org.bouncycastle.asn1.x509.BasicConstraints类的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(14.5k)|赞(0)|评价(0)|浏览(102)

本文整理了Java中org.bouncycastle.asn1.x509.BasicConstraints类的一些代码示例,展示了BasicConstraints类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。BasicConstraints类的具体详情如下:
包路径:org.bouncycastle.asn1.x509.BasicConstraints
类名称:BasicConstraints

BasicConstraints介绍

暂无

代码示例

代码示例来源:origin: jamesdbloom/mockserver

/**
 * Create a certificate to use by a Certificate Authority, signed by a self signed certificate.
 */
private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
  // signers name
  X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
  // subjects name - the same as we are self signed.
  X500Name subjectName = issuerName;
  // serial
  BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
  // create the certificate - version 3
  X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, publicKey);
  builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
  builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
  KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
  builder.addExtension(Extension.keyUsage, false, usage);
  ASN1EncodableVector purposes = new ASN1EncodableVector();
  purposes.add(KeyPurposeId.id_kp_serverAuth);
  purposes.add(KeyPurposeId.id_kp_clientAuth);
  purposes.add(KeyPurposeId.anyExtendedKeyUsage);
  builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
  X509Certificate cert = signCertificate(builder, privateKey);
  cert.checkValidity(new Date());
  cert.verify(publicKey);
  return cert;
}

代码示例来源:origin: apache/nifi

ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
    reverseX500Name(new X500Name(dn)),
    getUniqueSerialNumber(),
    startDate, endDate,
    reverseX500Name(new X500Name(dn)),
    subPubKeyInfo);
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment
    | KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));

代码示例来源:origin: apache/zookeeper

KeyPair keyPair,
  long expirationMillis) throws IOException, OperatorCreationException, GeneralSecurityException {
Date now = new Date();
X509v3CertificateBuilder builder = initCertBuilder(
    new Date(now.getTime() + expirationMillis),
    subject,
    keyPair.getPublic());
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); // is a CA
builder.addExtension(
    Extension.keyUsage,
    true,
    new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return buildAndSignCertificate(keyPair.getPrivate(), builder);

代码示例来源:origin: apache/zookeeper

private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
  X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
  nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
  BigInteger serialNumber = new BigInteger(128, new Random());
  X509v3CertificateBuilder certificateBuilder =
      new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime,
          nameBuilder.build(), keyPair.getPublic())
      .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
      .addExtension(Extension.keyUsage, true,
          new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
  return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}

代码示例来源:origin: org.xipki.scep/scep-server-emulator

private static Certificate issueSubCaCert(PrivateKey rcaKey, X500Name issuer,
  SubjectPublicKeyInfo pubKeyInfo, X500Name subject, BigInteger serialNumber,
  Date startTime) throws CertIOException, OperatorCreationException {
 Date notAfter = new Date(startTime.getTime() + CaEmulator.DAY_IN_MS * 3650);
 X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(issuer, serialNumber,
   startTime, notAfter, subject, pubKeyInfo);
 X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign);
 certGenerator.addExtension(Extension.keyUsage, true, ku);
 BasicConstraints bc = new BasicConstraints(0);
 certGenerator.addExtension(Extension.basicConstraints, true, bc);
 String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(rcaKey, ScepHashAlgo.SHA256);
 ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(rcaKey);
 return certGenerator.build(contentSigner).toASN1Structure();
}

代码示例来源:origin: stackoverflow.com

X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
  serverCertificate, new BigInteger("1"),
  new Date(System.currentTimeMillis()),
  new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L),
  jcaPKCS10CertificationRequest.getSubject(),
  jcaPKCS10CertificationRequest.getPublicKey()
/*).addExtension(
  new ASN1ObjectIdentifier("2.5.29.35"),
  false,
  new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/
).addExtension(
    new ASN1ObjectIdentifier("2.5.29.19"),
    false,
    new BasicConstraints(false) // true if it is allowed to sign other certs
).addExtension(
    new ASN1ObjectIdentifier("2.5.29.15"),
    true,
    new X509KeyUsage(
      X509KeyUsage.digitalSignature |
        X509KeyUsage.nonRepudiation   |
        X509KeyUsage.keyEncipherment  |
        X509KeyUsage.dataEncipherment));

代码示例来源:origin: org.xipki/ca-mgmt-client

stmt.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
stmt.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
stmt.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
setInt(stmt, idx++, cert.getRev());
setInt(stmt, idx++, cert.getRr());
if (extension != null) {
 ASN1Encodable asn1 = extension.getParsedValue();
 ee = !BasicConstraints.getInstance(asn1).isCA();

代码示例来源:origin: pwm-project/pwm

final String serNumStr = formatter.format( new Date( System.currentTimeMillis() ) );
final BigInteger serialNumber = new BigInteger( serNumStr );
final Date notBefore = new Date( System.currentTimeMillis() - TimeUnit.DAYS.toMillis( 2 ) );
final Date notAfter = new Date( System.currentTimeMillis() + ( futureSeconds * 1000 ) );
final BasicConstraints basic = new BasicConstraints( false );
certGen.addExtension( Extension.basicConstraints, true, basic.getEncoded() );
final KeyUsage keyUsage = new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment );
certGen.addExtension( Extension.keyUsage, true, keyUsage.getEncoded() );
certGen.addExtension( Extension.extendedKeyUsage, true, extKeyUsage.getEncoded() );

代码示例来源:origin: Netflix/bettertls

if (caCertHolder != null && cal.getTime().after(caCertHolder.getNotAfter())) {
  cal.setTime(caCertHolder.getNotAfter());
  subjectNameStr += ", CN=" + commonName;
X500Name subjectName = new X500Name(subjectNameStr);
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
    caCertHolder == null ? subjectName : caCertHolder.getSubject(),
    BigInteger.valueOf(System.nanoTime()),
    new Date(),
    cal.getTime(),
    subjectName,
    bcPk
);
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa));
if (nameConstraints != null) {
  certGen.addExtension(Extension.nameConstraints, true, nameConstraints);

代码示例来源:origin: square/okhttp

generator.setSerialNumber(serialNumber);
generator.setIssuerDN(signedByPrincipal);
generator.setNotBefore(new Date(notBefore));
generator.setNotAfter(new Date(notAfter));
generator.setSubjectDN(subject);
generator.setPublicKey(heldKeyPair.getPublic());
   new BasicConstraints(maxIntermediateCas));

代码示例来源:origin: stackoverflow.com

tbsGen.setSerialNumber(new ASN1Integer(serialNum));
tbsGen.setIssuer(issuer);
tbsGen.setStartDate(new Time(new Date(startDate)));
tbsGen.setEndDate(new Time(new Date(endDate)));
tbsGen.setSubject(new X500Name(dn));
tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(certPubKey.getEncoded()));
BasicConstraints basic = new BasicConstraints(false);
Extension basicExt =
  new Extension(
   Extension.basicConstraints,
   false,
   basic.getEncoded());

代码示例来源:origin: eu.eu-emi.security/canl

new Object[] {new TrustedInput(validDate), new TrustedInput(new Date())});
addNotification(msg);
  try
    bc = BasicConstraints.getInstance(getExtensionValue(cert,
        BASIC_CONSTRAINTS));
    if (bc != null)
      if (!bc.isCA())

代码示例来源:origin: org.bouncycastle/bcprov-debug-jdk15on

|| paramsPKIX.getDate().before(crl.getNextUpdate()))
      || pkixParams.getDate().before(onlineCRL.getNextUpdate()))
    reason = crlReasons[reasonCode.getValue().intValue()];
if (!validDate.before(crl_entry.getRevocationDate()))
try
  baseSelect.setMaxCRLNumber(((ASN1Integer)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
try
  bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))

代码示例来源:origin: cloudfoundry-incubator/credhub

@Test
public void getSignedByIssuer_generatesACertificateWithTheRightValues() throws Exception {
 final X509Certificate generatedCertificate = subject
  .getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters,
   certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate());
 assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=ca DN"));
 assertThat(generatedCertificate.getIssuerDN().getName(), containsString("O=credhub"));
 assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337L)));
 assertThat(generatedCertificate.getNotBefore().toString(), equalTo(Date.from(now).toString()));
 assertThat(generatedCertificate.getNotAfter().toString(), equalTo(Date.from(later).toString()));
 assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name"));
 assertThat(generatedCertificate.getPublicKey(), equalTo(generatedCertificateKeyPair.getPublic()));
 assertThat(generatedCertificate.getSigAlgName(), equalTo("SHA256WITHRSA"));
 generatedCertificate.verify(issuerKey.getPublic());
 final byte[] isCaExtension = generatedCertificate.getExtensionValue(Extension.basicConstraints.getId());
 assertThat(Arrays.copyOfRange(isCaExtension, 2, isCaExtension.length),
  equalTo(new BasicConstraints(true).getEncoded()));
}

代码示例来源:origin: org.xipki.pki/ca-qa

private void checkExtensionBasicConstraints(final StringBuilder failureMsg,
    final byte[] extensionValue) {
  BasicConstraints bc = BasicConstraints.getInstance(extensionValue);
  X509CertLevel certLevel = certProfile.certLevel();
  boolean ca = (X509CertLevel.RootCA == certLevel) || (X509CertLevel.SubCA == certLevel);
  if (ca != bc.isCA()) {
    addViolation(failureMsg, "ca", bc.isCA(), ca);
  }
  if (bc.isCA()) {
    BigInteger tmpPathLen = bc.getPathLenConstraint();
    Integer pathLen = certProfile.pathLen();
    if (pathLen == null) {
      if (tmpPathLen != null) {
        addViolation(failureMsg, "pathLen", tmpPathLen, "absent");
      }
    } else {
      if (tmpPathLen == null) {
        addViolation(failureMsg, "pathLen", "null", pathLen);
      } else if (!BigInteger.valueOf(pathLen).equals(tmpPathLen)) {
        addViolation(failureMsg, "pathLen", tmpPathLen, pathLen);
      }
    }
  }
} // method checkExtensionBasicConstraints

代码示例来源:origin: JZ-Darkal/AndroidHttpCapture

BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
    issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
    createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
    new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
    | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
    | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);

代码示例来源:origin: org.apache.accumulo/accumulo-test

private Certificate generateCert(String keyName, KeyPair kp, boolean isCertAuthority,
  PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException,
  OperatorCreationException, CertificateException, NoSuchAlgorithmException {
 Calendar startDate = Calendar.getInstance();
 Calendar endDate = Calendar.getInstance();
 endDate.add(Calendar.YEAR, 100);
 BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
 X500Name issuer = new X500Name(
   IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
 JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber,
   startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
 JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
 certGen.addExtension(Extension.subjectKeyIdentifier, false,
   extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
 certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
 certGen.addExtension(Extension.authorityKeyIdentifier, false,
   extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
 if (isCertAuthority) {
  certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
 }
 X509CertificateHolder cert = certGen
   .build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
 return new JcaX509CertificateConverter().getCertificate(cert);
}

代码示例来源:origin: eu.eu-emi.security/canl

try
  bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
    RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
  BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
    int _plc = _pathLengthConstraint.intValue();

代码示例来源:origin: monkeyWie/proxyee

/**
 * 生成CA服务器证书
 */
public static X509Certificate genCACert(String subject, Date caNotBefore, Date caNotAfter,
  KeyPair keyPair) throws Exception {
 JcaX509v3CertificateBuilder jv3Builder = new JcaX509v3CertificateBuilder(new X500Name(subject),
   BigInteger.valueOf(System.currentTimeMillis() + (long) (Math.random() * 10000) + 1000),
   caNotBefore,
   caNotAfter,
   new X500Name(subject),
   keyPair.getPublic());
 jv3Builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
 ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
   .build(keyPair.getPrivate());
 return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer));
}

代码示例来源:origin: kaikramer/keystore-explorer

private void prepopulateWithValue(byte[] value) throws IOException {
  BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
  jcbSubjectIsCa.setSelected(basicConstraints.isCA());
  if (basicConstraints.getPathLenConstraint() != null) {
    jtfPathLengthConstraint.setText("" + basicConstraints.getPathLenConstraint().intValue());
    jtfPathLengthConstraint.setCaretPosition(0);
  }
}

内容来源于网络,如有侵权,请联系作者删除!

BasicConstraints

相关文章

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com