本文整理匯總了Java中org.bouncycastle.x509.X509V3CertificateGenerator.setSubjectDN方法的典型用法代碼示例。如果您正苦於以下問題:Java X509V3CertificateGenerator.setSubjectDN方法的具體用法?Java X509V3CertificateGenerator.setSubjectDN怎麽用?Java X509V3CertificateGenerator.setSubjectDN使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類org.bouncycastle.x509.X509V3CertificateGenerator
的用法示例。
在下文中一共展示了X509V3CertificateGenerator.setSubjectDN方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: selfSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Generates a certificate for {@code hostName} containing {@code keyPair}'s public key, signed by
* {@code keyPair}'s private key.
*/
@SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies.
public X509Certificate selfSignedCertificate(KeyPair keyPair, String serialNumber)
throws GeneralSecurityException {
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
X500Principal issuer = new X500Principal("CN=" + hostName);
X500Principal subject = new X500Principal("CN=" + hostName);
generator.setSerialNumber(new BigInteger(serialNumber));
generator.setIssuerDN(issuer);
generator.setNotBefore(new Date(notBefore));
generator.setNotAfter(new Date(notAfter));
generator.setSubjectDN(subject);
generator.setPublicKey(keyPair.getPublic());
generator.setSignatureAlgorithm("SHA256WithRSAEncryption");
return generator.generateX509Certificate(keyPair.getPrivate(), "BC");
}
示例2: makeCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate makeCertificate(KeyPair _subKP,
String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
throws Exception
{
PublicKey _subPub = _subKP.getPublic();
PrivateKey _issPriv = _issKP.getPrivate();
PublicKey _issPub = _issKP.getPublic();
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.reset();
_v3CertGen.setSerialNumber(allocateSerialNumber());
_v3CertGen.setIssuerDN(new X509Name(_issDN));
_v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
_v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * 100)));
_v3CertGen.setSubjectDN(new X509Name(_subDN));
_v3CertGen.setPublicKey(_subPub);
_v3CertGen.setSignatureAlgorithm(algorithm);
_v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
_v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
X509Certificate _cert = _v3CertGen.generate(_issPriv);
_cert.checkValidity(new Date());
_cert.verify(_issPub);
return _cert;
}
示例3: generateSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private X509Certificate generateSignedCertificate(
PKCS10CertificationRequest csr) throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeyException,
CertificateParsingException, CertificateEncodingException,
SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(rootCert.getSubjectX500Principal());
Calendar c = Calendar.getInstance();
certGen.setNotBefore(c.getTime());
c.add(Calendar.YEAR, 1);
certGen.setNotAfter(c.getTime());
certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject());
certGen.setPublicKey(csr.getPublicKey("BC"));
certGen.setSignatureAlgorithm(ALGORITHM_SHA256_RSA);
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(rootCert.getPublicKey()));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(csr.getPublicKey("BC")));
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
X509Certificate issuedCert = certGen.generate(rootPrivateKeyEntry
.getPrivateKey());
return issuedCert;
}
示例4: addEntry
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private void addEntry(final String alias) throws GeneralSecurityException {
final KeyPair pair = KG.generateKeyPair();
// build a certificate generator
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
final X500Principal dnName = new X500Principal("cn=" + alias);
certGen.setSerialNumber(new BigInteger(256, RND));
certGen.setSubjectDN(new X509Name("dc=" + alias));
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSA");
final X509Certificate cert = certGen.generate(pair.getPrivate(), "BC");
ks.setEntry(alias, new KeyStore.PrivateKeyEntry(pair.getPrivate(), new X509Certificate[] { cert }), PP);
}
示例5: addPublicEntry
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
private void addPublicEntry(final String alias) throws GeneralSecurityException {
final KeyPair pair = KG.generateKeyPair();
// build a certificate generator
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
final X500Principal dnName = new X500Principal("cn=" + alias);
certGen.setSerialNumber(new BigInteger(256, RND));
certGen.setSubjectDN(new X509Name("dc=" + alias));
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSA");
final X509Certificate cert = certGen.generate(pair.getPrivate(), "BC");
ks.setEntry(alias, new KeyStore.TrustedCertificateEntry(cert), null);
}
示例6: generateCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
protected Certificate generateCertificate(KeyPair keyPair, String alias) throws GeneralSecurityException {
//test that Bouncy Castle provider is present and add it if it's not
if( Security.getProvider(org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// X509Name nameInfo = new X509Name(false,"CN=" + alias);
certificateGenerator.setSignatureAlgorithm("MD5WithRSA");
certificateGenerator.setSerialNumber(new java.math.BigInteger("1"));
X509Principal nameInfo = new X509Principal("CN=" + alias);
certificateGenerator.setIssuerDN(nameInfo);
certificateGenerator.setSubjectDN(nameInfo); // note: same as issuer for self signed
certificateGenerator.setNotBefore(new Date());
Calendar c = Calendar.getInstance();
c.add(Calendar.DATE, CLIENT_CERT_EXPIRATION_DAYS);
certificateGenerator.setNotAfter(c.getTime());
certificateGenerator.setPublicKey(keyPair.getPublic());
return certificateGenerator.generate(keyPair.getPrivate(), org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME);
}
示例7: generateSelfSigned
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Generates a new key pair (RSA, 2048 bits) and a self-signed certificate for it (SHA1withRSA). The certificate
* will use a distinguished name of the form {@code CN=name} and will be valid for 1 year.
*/
public static KeyPairAndCertificate generateSelfSigned(String name) throws GeneralSecurityException, IOException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Date from = new Date();
Date to = new Date(from.getTime() + 365L * 24L * 60L * 60L * 1000L);
BigInteger serialNumber = new BigInteger(64, new SecureRandom());
X500Principal owner = new X500Principal("CN=" + name);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.setIssuerDN(owner);
certificateGenerator.setSubjectDN(owner);
certificateGenerator.setNotBefore(from);
certificateGenerator.setNotAfter(to);
certificateGenerator.setSerialNumber(serialNumber);
certificateGenerator.setPublicKey(keyPair.getPublic());
certificateGenerator.setSignatureAlgorithm("SHA1withRSA");
X509Certificate certificate = certificateGenerator.generate(keyPair.getPrivate());
return new KeyPairAndCertificate(keyPair.getPrivate(), keyPair.getPublic(), certificate);
}
示例8: generateSelfSignedCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateSelfSignedCertificate(
KeyPair keyPair, String subject, String issuer) throws Exception {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(keyPair.getPublic());
certGen.setSerialNumber(generateSerial());
X500Principal subjectPrincipal = new X500Principal(subject);
X500Principal issuerPrincipal = new X500Principal(issuer);
certGen.setSubjectDN(subjectPrincipal);
certGen.setIssuerDN(issuerPrincipal);
Calendar cal = Calendar.getInstance();
certGen.setNotBefore(cal.getTime());
cal.add(Calendar.YEAR, 10);
certGen.setNotAfter(cal.getTime());
certGen.setSignatureAlgorithm("SHA256WithRSA");
X509Certificate cert = certGen.generate(keyPair.getPrivate());
return cert;
}
示例9: generateSelfSignedSoftECCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
/**
* Create a self signed cert for our software emulation
*
* @param kp
* is the keypair for our certificate
* @return a self signed cert for our software emulation
* @throws InvalidKeyException
* on error
* @throws SignatureException
* on error
*/
private X509Certificate generateSelfSignedSoftECCert(KeyPair kp,
boolean compress) throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
ECPrivateKey privECKey = (ECPrivateKey)kp.getPrivate();
ECPublicKey pubECKey = (ECPublicKey)kp.getPublic();
if (!compress)
{
((ECPointEncoder)privECKey).setPointFormat("UNCOMPRESSED");
((ECPointEncoder)pubECKey).setPointFormat("UNCOMPRESSED");
}
certGen.setSignatureAlgorithm("ECDSAwithSHA1");
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X509Principal("CN=Software emul (EC Cert)"));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000000));
certGen.setSubjectDN(new X509Principal("CN=Software emul (EC Cert)"));
certGen.setPublicKey((PublicKey)pubECKey);
return certGen.generate((PrivateKey)privECKey);
}
示例10: generateIntermediateCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
certGen.setPublicKey(intKey);
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return certGen.generate(caKey, "BC");
}
示例11: generateEndEntityCert
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)
throws Exception
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
certGen.setPublicKey(entityKey);
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
return certGen.generate(caKey, "BC");
}
示例12: generateV3Certificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public Certificate generateV3Certificate(Date startDate, Date expirationDate, String dnName) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
// Create certificate
BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal principal = new X500Principal(dnName);
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(principal);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expirationDate);
certGen.setSubjectDN(principal); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(signatureAlgorithm.getAlgorithm());
X509Certificate x509Certificate = certGen.generate(keyPair.getPrivate(), "BC");
return new Certificate(signatureAlgorithm, x509Certificate);
}
示例13: sign
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate sign(String CN, PublicKey publicKey, Date expiryDate, long serialNumber, X509Certificate caCert, PrivateKey privateKey) throws CertificateParsingException, CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
// Date expiryDate = ...; // time after which certificate is not valid
// BigInteger serialNumber = ...; // serial number for certificate
// PrivateKey caKey = ...; // private key of the certifying authority (ca) certificate
// X509Certificate caCert = ...; // public key certificate of the certifying authority
// KeyPair keyPair = ...; // public/private key pair that we are creating certificate for
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal subjectName = new X500Principal("CN="+CN);
certGen.setSerialNumber(BigInteger.valueOf(serialNumber));
certGen.setIssuerDN(caCert.getSubjectX500Principal());
certGen.setNotBefore(new Date());
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(subjectName);
certGen.setPublicKey(publicKey);
certGen.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM);
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(publicKey));
X509Certificate cert = certGen.generate(privateKey, "BC"); // note: private key of CA
return cert;
}
示例14: getNewCertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public X509Certificate getNewCertificate(String certDn, String keySigningAlgorithm, KeyPair keyPair) throws GeneralSecurityException {
LOG.debug(String.format("getNewCertificate(%s, %s, %s)", certDn, keySigningAlgorithm, keyPair));
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X500Principal dnName = new X500Principal(certDn);
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(dnName);
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
Calendar cal = Calendar.getInstance();
certGen.setNotBefore(cal.getTime());
cal.add(Calendar.YEAR, FIVE);
certGen.setNotAfter(cal.getTime());
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(keySigningAlgorithm);
return certGen.generate(keyPair.getPrivate(), PROVIDER);
}
示例15: generateCACertificate
import org.bouncycastle.x509.X509V3CertificateGenerator; //導入方法依賴的package包/類
public static X509Certificate generateCACertificate(String provider, X509Name subject, Date start, Date expired, KeyPair pair, int numberOfCAs, String signatureAlgorthm)
throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException {
// generate the certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(subject);
certGen.setNotBefore(start);
certGen.setNotAfter(expired);
certGen.setSubjectDN(subject);
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm(signatureAlgorthm);
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(numberOfCAs));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
return certGen.generate(pair.getPrivate(), provider);
}