Java源码示例:org.bouncycastle.x509.X509V1CertificateGenerator
示例1
public static X509Certificate generateCertificate(String dn, KeyPair keyPair, int days) throws Exception {
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA1withRSA");
return certGen.generate(keyPair.getPrivate());
}
示例2
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days,
String algorithm) throws CertificateEncodingException, InvalidKeyException,
IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException,
SignatureException {
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
示例3
private X509Certificate generateCert(final KeyPair keyPair) {
Date startDate = day(-1);
Date expiryDate = day(+1);
BigInteger serialNumber = new BigInteger("1000200030004000");
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=Test CA Certificate");
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA1WITHRSA");
try {
return certGen.generate(keyPair.getPrivate());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
示例4
@SuppressWarnings("deprecation")
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws CertificateEncodingException,
InvalidKeyException,
IllegalStateException,
NoSuchProviderException, NoSuchAlgorithmException, SignatureException{
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
示例5
@SuppressWarnings("deprecation")
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws CertificateEncodingException,
InvalidKeyException,
IllegalStateException,
NoSuchProviderException, NoSuchAlgorithmException, SignatureException{
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
示例6
/**
* Generates a new, self-signed X509 V1 certificate for a KeyPair.
*
* @param pair the {@link KeyPair} to be used
* @param name X.500 distinguished name
* @return the new certificate
* @throws GeneralSecurityException on error generating the certificate
*/
@SuppressWarnings("deprecation")
public static X509Certificate generateX509V1Certificate(KeyPair pair,
String name)
throws GeneralSecurityException {
java.security.Security.addProvider(
new org.bouncycastle.jce.provider.BouncyCastleProvider());
Calendar calendar = Calendar.getInstance();
calendar.set(2009, 0, 1);
Date startDate = new Date(calendar.getTimeInMillis());
calendar.set(2029, 0, 1);
Date expiryDate = new Date(calendar.getTimeInMillis());
BigInteger serialNumber = BigInteger.valueOf(Math.abs(
System.currentTimeMillis()));
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(name);
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
// This method is deprecated, but Android Eclair does not provide the
// generate() methods.
X509Certificate cert = certGen.generateX509Certificate(pair.getPrivate(), SecurityUtil.getSecurityProvider());
return cert;
}
示例7
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair)
throws InvalidKeyException, NoSuchProviderException, SignatureException {
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal(issuer));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal(subject));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
示例8
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair)
throws InvalidKeyException, NoSuchProviderException, SignatureException {
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal(issuer));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal(subject));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
示例9
public static X509Certificate generateV1Cert(KeyPair pair) throws Exception {
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X500Principal("CN=ebay"));
certGen.setNotBefore(new Date(System.currentTimeMillis()));
certGen.setNotAfter(new Date(System.currentTimeMillis()
+ VALIDITY_PERIOD));
certGen.setSubjectDN(new X500Principal("[email protected]"));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA1WithECDSA");
return certGen.generate(pair.getPrivate(), "BC");
}
示例10
@SuppressWarnings("deprecation")
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/ public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException,
NoSuchAlgorithmException, SignatureException {
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
示例11
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws InvalidKeyException,
NoSuchProviderException, SignatureException {
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal(issuer));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal(subject));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
示例12
/**
* Generate a certificate from a public key and a signing private key.
*
* @param pk
* the key to make a certficate from
* @param signingKey
* the signer's private key
* @param name
* of the issuer
* @param name
* of the certificate holder
* @return the signed certificate.
* @throws KeyStoreException
*
*/
public X509Certificate generateCertificate(PublicKey pk, PrivateKey signingKey, String issuer,
String subject, TimeTool ttFrom, TimeTool ttUntil) throws InvalidKeyException,
NoSuchProviderException, SignatureException, CertificateEncodingException,
IllegalStateException, NoSuchAlgorithmException, KeyStoreException{
// generate the certificate
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN=" + issuer));
if (ttFrom == null) {
ttFrom = new TimeTool();
}
if (ttUntil == null) {
ttUntil = new TimeTool(ttFrom);
ttUntil.add(TimeTool.YEAR, 2);
}
certGen.setNotBefore(ttFrom.getTime());
certGen.setNotAfter(ttUntil.getTime());
certGen.setSubjectDN(new X500Principal("CN=" + subject));
certGen.setPublicKey(pk);
certGen.setSignatureAlgorithm(CERTIFICATE_SIGNATURE_ALGO);
// X509Certificate cert = certGen.generate(signingKey, "BC");
X509Certificate cert = certGen.generate(signingKey);
ks.setCertificateEntry(subject, cert);
return cert;
}
示例13
/**
* <a href="http://stackoverflow.com/questions/33788331/why-does-key-getalgorithm-return-a-different-result-after-saving-and-reloading-t">
* Why does Key.getAlgorithm return a different result after saving and reloading the KeyStore
* </a>
* <p>
* Just as the OP claims, the first output is "ECDSA", the second "EC".
* </p>
*/
@Test
public void testNameChangeAfterReload() throws GeneralSecurityException, IOException
{
String PROVIDER = "BC";
String KEY_ALGORITHM = "ECDSA";
String SIGNATURE_ALGORITHM = "SHA1WITHECDSA";
String ALIAS = "TestAlias";
char [] PASSWORD = "password".toCharArray();
String KEYSTORE = "c:/temp/keystore.p12";
Security.addProvider(new BouncyCastleProvider());
// Generate the key
Calendar calNow = Calendar.getInstance();
Calendar calLater = Calendar.getInstance();
calLater.set(Calendar.YEAR, calLater.get(Calendar.YEAR) + 25);
Date startDate = new Date(calNow.getTimeInMillis());
Date expiryDate = new Date(calLater.getTimeInMillis());
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp192r1");
KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_ALGORITHM, PROVIDER);
g.initialize(ecSpec, new SecureRandom());
KeyPair keyPair = g.generateKeyPair();
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=Test");
certGen.setSerialNumber(new BigInteger(8, new SecureRandom()));
certGen.setIssuerDN(dnName);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
X509Certificate cert = certGen.generate(keyPair.getPrivate(), PROVIDER);
// Save the keystore
KeyStore exportStore = KeyStore.getInstance("PKCS12", PROVIDER);
exportStore.load(null, null);
exportStore.setKeyEntry(ALIAS, keyPair.getPrivate(), PASSWORD, new Certificate[] { cert });
FileOutputStream out = new FileOutputStream(KEYSTORE);
exportStore.store(out, PASSWORD);
out.flush();
out.close();
// print the info from the keystore
Key keyA = exportStore.getKey(ALIAS, PASSWORD);
System.out.println(keyA.getAlgorithm());
// Reload the keystore
FileInputStream in = new FileInputStream(KEYSTORE);
exportStore.load(in, PASSWORD);
in.close();
// print the info from the reloaded keystore
Key keyB = exportStore.getKey(ALIAS, PASSWORD);
System.out.println(keyB.getAlgorithm());
}
示例14
@Deprecated
public RSAKeyFactory(SignatureAlgorithm signatureAlgorithm, String dnName)
throws InvalidParameterException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException, CertificateEncodingException {
if (signatureAlgorithm == null) {
throw new InvalidParameterException("The signature algorithm cannot be null");
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
keyGen.initialize(2048, new SecureRandom());
KeyPair keyPair = keyGen.generateKeyPair();
BCRSAPrivateCrtKey jcersaPrivateCrtKey = (BCRSAPrivateCrtKey) keyPair.getPrivate();
BCRSAPublicKey jcersaPublicKey = (BCRSAPublicKey) keyPair.getPublic();
rsaPrivateKey = new RSAPrivateKey(jcersaPrivateCrtKey.getModulus(),
jcersaPrivateCrtKey.getPrivateExponent());
rsaPublicKey = new RSAPublicKey(jcersaPublicKey.getModulus(),
jcersaPublicKey.getPublicExponent());
if (StringUtils.isNotBlank(dnName)) {
// Create certificate
GregorianCalendar startDate = new GregorianCalendar(); // time from which certificate is valid
GregorianCalendar expiryDate = new GregorianCalendar(); // time after which certificate is not valid
expiryDate.add(Calendar.YEAR, 1);
BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal principal = new X500Principal(dnName);
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(principal);
certGen.setNotBefore(startDate.getTime());
certGen.setNotAfter(expiryDate.getTime());
certGen.setSubjectDN(principal); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(signatureAlgorithm.getAlgorithm());
X509Certificate x509Certificate = certGen.generate(jcersaPrivateCrtKey, "BC");
certificate = new Certificate(signatureAlgorithm, x509Certificate);
}
}
示例15
public ECDSAKeyFactory(SignatureAlgorithm signatureAlgorithm, String dnName)
throws InvalidParameterException, NoSuchProviderException, NoSuchAlgorithmException,
InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, CertificateEncodingException {
if (signatureAlgorithm == null) {
throw new InvalidParameterException("The signature algorithm cannot be null");
}
this.signatureAlgorithm = signatureAlgorithm;
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(signatureAlgorithm.getCurve().getName());
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA", "BC");
keyGen.initialize(ecSpec, new SecureRandom());
this.keyPair = keyGen.generateKeyPair();
BCECPrivateKey privateKeySpec = (BCECPrivateKey) keyPair.getPrivate();
BCECPublicKey publicKeySpec = (BCECPublicKey) keyPair.getPublic();
BigInteger x = publicKeySpec.getQ().getXCoord().toBigInteger();
BigInteger y = publicKeySpec.getQ().getYCoord().toBigInteger();
BigInteger d = privateKeySpec.getD();
this.ecdsaPrivateKey = new ECDSAPrivateKey(d);
this.ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
if (StringUtils.isNotBlank(dnName)) {
// Create certificate
GregorianCalendar startDate = new GregorianCalendar(); // time from which certificate is valid
GregorianCalendar expiryDate = new GregorianCalendar(); // time after which certificate is not valid
expiryDate.add(Calendar.YEAR, 1);
BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal principal = new X500Principal(dnName);
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(principal);
certGen.setNotBefore(startDate.getTime());
certGen.setNotAfter(expiryDate.getTime());
certGen.setSubjectDN(principal); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WITHECDSA");
X509Certificate x509Certificate = certGen.generate(privateKeySpec, "BC");
this.certificate = new Certificate(signatureAlgorithm, x509Certificate);
}
}
