本文整理了Java中org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
类的一些代码示例,展示了JcaX509CertificateConverter
类的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。JcaX509CertificateConverter
类的具体详情如下:
包路径:org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
类名称:JcaX509CertificateConverter
暂无
代码示例来源:origin: redisson/redisson
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter)
throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X500Name owner = new X500Name("CN=" + fqdn);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
X509CertificateHolder certHolder = builder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fqdn, key, cert);
}
代码示例来源:origin: jamesdbloom/mockserver
private static X509Certificate signCertificate(X509v3CertificateBuilder certificateBuilder, PrivateKey signedWithPrivateKey) throws OperatorCreationException, CertificateException {
ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME).build(signedWithPrivateKey);
return new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(certificateBuilder.build(signer));
}
代码示例来源:origin: apache/nifi
public static X509Certificate parseCertificate(Reader pemEncodedCertificate) throws IOException, CertificateException {
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(parsePem(X509CertificateHolder.class, pemEncodedCertificate));
}
代码示例来源:origin: igniterealtime/Spark
public X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, OperatorCreationException, CertificateException {
long serial = System.currentTimeMillis();
SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X500Name name = new X500Name(createX500NameString());
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(name,
BigInteger.valueOf(serial),
new Date(System.currentTimeMillis() - 1000000000),
new Date(System.currentTimeMillis() + 1000000000),
name,
keyInfo
);
certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
X509CertificateHolder certHolder = certBuilder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
return cert;
}
}
代码示例来源:origin: igniterealtime/Openfire
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, X500NameBuilder issuerBuilder,
X500NameBuilder subjectBuilder, String domain, String signAlgoritm, Set
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( //
final boolean critical = subjectDN.getRDNs().length == 0;
certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAlternativeNames);
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(pubKey));
ContentSigner signer = new JcaContentSignerBuilder(signAlgoritm).build(privKey);
X509CertificateHolder cert = certBuilder.build(signer);
return new JcaX509CertificateConverter().getCertificate(cert);
代码示例来源:origin: monkeyWie/proxyee
/**
* 生成CA服务器证书
*/
public static X509Certificate genCACert(String subject, Date caNotBefore, Date caNotAfter,
KeyPair keyPair) throws Exception {
JcaX509v3CertificateBuilder jv3Builder = new JcaX509v3CertificateBuilder(new X500Name(subject),
BigInteger.valueOf(System.currentTimeMillis() + (long) (Math.random() * 10000) + 1000),
caNotBefore,
caNotAfter,
new X500Name(subject),
keyPair.getPublic());
jv3Builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.build(keyPair.getPrivate());
return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer));
}
代码示例来源:origin: apache/geode
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam =
PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo =
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
ContentSigner sigGen =
new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v3CertificateBuilder v3CertGen =
new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC")
.getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
代码示例来源:origin: apache/zookeeper
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
BigInteger serialNumber = new BigInteger(128, new Random());
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime,
nameBuilder.build(), keyPair.getPublic())
.addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}
代码示例来源:origin: org.apache.poi/poi-ooxml
BigInteger nOnce= new BigInteger(128, new SecureRandom());
TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator();
requestGenerator.setCertReq(true);
Map
for (X509CertificateHolder certificate : certificates) {
if (signerCertIssuer.equals(certificate.getIssuer())
&& signerCertSerialNumber.equals(certificate.getSerialNumber())) {
signerCert = certificate;
JcaX509CertificateConverter x509cOnverter= new JcaX509CertificateConverter();
x509converter.setProvider("BC");
X509CertificateHolder certificate = signerCert;
do {
LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject());
tspCertificateChain.add(x509converter.getCertificate(certificate));
if (certificate.getSubject().equals(certificate.getIssuer())) {
break;
代码示例来源:origin: stackoverflow.com
public static X509Certificate generateCertificate (KeyPair newKeys) {
Security.addProvider(new BouncyCastleProvider());
Date startDate = new Date();
Date expiryDate = new DateTime().plusYears(100).toDate();
BigInteger serialNumber = new BigInteger(10, new Random());
try {
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(newKeys
.getPrivate());
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(newKeys
.getPublic().getEncoded()
));
X500Name dnName = new X500Name("CN=FoodJudge API Certificate");
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(dnName,
serialNumber,
startDate, expiryDate,
dnName,
subjectPublicKeyInfo);
X509CertificateHolder holder = builder.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder);
}
catch (OperatorCreationException e) {
e.printStackTrace();
}
catch (CertificateException e) {
e.printStackTrace();
}
return null;
}
代码示例来源:origin: apache/cloudstack
public static X509Certificate generateV1Certificate(final KeyPair keyPair,
final String subject,
final String issuer,
final int validityYears,
final String signatureAlgorithm) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(
new X500Name(issuer),
generateRandomBigInt(),
now.minusDays(1).toDate(),
now.plusYears(validityYears).toDate(),
new X500Name(subject),
keyPair.getPublic());
final ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC").build(keyPair.getPrivate());
final X509CertificateHolder certHolder = certBuilder.build(signer);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
}
代码示例来源:origin: hyperledger/fabric-sdk-java
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception {
X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);
// Basic constraints
BasicConstraints cOnstraints= new BasicConstraints(false);
certBuilder.addExtension(
Extension.basicConstraints,
true,
constraints.getEncoded());
// Key usage
KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
// Extended key usage
certBuilder.addExtension(
Extension.extendedKeyUsage,
false,
certType.keyUsage().getEncoded());
if (san != null) {
addSAN(certBuilder, san);
}
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm)
.build(keyPair.getPrivate());
X509CertificateHolder holder = certBuilder.build(signer);
JcaX509CertificateConverter cOnverter= new JcaX509CertificateConverter();
converter.setProvider(new BouncyCastleProvider());
return converter.getCertificate(holder);
}
代码示例来源:origin: ZZMarquis/gmhelper
/**
* @param isCA 是否是颁发给CA的证书
* @param keyUsage 证书用途
* @param csr CSR
* @return
* @throws Exception
*/
public X509Certificate makeCertificate(boolean isCA, KeyUsage keyUsage, byte[] csr)
throws Exception {
PKCS10CertificationRequest request = new PKCS10CertificationRequest(csr);
PublicKey subPub = BCECUtil.createPublicKeyFromSubjectPublicKeyInfo(request.getSubjectPublicKeyInfo());
PrivateKey issPriv = issuerKeyPair.getPrivate();
PublicKey issPub = issuerKeyPair.getPublic();
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(issuerDN, snAllocator.incrementAndGet(),
new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + certExpire),
request.getSubject(), subPub);
v3CertGen.addExtension(Extension.subjectKeyIdentifier, false,
extUtils.createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(subPub.getEncoded())));
v3CertGen.addExtension(Extension.authorityKeyIdentifier, false,
extUtils.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(issPub.getEncoded())));
v3CertGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCA));
v3CertGen.addExtension(Extension.keyUsage, false, keyUsage);
JcaContentSignerBuilder cOntentSignerBuilder= makeContentSignerBuilder(issPub);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
.getCertificate(v3CertGen.build(contentSignerBuilder.build(issPriv)));
cert.checkValidity(new Date());
cert.verify(issPub);
return cert;
}
代码示例来源:origin: org.keycloak/keycloak-common
public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject, BigInteger serialNumber) {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 10);
Date validityEndDate = new Date(calendar.getTime().getTime());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(subjectDN, serialNumber, validityStartDate,
validityEndDate, subjectDN, subPubKeyInfo);
X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(holder);
} catch (Exception e) {
throw new RuntimeException("Error creating X509v1Certificate.", e);
}
}
代码示例来源:origin: RUB-NDS/TLS-Attacker
private static X509Certificate signCertificate(String algorithm, X509v3CertificateBuilder builder,
PrivateKey privateKey) throws OperatorCreationException, CertificateException {
ContentSigner signer = new JcaContentSignerBuilder(algorithm).build(privateKey);
return new JcaX509CertificateConverter().getCertificate(builder.build(signer));
}
代码示例来源:origin: cloudfoundry-incubator/credhub
private X509Certificate createCertificateAuthority(final X509v3CertificateBuilder x509v3CertificateBuilder) throws OperatorCreationException, CertificateException, IOException {
final X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(jcaContentSignerBuilder.build(issuerKey.getPrivate()));
final X509Certificate x509CertificateAuthority = jcaX509CertificateConverter.getCertificate(certificateHolder);
return x509CertificateAuthority;
}
代码示例来源:origin: kaikramer/keystore-explorer
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey,
PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions,
Provider provider)
throws CryptoException, CertIOException {
Date notBefore = validityStart == null ? new Date() : validityStart;
Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore,
notAfter, subject, publicKey);
if (extensions != null) {
for (String oid : extensions.getCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid));
}
for (String oid : extensions.getNonCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid));
}
}
try {
ContentSigner certSigner = null;
if (provider == null) {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
} else {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
}
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
} catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
}
}
代码示例来源:origin: kodokojo/kodokojo
private static X509Certificate verifyCertificate(PrivateKey caPrivateKey, PublicKey caPublicKey, JcaX509v3CertificateBuilder certificateBuilder) throws OperatorCreationException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME).build(caPrivateKey);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(certificateBuilder.build(signer));
cert.checkValidity(new Date());
cert.verify(caPublicKey);
return cert;
}
代码示例来源:origin: JZ-Darkal/AndroidHttpCapture
/**
* Converts a Bouncy Castle X509CertificateHolder into a JCA X590Certificate.
*
* @param bouncyCastleCertificate BC X509CertificateHolder
* @return JCA X509Certificate
*/
private static X509Certificate convertToJcaCertificate(X509CertificateHolder bouncyCastleCertificate) {
try {
return new JcaX509CertificateConverter()
.getCertificate(bouncyCastleCertificate);
} catch (CertificateException e) {
throw new CertificateCreationException("Unable to convert X590CertificateHolder to JCA X590Certificate", e);
}
}
代码示例来源:origin: apache/pdfbox
for (X509CertificateHolder certHolder : certHolders)
if (name.equals(certHolder.getSubject()))
ocspRespOnderCertificate= certificateConverter.getCertificate(certHolder);
return;
X500Name certSubjectName = new X500Name(cert.getSubjectX500Principal().getName());
if (certSubjectName.equals(name))