本文整理匯總了Java中org.bouncycastle.x509.X509V3CertificateGenerator.addExtension方法的典型用法代碼示例。如果您正苦於以下問題:Java X509V3CertificateGenerator.addExtension方法的具體用法?Java X509V3CertificateGenerator.addExtension怎麽用?Java X509V3CertificateGenerator.addExtension使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類org.bouncycastle.x509.X509V3CertificateGenerator的用法示例。
在下文中一共展示了X509V3CertificateGenerator.addExtension方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: makeCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate makeCertificate(KeyPair _subKP,
String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
throws Exception
{
PublicKey _subPub = _subKP.getPublic();
PrivateKey _issPriv = _issKP.getPrivate();
PublicKey _issPub = _issKP.getPublic();
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.reset();
_v3CertGen.setSerialNumber(allocateSerialNumber());
_v3CertGen.setIssuerDN(new X509Name(_issDN));
_v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
_v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * 100)));
_v3CertGen.setSubjectDN(new X509Name(_subDN));
_v3CertGen.setPublicKey(_subPub);
_v3CertGen.setSignatureAlgorithm(algorithm);
_v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
_v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
X509Certificate _cert = _v3CertGen.generate(_issPriv);
_cert.checkValidity(new Date());
_cert.verify(_issPub);
return _cert;
}
示例2: generateSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private X509Certificate generateSignedCertificate(
PKCS10CertificationRequest csr) throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeyException,
CertificateParsingException, CertificateEncodingException,
SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(rootCert.getSubjectX500Principal());
Calendar c = Calendar.getInstance();
certGen.setNotBefore(c.getTime());
c.add(Calendar.YEAR, 1);
certGen.setNotAfter(c.getTime());
certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
certGen.setPublicKey(csr.getPublicKey("BC"));
certGen.setSignatureAlgorithm(ALGORITHM_SHA256_RSA);
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(rootCert.getPublicKey()));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
X509Certificate issuedCert = certGen.generate(rootPrivateKeyEntry
.getPrivateKey());
return issuedCert;
}
示例3: generateIntermediateCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
certGen.setPublicKey(intKey);
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return certGen.generate(caKey, "BC");
}
示例4: generateEndEntityCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
certGen.setPublicKey(entityKey);
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
return certGen.generate(caKey, "BC");
}
示例5: generateDummySSLClientCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private void generateDummySSLClientCertificate(KeyStore ks)
throws Exception
{
LOG.info("Generating a Dummy SSL client certificate ...");
KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength());
String DN = "CN=SSL dummy client cert, O=Dummy org., C=FR";
X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, DN, DN, true,
CertificateUtilities.DEFAULT_VALIDITY_PERIOD);
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient));
v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
X509Certificate cert = v3CertGen.generate(pair.getPrivate());
ks.setKeyEntry(DUMMY_SSL_CLIENT_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {cert});
}
示例6: getCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public X509Certificate getCertificate() throws InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException {
if (getKeyusageparameters() == 0) {
throw new SecurityException("No KeyUsageParameters defined...");
}
if (getIssuer() == null) {
throw new SecurityException("No certificate authority and/or entity associated with the public key");
}
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN="+getIssuer()));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 500000000));
certGen.setSubjectDN(new X500Principal("CN="+getIssuer()));
certGen.setPublicKey(pair.getPublic( ));
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, isCriticalkeyusage(), new KeyUsage(getKeyusageparameters()));
//certGen.addExtennullsion(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name,"[email protected]")));
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
示例7: sign
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate sign(String CN, PublicKey publicKey, Date expiryDate, long serialNumber, X509Certificate caCert, PrivateKey privateKey) throws CertificateParsingException, CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
// Date expiryDate = ...; // time after which certificate is not valid
// BigInteger serialNumber = ...; // serial number for certificate
// PrivateKey caKey = ...; // private key of the certifying authority (ca) certificate
// X509Certificate caCert = ...; // public key certificate of the certifying authority
// KeyPair keyPair = ...; // public/private key pair that we are creating certificate for
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal subjectName = new X500Principal("CN="+CN);
certGen.setSerialNumber(BigInteger.valueOf(serialNumber));
certGen.setIssuerDN(caCert.getSubjectX500Principal());
certGen.setNotBefore(new Date());
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(subjectName);
certGen.setPublicKey(publicKey);
certGen.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM);
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(publicKey));
X509Certificate cert = certGen.generate(privateKey, "BC"); // note: private key of CA
return cert;
}
示例8: getNewCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public X509Certificate getNewCertificate(String certDn, String keySigningAlgorithm, KeyPair keyPair) throws GeneralSecurityException {
LOG.debug(String.format("getNewCertificate(%s, %s, %s)", certDn, keySigningAlgorithm, keyPair));
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal dnName = new X500Principal(certDn);
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(dnName);
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
Calendar cal = Calendar.getInstance();
certGen.setNotBefore(cal.getTime());
cal.add(Calendar.YEAR, FIVE);
certGen.setNotAfter(cal.getTime());
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(keySigningAlgorithm);
return certGen.generate(keyPair.getPrivate(), PROVIDER);
}
示例9: generateClientCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public X509Certificate generateClientCertificate(final PrivateKey rootCAPrivateKey, final X509Certificate rootCACert,
final KeyPair keyPair, final String publicIPAddress, final boolean isMasterNode) throws IOException, CertificateParsingException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, SignatureException, InvalidKeySpecException {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();;
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal(CCS_ROOTCA_CN));
certGen.setSubjectDN(new X500Principal(CCS_CLUSTER_CN));
certGen.setNotBefore(now.minusDays(1).toDate());
certGen.setNotAfter(now.plusYears(10).toDate());
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(rootCACert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(keyPair.getPublic()));
if (isMasterNode) {
final List<ASN1Encodable> subjectAlternativeNames = new ArrayList<ASN1Encodable>();
subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, publicIPAddress));
subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, "10.0.0.1"));
subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, "10.1.1.1"));
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, "kubernetes"));
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, "kubernetes.default"));
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, "kubernetes.default.svc"));
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, "kubernetes.default.svc.cluster.local"));
final DERSequence subjectAlternativeNamesExtension = new DERSequence(
subjectAlternativeNames.toArray(new ASN1Encodable[subjectAlternativeNames.size()]));
certGen.addExtension(X509Extensions.SubjectAlternativeName, false,
subjectAlternativeNamesExtension);
}
return certGen.generate(rootCAPrivateKey, "BC");
}
示例10: generateSelfSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private X509Certificate generateSelfSignedCertificate(KeyPair keyPair, String subjectDn, DateTime notBefore,
DateTime notAfter) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException,
SignatureException, CertificateException {
PublicKey subjectPublicKey = keyPair.getPublic();
PrivateKey issuerPrivateKey = keyPair.getPrivate();
String signatureAlgorithm = "SHA1WithRSAEncryption";
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.reset();
certificateGenerator.setPublicKey(subjectPublicKey);
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
certificateGenerator.setNotBefore(notBefore.toDate());
certificateGenerator.setNotAfter(notAfter.toDate());
X509Principal issuerDN = new X509Principal(subjectDn);
certificateGenerator.setIssuerDN(issuerDN);
certificateGenerator.setSubjectDN(new X509Principal(subjectDn));
certificateGenerator.setSerialNumber(new BigInteger(128, new SecureRandom()));
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(subjectPublicKey));
PublicKey issuerPublicKey;
issuerPublicKey = subjectPublicKey;
certificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(issuerPublicKey));
certificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
X509Certificate certificate;
certificate = certificateGenerator.generate(issuerPrivateKey);
/*
* Next certificate factory trick is needed to make sure that the
* certificate delivered to the caller is provided by the default
* security provider instead of BouncyCastle. If we don't do this trick
* we might run into trouble when trying to use the CertPath validator.
*/
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
certificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
return certificate;
}
示例11: generateSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
@SuppressWarnings("deprecation")
public static X509Certificate generateSignedCertificate(String dn, KeyPair pair, int days, String algorithm,
PrivateKey caKey, X509Certificate caCert) throws CertificateParsingException,
CertificateEncodingException,
NoSuchAlgorithmException,
SignatureException,
InvalidKeyException,
NoSuchProviderException {
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal subjectName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(caCert.getSubjectX500Principal());
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(subjectName);
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.35"), false,
new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.14"), false,
new SubjectKeyIdentifierStructure(pair.getPublic()));
return certGen.generate(caKey);
}
示例12: generateIntermediateCACertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateIntermediateCACertificate(String provider, X509Certificate cacert, PrivateKey signerKey, X509Name subject, Date start, Date expired, PublicKey publicKey,
String signatureAlgorithm) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException,
IOException {
int constraints = cacert.getBasicConstraints();
if (constraints <= 1) {
throw new SignatureException("The CA Certificate specified cannot generate an intermediate CA certificate (Basic Constraints :" + constraints + ")");
}
constraints = constraints - 1;
// generate the certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X509Name(cacert.getSubjectDN().toString()));
certGen.setNotBefore(start);
certGen.setNotAfter(expired);
certGen.setSubjectDN(subject);
certGen.setPublicKey(publicKey);
certGen.setSignatureAlgorithm(signatureAlgorithm);
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(constraints));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyCertSign));
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject());
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(cacert.getPublicKey().getEncoded())).readObject());
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
return certGen.generate(signerKey, provider);
}
示例13: generateRootCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Generate a CA Root certificate.
*/
private static X509Certificate generateRootCert(String DN, KeyPair pair)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setIssuerDN(new X509Name(true, X509Name.DefaultLookUp, DN));
certGen.setSubjectDN(new X509Name(true, X509Name.DefaultLookUp, DN));
setSerialNumberAndValidityPeriod(certGen, true, DEFAULT_VALIDITY_PERIOD);
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
false, new AuthorityKeyIdentifier(
new GeneralNames(new GeneralName(new X509Name(true, X509Name.DefaultLookUp, DN))),
BigInteger.ONE));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier,
false, new SubjectKeyIdentifierStructure(pair.getPublic()));
certGen.addExtension(X509Extensions.BasicConstraints,
true, new BasicConstraints(true));
certGen.addExtension(X509Extensions.KeyUsage,
true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign | KeyUsage.nonRepudiation));
certGen.addExtension(MiscObjectIdentifiers.netscapeCertType,
false, new NetscapeCertType(NetscapeCertType.smimeCA |
NetscapeCertType.sslCA | NetscapeCertType.objectSigning));
return certGen.generate(pair.getPrivate(), "BC");
}
示例14: generateCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateCertificate(String provider, X509Name subject, Date start, Date expired, PublicKey publicKey, X509Certificate cacert, PrivateKey signerKey,
String signatureAlgorithm, String policyId) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException, IOException {
// create the certificate using the information in the request
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X509Name(cacert.getSubjectDN().getName()));
certGen.setNotBefore(start);
certGen.setNotAfter(expired);
certGen.setSubjectDN(subject);
certGen.setPublicKey(publicKey);
certGen.setSignatureAlgorithm(signatureAlgorithm);
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.nonRepudiation));
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject());
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(cacert.getPublicKey().getEncoded())).readObject());
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
if (policyId != null) {
PolicyInformation pi = new PolicyInformation(new DERObjectIdentifier(policyId));
DERSequence seq = new DERSequence(pi);
certGen.addExtension(X509Extensions.CertificatePolicies.getId(), false, seq);
}
X509Certificate issuedCert = certGen.generate(signerKey, provider);
return issuedCert;
}
示例15: addCACertificateExtensions
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private static void addCACertificateExtensions(
X509V3CertificateGenerator certGen) throws IOException {
// Basic Constraints
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(0));
}