本文整理了Java中org.bouncycastle.asn1.x509.BasicConstraints
类的一些代码示例,展示了BasicConstraints
类的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。BasicConstraints
类的具体详情如下:
包路径:org.bouncycastle.asn1.x509.BasicConstraints
类名称:BasicConstraints
暂无
代码示例来源:origin: jamesdbloom/mockserver
/**
* Create a certificate to use by a Certificate Authority, signed by a self signed certificate.
*/
private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
// signers name
X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
// subjects name - the same as we are self signed.
X500Name subjectName = issuerName;
// serial
BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
// create the certificate - version 3
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, publicKey);
builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
builder.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(builder, privateKey);
cert.checkValidity(new Date());
cert.verify(publicKey);
return cert;
}
代码示例来源:origin: apache/nifi
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
reverseX500Name(new X500Name(dn)),
getUniqueSerialNumber(),
startDate, endDate,
reverseX500Name(new X500Name(dn)),
subPubKeyInfo);
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
| KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
代码示例来源:origin: apache/zookeeper
KeyPair keyPair,
long expirationMillis) throws IOException, OperatorCreationException, GeneralSecurityException {
Date now = new Date();
X509v3CertificateBuilder builder = initCertBuilder(
new Date(now.getTime() + expirationMillis),
subject,
keyPair.getPublic());
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); // is a CA
builder.addExtension(
Extension.keyUsage,
true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return buildAndSignCertificate(keyPair.getPrivate(), builder);
代码示例来源:origin: apache/zookeeper
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
BigInteger serialNumber = new BigInteger(128, new Random());
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime,
nameBuilder.build(), keyPair.getPublic())
.addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}
代码示例来源:origin: org.xipki.scep/scep-server-emulator
private static Certificate issueSubCaCert(PrivateKey rcaKey, X500Name issuer,
SubjectPublicKeyInfo pubKeyInfo, X500Name subject, BigInteger serialNumber,
Date startTime) throws CertIOException, OperatorCreationException {
Date notAfter = new Date(startTime.getTime() + CaEmulator.DAY_IN_MS * 3650);
X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(issuer, serialNumber,
startTime, notAfter, subject, pubKeyInfo);
X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign);
certGenerator.addExtension(Extension.keyUsage, true, ku);
BasicConstraints bc = new BasicConstraints(0);
certGenerator.addExtension(Extension.basicConstraints, true, bc);
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(rcaKey, ScepHashAlgo.SHA256);
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(rcaKey);
return certGenerator.build(contentSigner).toASN1Structure();
}
代码示例来源:origin: stackoverflow.com
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
serverCertificate, new BigInteger("1"),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L),
jcaPKCS10CertificationRequest.getSubject(),
jcaPKCS10CertificationRequest.getPublicKey()
/*).addExtension(
new ASN1ObjectIdentifier("2.5.29.35"),
false,
new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/
).addExtension(
new ASN1ObjectIdentifier("2.5.29.19"),
false,
new BasicConstraints(false) // true if it is allowed to sign other certs
).addExtension(
new ASN1ObjectIdentifier("2.5.29.15"),
true,
new X509KeyUsage(
X509KeyUsage.digitalSignature |
X509KeyUsage.nonRepudiation |
X509KeyUsage.keyEncipherment |
X509KeyUsage.dataEncipherment));
代码示例来源:origin: org.xipki/ca-mgmt-client
stmt.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
stmt.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
stmt.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
setInt(stmt, idx++, cert.getRev());
setInt(stmt, idx++, cert.getRr());
if (extension != null) {
ASN1Encodable asn1 = extension.getParsedValue();
ee = !BasicConstraints.getInstance(asn1).isCA();
代码示例来源:origin: pwm-project/pwm
final String serNumStr = formatter.format( new Date( System.currentTimeMillis() ) );
final BigInteger serialNumber = new BigInteger( serNumStr );
final Date notBefore = new Date( System.currentTimeMillis() - TimeUnit.DAYS.toMillis( 2 ) );
final Date notAfter = new Date( System.currentTimeMillis() + ( futureSeconds * 1000 ) );
final BasicConstraints basic = new BasicConstraints( false );
certGen.addExtension( Extension.basicConstraints, true, basic.getEncoded() );
final KeyUsage keyUsage = new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment );
certGen.addExtension( Extension.keyUsage, true, keyUsage.getEncoded() );
certGen.addExtension( Extension.extendedKeyUsage, true, extKeyUsage.getEncoded() );
代码示例来源:origin: Netflix/bettertls
if (caCertHolder != null && cal.getTime().after(caCertHolder.getNotAfter())) {
cal.setTime(caCertHolder.getNotAfter());
subjectNameStr += ", CN=" + commonName;
X500Name subjectName = new X500Name(subjectNameStr);
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
caCertHolder == null ? subjectName : caCertHolder.getSubject(),
BigInteger.valueOf(System.nanoTime()),
new Date(),
cal.getTime(),
subjectName,
bcPk
);
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa));
if (nameConstraints != null) {
certGen.addExtension(Extension.nameConstraints, true, nameConstraints);
代码示例来源:origin: square/okhttp
generator.setSerialNumber(serialNumber);
generator.setIssuerDN(signedByPrincipal);
generator.setNotBefore(new Date(notBefore));
generator.setNotAfter(new Date(notAfter));
generator.setSubjectDN(subject);
generator.setPublicKey(heldKeyPair.getPublic());
new BasicConstraints(maxIntermediateCas));
代码示例来源:origin: stackoverflow.com
tbsGen.setSerialNumber(new ASN1Integer(serialNum));
tbsGen.setIssuer(issuer);
tbsGen.setStartDate(new Time(new Date(startDate)));
tbsGen.setEndDate(new Time(new Date(endDate)));
tbsGen.setSubject(new X500Name(dn));
tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(certPubKey.getEncoded()));
BasicConstraints basic = new BasicConstraints(false);
Extension basicExt =
new Extension(
Extension.basicConstraints,
false,
basic.getEncoded());
代码示例来源:origin: eu.eu-emi.security/canl
new Object[] {new TrustedInput(validDate), new TrustedInput(new Date())});
addNotification(msg);
try
bc = BasicConstraints.getInstance(getExtensionValue(cert,
BASIC_CONSTRAINTS));
if (bc != null)
if (!bc.isCA())
代码示例来源:origin: org.bouncycastle/bcprov-debug-jdk15on
|| paramsPKIX.getDate().before(crl.getNextUpdate()))
|| pkixParams.getDate().before(onlineCRL.getNextUpdate()))
reason = crlReasons[reasonCode.getValue().intValue()];
if (!validDate.before(crl_entry.getRevocationDate()))
try
baseSelect.setMaxCRLNumber(((ASN1Integer)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
try
bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
代码示例来源:origin: cloudfoundry-incubator/credhub
@Test
public void getSignedByIssuer_generatesACertificateWithTheRightValues() throws Exception {
final X509Certificate generatedCertificate = subject
.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters,
certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate());
assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=ca DN"));
assertThat(generatedCertificate.getIssuerDN().getName(), containsString("O=credhub"));
assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337L)));
assertThat(generatedCertificate.getNotBefore().toString(), equalTo(Date.from(now).toString()));
assertThat(generatedCertificate.getNotAfter().toString(), equalTo(Date.from(later).toString()));
assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name"));
assertThat(generatedCertificate.getPublicKey(), equalTo(generatedCertificateKeyPair.getPublic()));
assertThat(generatedCertificate.getSigAlgName(), equalTo("SHA256WITHRSA"));
generatedCertificate.verify(issuerKey.getPublic());
final byte[] isCaExtension = generatedCertificate.getExtensionValue(Extension.basicConstraints.getId());
assertThat(Arrays.copyOfRange(isCaExtension, 2, isCaExtension.length),
equalTo(new BasicConstraints(true).getEncoded()));
}
代码示例来源:origin: org.xipki.pki/ca-qa
private void checkExtensionBasicConstraints(final StringBuilder failureMsg,
final byte[] extensionValue) {
BasicConstraints bc = BasicConstraints.getInstance(extensionValue);
X509CertLevel certLevel = certProfile.certLevel();
boolean ca = (X509CertLevel.RootCA == certLevel) || (X509CertLevel.SubCA == certLevel);
if (ca != bc.isCA()) {
addViolation(failureMsg, "ca", bc.isCA(), ca);
}
if (bc.isCA()) {
BigInteger tmpPathLen = bc.getPathLenConstraint();
Integer pathLen = certProfile.pathLen();
if (pathLen == null) {
if (tmpPathLen != null) {
addViolation(failureMsg, "pathLen", tmpPathLen, "absent");
}
} else {
if (tmpPathLen == null) {
addViolation(failureMsg, "pathLen", "null", pathLen);
} else if (!BigInteger.valueOf(pathLen).equals(tmpPathLen)) {
addViolation(failureMsg, "pathLen", tmpPathLen, pathLen);
}
}
}
} // method checkExtensionBasicConstraints
代码示例来源:origin: JZ-Darkal/AndroidHttpCapture
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
| KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
代码示例来源:origin: org.apache.accumulo/accumulo-test
private Certificate generateCert(String keyName, KeyPair kp, boolean isCertAuthority,
PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException,
OperatorCreationException, CertificateException, NoSuchAlgorithmException {
Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 100);
BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
X500Name issuer = new X500Name(
IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber,
startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
certGen.addExtension(Extension.subjectKeyIdentifier, false,
extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
certGen.addExtension(Extension.authorityKeyIdentifier, false,
extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
if (isCertAuthority) {
certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
}
X509CertificateHolder cert = certGen
.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
return new JcaX509CertificateConverter().getCertificate(cert);
}
代码示例来源:origin: eu.eu-emi.security/canl
try
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
int _plc = _pathLengthConstraint.intValue();
代码示例来源:origin: monkeyWie/proxyee
/**
* 生成CA服务器证书
*/
public static X509Certificate genCACert(String subject, Date caNotBefore, Date caNotAfter,
KeyPair keyPair) throws Exception {
JcaX509v3CertificateBuilder jv3Builder = new JcaX509v3CertificateBuilder(new X500Name(subject),
BigInteger.valueOf(System.currentTimeMillis() + (long) (Math.random() * 10000) + 1000),
caNotBefore,
caNotAfter,
new X500Name(subject),
keyPair.getPublic());
jv3Builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.build(keyPair.getPrivate());
return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer));
}
代码示例来源:origin: kaikramer/keystore-explorer
private void prepopulateWithValue(byte[] value) throws IOException {
BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
jcbSubjectIsCa.setSelected(basicConstraints.isCA());
if (basicConstraints.getPathLenConstraint() != null) {
jtfPathLengthConstraint.setText("" + basicConstraints.getPathLenConstraint().intValue());
jtfPathLengthConstraint.setCaretPosition(0);
}
}
内容来源于网络,如有侵权,请联系作者删除!