本文整理匯總了Java中org.bouncycastle.x509.X509V3CertificateGenerator.generateX509Certificate方法的典型用法代碼示例。如果您正苦於以下問題:Java X509V3CertificateGenerator.generateX509Certificate方法的具體用法?Java X509V3CertificateGenerator.generateX509Certificate怎麽用?Java X509V3CertificateGenerator.generateX509Certificate使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類org.bouncycastle.x509.X509V3CertificateGenerator的用法示例。
在下文中一共展示了X509V3CertificateGenerator.generateX509Certificate方法的10個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: selfSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Generates a certificate for {@code hostName} containing {@code keyPair}'s public key, signed by
* {@code keyPair}'s private key.
*/
@SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies.
public X509Certificate selfSignedCertificate(KeyPair keyPair, String serialNumber)
throws GeneralSecurityException {
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
X500Principal issuer = new X500Principal("CN=" + hostName);
X500Principal subject = new X500Principal("CN=" + hostName);
generator.setSerialNumber(new BigInteger(serialNumber));
generator.setIssuerDN(issuer);
generator.setNotBefore(new Date(notBefore));
generator.setNotAfter(new Date(notAfter));
generator.setSubjectDN(subject);
generator.setPublicKey(keyPair.getPublic());
generator.setSignatureAlgorithm("SHA256WithRSAEncryption");
return generator.generateX509Certificate(keyPair.getPrivate(), "BC");
}
示例2: getCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public X509Certificate getCertificate() throws InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException {
if (getKeyusageparameters() == 0) {
throw new SecurityException("No KeyUsageParameters defined...");
}
if (getIssuer() == null) {
throw new SecurityException("No certificate authority and/or entity associated with the public key");
}
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN="+getIssuer()));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 500000000));
certGen.setSubjectDN(new X500Principal("CN="+getIssuer()));
certGen.setPublicKey(pair.getPublic( ));
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, isCriticalkeyusage(), new KeyUsage(getKeyusageparameters()));
//certGen.addExtennullsion(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name,"[email protected]")));
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
示例3: selfSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Generates a certificate for {@code hostName} containing {@code keyPair}'s
* public key, signed by {@code keyPair}'s private key.
*/
@SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies.
private X509Certificate selfSignedCertificate(KeyPair keyPair) throws GeneralSecurityException {
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
X500Principal issuer = new X500Principal("CN=" + hostName);
X500Principal subject = new X500Principal("CN=" + hostName);
generator.setSerialNumber(BigInteger.ONE);
generator.setIssuerDN(issuer);
generator.setNotBefore(new Date(notBefore));
generator.setNotAfter(new Date(notAfter));
generator.setSubjectDN(subject);
generator.setPublicKey(keyPair.getPublic());
generator.setSignatureAlgorithm("SHA256WithRSAEncryption");
return generator.generateX509Certificate(keyPair.getPrivate(), "BC");
}
示例4: imitatePeerCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Forges a certificate with given certificate's attributes and signs it with CA of proxy.
*/
private static KeyCertPair imitatePeerCertificate(X509Certificate cert2Imitate) throws Exception {
// TODO imitate key algorithm also
// (cert2Imitate.getPublicKey().getAlgorithm())
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
SecureRandom secureRandom = new SecureRandom();
byte[] serial = new byte[16];
secureRandom.nextBytes(serial);
BigInteger serialNumber = new BigInteger(serial);
if (serialNumber.signum() < 0) {
serialNumber = serialNumber.negate();
}
v3CertGen.setSerialNumber(serialNumber);
v3CertGen.setIssuerDN(((X509Certificate) issuerCA.getCertificate()).getIssuerX500Principal());
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(cert2Imitate.getSubjectX500Principal());
ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, extendedKeyUsage);
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
v3CertGen.setPublicKey(keyPair.getPublic());
v3CertGen.setSignatureAlgorithm("SHA1WithRSA");
Certificate pkCertificate = v3CertGen.generateX509Certificate((PrivateKey) issuerCA.getKey());
return new KeyCertPair(pkCertificate, keyPair.getPrivate());
}
示例5: ensureKeyInStore
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private Key ensureKeyInStore(Path keystoreFile, KeyStore keyStore) throws GeneralSecurityException, IOException {
Key key = this.lookupKeyFromStore(keyStore);
if (key == null) {
log.info("Creating new TLS key to enable HTTPS access");
// No key available, so we have to create the key from scratch and
// make it available in the store
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal("CN=" + "localhost" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + "localhost" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(keyPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate certificate = v3CertGen.generateX509Certificate(keyPair.getPrivate());
// Store the key (including the certificate) into the keystore
keyStore.setKeyEntry(TLS_KEY_NAME, keyPair.getPrivate(), TLS_KEY_PASSWORD.toCharArray(), new java.security.cert.Certificate[] { certificate });
// Write the keystore into the target file
log.debug("Updating KeyStore at: " + keystoreFile);
if (!Files.exists(keystoreFile.getParent())) {
Files.createDirectories(keystoreFile.getParent());
}
try (OutputStream keyStoreStream = new BufferedOutputStream(Files.newOutputStream(keystoreFile))) {
keyStore.store(keyStoreStream, KEYSTORE_PASSWORD.toCharArray());
keyStoreStream.flush();
}
}
return key;
}
示例6: assureSelfSignedServerCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private static void assureSelfSignedServerCertificate(String hostname, File keyStoreFile,
String password) throws Exception {
KeyStore privateKS = KeyStore.getInstance("JKS");
if (keyStoreFile.exists()) {
FileInputStream fis = new FileInputStream(keyStoreFile);
privateKS.load(fis, password.toCharArray());
if (keyStoreContainsCertificate(privateKS, hostname))
return;
} else {
privateKS.load(null);
}
// create a RSA key pair generator using 1024 bits
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
// cerate a X509 certifacte generator
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
// set validity to 10 years, issuer and subject are equal --> self singed certificate
int random = new SecureRandom().nextInt();
if (random < 0)
random *= -1;
v3CertGen.setSerialNumber(BigInteger.valueOf(random));
v3CertGen.setIssuerDN(new X509Principal("CN=" + hostname
+ ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + hostname
+ ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(KPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate PKCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());
// store the certificate containing the public key,this file is needed
// to import the public key in other key store.
File certFile = new File(keyStoreFile.getParentFile(), hostname + ".cert");
FileOutputStream fos = new FileOutputStream(certFile.getAbsoluteFile());
fos.write(PKCertificate.getEncoded());
fos.close();
privateKS.setKeyEntry(hostname + ".key", KPair.getPrivate(), password.toCharArray(),
new java.security.cert.Certificate[] { PKCertificate });
privateKS.setCertificateEntry(hostname + ".cert", PKCertificate);
privateKS.store(new FileOutputStream(keyStoreFile), password.toCharArray());
}
示例7: createX509V3Certificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Creates an X509 version3 certificate.
*
* @param kp KeyPair that keeps the public and private keys for the new certificate.
* @param months time to live
* @param issuerDN Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
* @param subjectDN Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
* @param domain Domain of the server.
* @param signAlgoritm Signature algorithm. This can be either a name or an OID.
* @return X509 V3 Certificate
* @throws GeneralSecurityException
* @throws IOException
*/
private static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int months, String issuerDN,
String subjectDN, String domain,
String signAlgoritm)
throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.reset();
certGenerator.setSerialNumber(serial);
certGenerator.setIssuerDN(new X509Name(issuerDN));
certGenerator.setNotBefore(new Date(System.currentTimeMillis()));
certGenerator.setNotAfter(
new Date(System.currentTimeMillis() + months * (1000L * 60 * 60 * 24 * 30)));
certGenerator.setSubjectDN(new X509Name(subjectDN));
certGenerator.setPublicKey(pubKey);
certGenerator.setSignatureAlgorithm(signAlgoritm);
// Generate the subject alternative name
boolean critical = subjectDN == null || "".equals(subjectDN.trim());
DERSequence othernameSequence = new DERSequence(new ASN1Encodable[]{
new DERObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERTaggedObject(true, 0, new DERUTF8String(domain))});
GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence);
GeneralNames subjectAltNames = new GeneralNames(new DERSequence(new ASN1Encodable[]{othernameGN}));
// Add subject alternative name extension
certGenerator.addExtension(X509Extensions.SubjectAlternativeName, critical, subjectAltNames);
X509Certificate cert =
certGenerator.generateX509Certificate(privKey, "BC", new SecureRandom());
cert.checkValidity(new Date());
cert.verify(pubKey);
return cert;
}
示例8: createX509V3Certificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Creates an X509 version3 certificate.
*
* @param kp KeyPair that keeps the public and private keys for the new certificate.
* @param months time to live
* @param issuerDN Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
* @param subjectDN Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
* @param domain Domain of the server.
* @param signAlgoritm Signature algorithm. This can be either a name or an OID.
* @return X509 V3 Certificate
* @throws GeneralSecurityException
* @throws IOException
*/
private static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int months, String issuerDN,
String subjectDN, String domain,
String signAlgoritm)
throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.reset();
certGenerator.setSerialNumber(serial);
certGenerator.setIssuerDN(new X509Name(issuerDN));
certGenerator.setNotBefore(new Date(System.currentTimeMillis()));
certGenerator.setNotAfter(
new Date(System.currentTimeMillis() + months * (1000L * 60 * 60 * 24 * 30)));
certGenerator.setSubjectDN(new X509Name(subjectDN));
certGenerator.setPublicKey(pubKey);
certGenerator.setSignatureAlgorithm(signAlgoritm);
// Generate the subject alternative name
boolean critical = subjectDN == null || "".equals(subjectDN.trim());
ASN1Sequence othernameSequence = new DERSequence(new ASN1Encodable[]{
new DERObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERTaggedObject(true, 0, new DERUTF8String(domain))});
GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence);
GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{othernameGN});
// Add subject alternative name extension
certGenerator.addExtension(X509Extensions.SubjectAlternativeName, critical, subjectAltNames);
X509Certificate cert =
certGenerator.generateX509Certificate(privKey, "BC", new SecureRandom());
cert.checkValidity(new Date());
cert.verify(pubKey);
return cert;
}
示例9: generateCACert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private static void generateCACert() throws Exception {
String domainName = "CN=MItMSocks4J, O=akdeniz, OU=com";
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
// generate a serial number for certificate
SecureRandom secureRandom = new SecureRandom();
byte[] serial = new byte[16];
secureRandom.nextBytes(serial);
BigInteger serialNumber = new BigInteger(serial);
if (serialNumber.signum() < 0) {
serialNumber = serialNumber.negate();
}
v3CertGen.setSerialNumber(serialNumber);
v3CertGen.setIssuerDN(new X509Principal(domainName));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(new X509Principal(domainName));
v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true, 1));
v3CertGen.setPublicKey(KPair.getPublic());
v3CertGen.setSignatureAlgorithm("SHA1WithRSA");
X509Certificate PKCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());
// Dump certificate
FileOutputStream fos = new FileOutputStream("mitmsocks4j.cer");
fos.write(PKCertificate.getEncoded());
fos.close();
// Create a keystore
KeyStore privateKS = KeyStore.getInstance("JKS");
privateKS.load(null);
privateKS.setKeyEntry("sample.alias", KPair.getPrivate(), new char[] { '1', '2', '3', '4', '5', '6' },
new java.security.cert.Certificate[] { PKCertificate });
FileOutputStream ksFos = new FileOutputStream("mitmsocks4j_ca.jks");
privateKS.store(ksFos, new char[] { '1', '2', '3', '4', '5', '6' });
ksFos.close();
}
示例10: createCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* we generate a self signed certificate for the sake of testing - RSA
*/
public Certificate createCert(
PublicKey pubKey,
PrivateKey privKey)
throws Exception
{
//
// distinguished name table.
//
Hashtable attrs = new Hashtable();
attrs.put(X509Principal.C, "AU");
attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
attrs.put(X509Principal.L, "Melbourne");
attrs.put(X509Principal.ST, "Victoria");
attrs.put(X509Principal.EmailAddress, "[email protected]");
//
// extensions
//
//
// create the certificate - version 3
//
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X509Principal(attrs));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
certGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
certGen.setSubjectDN(new X509Principal(attrs));
certGen.setPublicKey(pubKey);
certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate cert = certGen.generateX509Certificate(privKey);
cert.checkValidity(new Date());
cert.verify(pubKey);
return cert;
}