1. 包列表
  2. 类列表
  3. org.bouncycastle.asn1.x509.KeyUsage

Java 类org.bouncycastle.asn1.x509.KeyUsage 实例源码

项目:ipack    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:gwt-crypto    文件:KeyUsageValidation.java    
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
    throws CertPathValidationException
{
    context.addHandledExtension(Extension.keyUsage);

    if (!context.isEndEntity())
    {
        KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

        if (usage != null)
        {
            if (!usage.hasUsages(KeyUsage.keyCertSign))
            {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        }
        else
        {
            if (isMandatory)
            {
                throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
            }
        }
    }
}
项目:gwt-crypto    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:photon-model    文件:CertificateUtil.java    
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate)
        throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
    List<ExtensionHolder> extensions = new ArrayList<>();

    // SSO forces us to allow data encipherment
    extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature
                    | KeyUsage.keyEncipherment
                    | KeyUsage.dataEncipherment)));

    extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)));

    Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false,
            new DEROctetString(new JcaX509ExtensionUtils()
                    .createAuthorityKeyIdentifier(issuerCertificate)));
    extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(),
            authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue()));

    return extensions;
}
项目:dcos-commons    文件:TLSArtifactsGenerator.java    
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
        throws IOException, OperatorCreationException {
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(
                    new KeyPurposeId[] {
                            KeyPurposeId.id_kp_clientAuth,
                            KeyPurposeId.id_kp_serverAuth
                    }
            ));
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());

    PKCS10CertificationRequest csr =
            new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
            .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
            .build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    return PEMUtils.toPEM(csr);
}
项目:Aki-SSL    文件:KeyUsageValidation.java    
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
    throws CertPathValidationException
{
    context.addHandledExtension(Extension.keyUsage);

    if (!context.isEndEntity())
    {
        KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

        if (usage != null)
        {
            if (!usage.hasUsages(KeyUsage.keyCertSign))
            {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        }
        else
        {
            if (isMandatory)
            {
                throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
            }
        }
    }
}
项目:Aki-SSL    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:credhub    文件:CertificateReaderTest.java    
@Test
public void givenASelfSignedCertificate_setsCertificateFieldsCorrectly() {
  final String distinguishedName =
      "O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
  final GeneralNames generalNames = new GeneralNames(
      new GeneralName(GeneralName.dNSName, "SolarSystem"));

  CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);

  assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
  assertThat(certificateReader.getKeyLength(), equalTo(4096));
  assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
  assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
      containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
  assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
      equalTo(true));
  assertThat(certificateReader.getDurationDays(), equalTo(30));
  assertThat(certificateReader.isSelfSigned(), equalTo(false));
  assertThat(certificateReader.isCa(), equalTo(false));
}
项目:credhub    文件:CertificateReaderTest.java    
@Test
public void returnsParametersCorrectly() {
  final String distinguishedName =
      "O=test-org, ST=Jupiter, C=MilkyWay, CN=test-common-name, OU=test-org-unit, L=Europa";
  final GeneralNames generalNames = new GeneralNames(
      new GeneralName(GeneralName.dNSName, "SolarSystem"));

  CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.BIG_TEST_CERT);

  assertThat(certificateReader.getAlternativeNames(), equalTo(generalNames));
  assertThat(asList(certificateReader.getExtendedKeyUsage().getUsages()),
      containsInAnyOrder(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth));
  assertThat(certificateReader.getKeyUsage().hasUsages(KeyUsage.digitalSignature),
      equalTo(true));
  assertThat(certificateReader.getSubjectName().toString(), equalTo(distinguishedName));
}
项目:keystore-explorer    文件:DKeyUsage.java    
private void prepopulateWithValue(byte[] value) throws IOException {
    @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed
    DERBitString keyUsage = DERBitString.getInstance(new ASN1InputStream(value).readObject());

    int keyUsageValue = keyUsage.intValue();

    jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature));
    jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation));
    jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment));
    jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment));
    jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement));
    jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign));
    jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign));
    jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly));
    jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly));
}
项目:dss    文件:CertificateService.java    
private CertificateToken generateRootCertificateWithCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey,
        PublicKey publicKey, Date notBefore, Date notAfter) throws Exception {

    // generate certificate
    final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());

    final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
            new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);

    certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));

    // Sign the new certificate with the private key of the trusted third
    final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey);
    final X509CertificateHolder holder = certBuilder.build(signer);

    final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
            .generateCertificate(new ByteArrayInputStream(holder.getEncoded()));

    return new CertificateToken(cert);
}
项目:dss    文件:CertificateService.java    
private CertificateToken generateRootCertificateWithoutCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey,
        PublicKey publicKey, Date notBefore, Date notAfter) throws Exception {

    // generate certificate
    final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());

    final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer,
            new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);

    certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));

    // Sign the new certificate with the private key of the trusted third
    final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey);
    final X509CertificateHolder holder = certBuilder.build(signer);

    final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509")
            .generateCertificate(new ByteArrayInputStream(holder.getEncoded()));

    return new CertificateToken(cert);
}
项目:TinyTravelTracker    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:runrightfast-vertx    文件:CertificateServiceImplTest.java    
private CaCert caCert() throws NoSuchAlgorithmException, NoSuchProviderException {
    final DistinguishedName issuer = issuer();

    final X500Principal issuerPrincipal = issuer.toX500Principal();

    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE);
    final KeyPair certKeyPair = keyPairGenerator.generateKeyPair();

    final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder()
            .add(keyUsage(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)))
            .build();
    final SelfSignedX509V3CertRequest selfSignedRequest = new SelfSignedX509V3CertRequest(
            issuerPrincipal,
            BigInteger.ONE,
            Instant.now(),
            Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)),
            certKeyPair,
            x509CertExtensions,
            new BasicConstraints(Integer.MAX_VALUE)
    );

    return new CaCert(certificateService.generateSelfSignedX509CertificateV3(selfSignedRequest), certKeyPair.getPrivate());
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testDigitalSignatureKeyUsage() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setDigitalSignatureFilter(true);

    // operate
    this.testedInstance.check(certificate);
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testDigitalSignatureNoNonRepudiationKeyUsage() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setDigitalSignatureFilter(true);
    this.testedInstance.setNonRepudiationFilter(false);

    // operate
    this.testedInstance.check(certificate);
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageKeyEncipherment()
        throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.keyEncipherment);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setKeyEnciphermentFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageDataEncipherment()
        throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.dataEncipherment);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setDataEnciphermentFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageKeyAgreement() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.keyAgreement);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setKeyAgreementFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageKeyCertSign() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setKeyCertificateSigningFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageCrlSign() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.cRLSign);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setCRLSigningFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageEncypherOnly() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.encipherOnly);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setEncipherOnlyFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnUnexpectedKeyUsageDecypherOnly() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.decipherOnly);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setDecipherOnlyFilter(false);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:jtrust    文件:KeyUsageCertificateConstraintTest.java    
@Test
public void testFailingOnMissingKeyUsage() throws Exception {
    // setup
    KeyPair keyPair = PKITestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    KeyUsage keyUsage = new KeyUsage(KeyUsage.decipherOnly);
    X509Certificate certificate = PKITestUtils
            .generateSelfSignedCertificate(keyPair, "CN=Test", notBefore,
                    notAfter, true, 0, null, keyUsage);

    this.testedInstance.setCRLSigningFilter(true);

    // operate
    try {
        this.testedInstance.check(certificate);
        fail();
    } catch (TrustLinkerResultException e) {
        assertEquals(TrustLinkerResultReason.CONSTRAINT_VIOLATION,
                e.getReason());
    }
}
项目:CryptMeme    文件:TestUtils.java    
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
    certGen.setPublicKey(intKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    return certGen.generate(caKey, "BC");
}
项目:CryptMeme    文件:TestUtils.java    
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
    certGen.setPublicKey(entityKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    return certGen.generate(caKey, "BC");
}
项目:CryptMeme    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:jqm    文件:CertificateRequest.java    
public void generateCA(String prettyName)
{
    this.prettyName = prettyName;

    Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR";
    size = 4096;

    EKU = new KeyPurposeId[4];
    EKU[0] = KeyPurposeId.id_kp_codeSigning;
    EKU[1] = KeyPurposeId.id_kp_serverAuth;
    EKU[2] = KeyPurposeId.id_kp_clientAuth;
    EKU[3] = KeyPurposeId.id_kp_emailProtection;

    keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign;

    generateAll();
}
项目:irma_future_id    文件:KeyUsageValidation.java    
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
    throws CertPathValidationException
{
    context.addHandledExtension(Extension.keyUsage);

    if (!context.isEndEntity())
    {
        KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

        if (usage != null)
        {
            if (!usage.hasUsages(KeyUsage.keyCertSign))
            {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        }
        else
        {
            if (isMandatory)
            {
                throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
            }
        }
    }
}
项目:irma_future_id    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:irma_future_id    文件:TestUtils.java    
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
    certGen.setPublicKey(intKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    return certGen.generate(caKey, "BC");
}
项目:irma_future_id    文件:TestUtils.java    
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
    certGen.setPublicKey(entityKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    return certGen.generate(caKey, "BC");
}
项目:bc-java    文件:KeyUsageValidation.java    
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
    throws CertPathValidationException
{
    context.addHandledExtension(Extension.keyUsage);

    if (!context.isEndEntity())
    {
        KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

        if (usage != null)
        {
            if (!usage.hasUsages(KeyUsage.keyCertSign))
            {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        }
        else
        {
            if (isMandatory)
            {
                throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
            }
        }
    }
}
项目:bc-java    文件:TlsUtils.java    
static void validateKeyUsage(org.bouncycastle.asn1.x509.Certificate c, int keyUsageBits)
    throws IOException
{
    Extensions exts = c.getTBSCertificate().getExtensions();
    if (exts != null)
    {
        KeyUsage ku = KeyUsage.fromExtensions(exts);
        if (ku != null)
        {
            int bits = ku.getBytes()[0] & 0xff;
            if ((bits & keyUsageBits) != keyUsageBits)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
    }
}
项目:bc-java    文件:TestUtils.java    
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
    certGen.setPublicKey(intKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    return certGen.generate(caKey, "BC");
}
项目:bc-java    文件:TestUtils.java    
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)
    throws Exception
{
    X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
    certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
    certGen.setPublicKey(entityKey);
    certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    return certGen.generate(caKey, "BC");
}
项目:cagrid-core    文件:CertUtil.java    
public static X509Certificate generateCACertificate(String provider, X509Name subject, Date start, Date expired,
    KeyPair pair, int numberOfCAs, String signartureAlgorthm) throws InvalidKeyException, NoSuchProviderException,
    SignatureException, IOException {
    // generate the certificate
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(subject);
    certGen.setNotBefore(start);
    certGen.setNotAfter(expired);
    certGen.setSubjectDN(subject);
    certGen.setPublicKey(pair.getPublic());
    certGen.setSignatureAlgorithm(signartureAlgorthm);
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(numberOfCAs));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
        | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
        new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));

    SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
        new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
    return certGen.generateX509Certificate(pair.getPrivate(), provider);
}
项目:cagrid2    文件:CertUtil.java    
public static X509Certificate generateCACertificate(String provider, X509Name subject, Date start, Date expired,
    KeyPair pair, int numberOfCAs, String signartureAlgorthm) throws InvalidKeyException, NoSuchProviderException,
    SignatureException, IOException {
    // generate the certificate
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(subject);
    certGen.setNotBefore(start);
    certGen.setNotAfter(expired);
    certGen.setSubjectDN(subject);
    certGen.setPublicKey(pair.getPublic());
    certGen.setSignatureAlgorithm(signartureAlgorthm);
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(numberOfCAs));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
        | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
        new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));

    SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
        new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
    return certGen.generateX509Certificate(pair.getPrivate(), provider);
}
项目:cagrid2    文件:CertUtil.java    
public static X509Certificate generateCACertificate(String provider, X509Name subject, Date start, Date expired, KeyPair pair, int numberOfCAs, String signatureAlgorthm)
        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException {
    // generate the certificate
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(subject);
    certGen.setNotBefore(start);
    certGen.setNotAfter(expired);
    certGen.setSubjectDN(subject);
    certGen.setPublicKey(pair.getPublic());
    certGen.setSignatureAlgorithm(signatureAlgorthm);
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(numberOfCAs));
    certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(spki));

    SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(pair.getPublic().getEncoded())).readObject());
    certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
    return certGen.generate(pair.getPrivate(), provider);
}