certificate
    X509CertificateHolder real = getRealCert("sk-root.pem");

    // Use values from real certificate
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), Time.getInstance(new ASN1GeneralizedTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), kp.getPublic());

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions verbatim
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
 
開發者ID:martinpaljak,項目名稱:esteidhacker,代碼行數:25,代碼來源:FakeEstEIDCA.java

示例2: makeEsteidCert

import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //導入方法依賴的package包/類
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException,
        NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException,
        CertificateException {

    // Load current root certificate
    X509CertificateHolder real = getRealCert("sk-esteid.pem");

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(),
            Time.getInstance(new ASN1UTCTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), esteid.getPublic());

    // Basic constraints
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA384withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
 
開發者ID:martinpaljak,項目名稱:esteidhacker,代碼行數:27,代碼來源:FakeEstEIDCA.java

示例3: cloneUserCertificate

import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //導入方法依賴的package包/類
private X509Certificate cloneUserCertificate(RSAPublicKey pubkey, X509Certificate cert) throws OperatorCreationException, CertificateException, IOException {
    if (pubkey.getModulus().bitLength() != 2048) {
        throw new IllegalArgumentException("Key must be 2048b RSA");
    }
    X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
    // Clone everything
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(holder.getIssuer(), cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter(), holder.getSubject(), pubkey);
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = holder.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = holder.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), holder);
    }
    // Generate cert. NB! SHA256!
    ContentSigner sigGen = new JcaContentSignerBuilder(cert.getSigAlgName()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder newcert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(newcert);

}
 
開發者ID:martinpaljak,項目名稱:esteidhacker,代碼行數:23,代碼來源:FakeEstEIDCA.java

示例4: generateUserCertificate

import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; //導入方法依賴的package包/類
private X509Certificate generateUserCertificate(RSAPublicKey pubkey, boolean signature, String firstname, String lastname,
                                                String idcode, String email, Date from, Date to) throws InvalidKeyException, ParseException, IOException, IllegalStateException,
        NoSuchProviderException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException {

    if (pubkey.getModulus().bitLength() != 2048) {
        throw new IllegalArgumentException("Key must be 2048b RSA");
    }
    Date startDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2017-01-01");
    Date endDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2017-12-31");

    if (from != null) {
        startDate = from;
    }
    if (to != null) {
        endDate = to;
    }
    String template = "C=EE,O=ESTEID,OU=%s,CN=%s\\,%s\\,%s,SURNAME=%s,GIVENNAME=%s,SERIALNUMBER=%s";
    // Normalize.
    lastname = lastname.toUpperCase();
    firstname = firstname.toUpperCase();
    idcode = idcode.toUpperCase();
    email = email.toLowerCase();
    String subject = String.format(template, (signature ? "digital signature" : "authentication"), lastname, firstname, idcode,
            lastname, firstname, idcode);

    byte[] serialBytes = new byte[16];
    random.nextBytes(serialBytes);
    serialBytes[0] &= 0x7F; // Can't be negative
    BigInteger serial = new BigInteger(serialBytes);

    X509CertificateHolder real;
    if (signature) {
        real = getRealCert("sk-sign.pem");
    } else {
        real = getRealCert("sk-auth.pem");
    }
    log.trace("Generating from subject: " + real.getSubject());
    log.trace("Generating subject: " + new X500Name(subject).toString());

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), serial, startDate, endDate, new X500Name(subject), pubkey);

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions, except altName
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        if (ext.getExtnId().equals(Extension.subjectAlternativeName)) {
            // altName must be changed
            builder.addExtension(ext.getExtnId(), ext.isCritical(), new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));
        } else {
            builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
        }
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
 
開發者ID:martinpaljak,項目名稱:esteidhacker,代碼行數:62,代碼來源:FakeEstEIDCA.java


注:本文中的org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.copyAndAddExtension方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。