package com.liwl.cert;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import java.io.IOException;
import java.security.PublicKey;
/**
* 扩展
*
* @author Liwl
*/
public class ExtensionUtils {
/**
* 基本约束
*
* @return 基本约束 Extension
*/
public static Extension getBasicConstraintsExtension(boolean isCAPublicKey) throws IOException {
// Other used this
// Extension extension;
// if (isCAPublicKey) {
// extension = new Extension(
// Extension.basicConstraints, true, new BasicConstraints(3).toASN1Primitive().getEncoded());
// } else {
// extension = new Extension(
// Extension.basicConstraints, false, new BasicConstraints(0).toASN1Primitive().getEncoded());
// }
// CI used this
Extension extension = new Extension(
Extension.basicConstraints, true, new BasicConstraints(isCAPublicKey).toASN1Primitive().getEncoded());
return extension;
}
/**
* 密钥用法 default digitalSignature
*
* @return 密钥用法 Extension
* @see ExtensionUtils getKeyUsage()
*/
public static Extension getKeyUsageExtension() throws IOException {
Extension extension = new Extension(
Extension.keyUsage,
true,
// new KeyUsage(KeyUsage.digitalSignature).toASN1Primitive().getEncoded()
new X509KeyUsage(
X509KeyUsage.digitalSignature).toASN1Primitive().getEncoded());
return extension;
}
/**
* 增强密钥用法
*
* @return 增强密钥用法 Extension
*/
public static Extension getExtendedKeyUsageExtension() throws IOException {
KeyPurposeId[] keyPurposeIds = new KeyPurposeId[2];
keyPurposeIds[0] = KeyPurposeId.id_kp_serverAuth;
keyPurposeIds[1] = KeyPurposeId.id_kp_clientAuth;
// keyPurposeIds[2] = KeyPurposeId.id_kp_eapOverLAN;
ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(keyPurposeIds);
Extension extension = new Extension(
Extension.extendedKeyUsage,
true,
extendedKeyUsage.toASN1Primitive().getEncoded());
return extension;
}
/**
* 添加CRL分布点
*
* @return CRL分布点
*/
public static Extension getCRLDIstPointExtension(String[] names) throws IOException {
// 建议格式: SERVER_BASE_REST_PKI_URL + issuerName + CRL_URL
// e.g. String SERVER_BASE_REST_PKI_URL = "http://localhost:8080/rest/pki/";
// String issuerName = "issuer";
// String CRL_URL = "/crl";
DistributionPoint[] distributionPoints = new DistributionPoint[names.length];
int index = 0;
for (String name : names) {
DistributionPointName distributionPoint = new DistributionPointName(
new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, name)));
distributionPoints[index] = new DistributionPoint(distributionPoint, null, null);
index++;
}
CRLDistPoint crlDistPoint = new CRLDistPoint(distributionPoints);
Extension extension = new Extension(
Extension.cRLDistributionPoints,
false,
crlDistPoint.toASN1Primitive().getEncoded());
return extension;
}
/**
* 证书策略
*
* @return Policies 证书策略
*/
public static Extension getCertificatePoliciesExtension() throws IOException {
CertificatePolicies certificatePolicies = new CertificatePolicies(
new PolicyInformation(new ASN1ObjectIdentifier("1.2.3.4.3.2.1")));
Extension extension = new Extension(
Extension.certificatePolicies,
true,
certificatePolicies.toASN1Primitive().getEncoded());
return extension;
}
/**
* 证书策略映射
*
* @return Policies 证书策略映射
*/
public static Extension getPolicyMappingsExtension() throws IOException {
// Test Data
CertPolicyId iCertPolicyId = CertPolicyId.getInstance(new ASN1ObjectIdentifier("1.2.3.4.5.6.7.8.9.0.1"));
CertPolicyId sCertPolicyId = CertPolicyId.getInstance(new ASN1ObjectIdentifier("1.2.3.4.5.6.7.8.9.0.2"));
CertPolicyId[] issuerCertPolicyIds = new CertPolicyId[2];
CertPolicyId[] subjectCertPolicyIds = new CertPolicyId[2];
issuerCertPolicyIds[0] = iCertPolicyId;
subjectCertPolicyIds[0] = sCertPolicyId;
issuerCertPolicyIds[1] = iCertPolicyId;
subjectCertPolicyIds[1] = sCertPolicyId;
// 单组
// PolicyMappings policyMappings = new PolicyMappings(iCertPolicyId, sCertPolicyId);
// 多组
PolicyMappings policyMappings = new PolicyMappings(issuerCertPolicyIds, subjectCertPolicyIds);
Extension extension = new Extension(
Extension.policyMappings,
true,
policyMappings.toASN1Primitive().getEncoded());
return extension;
}
/**
* 权限信息访问
*
* @return Extension 权限信息访问
*/
public static Extension getAuthorityInfoAccessExtension(String issuerName) throws IOException {
// 建议格式: SERVER_BASE_REST_PKI_URL + issuerName + AIA_URL
// e.g. String SERVER_BASE_REST_PKI_URL = "http://localhost:8080/rest/pki/";
// String issuerName = issuerName;
// String AIA_URL = "/cert";
AccessDescription caIssuers = new AccessDescription(
AccessDescription.id_ad_caIssuers,
new GeneralName(GeneralName.uniformResourceIdentifier,
new DERIA5String("http://www.baidu.com/rest/pki/issuer/cert")));
ASN1EncodableVector aia_ASN = new ASN1EncodableVector();
aia_ASN.add(caIssuers);
Extension extension = new Extension(
Extension.authorityInfoAccess,
false,
caIssuers.toASN1Primitive().getEncoded());
return extension;
}
/**
* 颁发者密钥标识
*
* @param publicKey 颁发者公钥
* @return 颁发者密钥标识
*/
public static Extension getAuthorityKeyIdentifierExtension(PublicKey publicKey) throws OperatorCreationException, IOException {
SubjectPublicKeyInfo subjectPublicKeyInfo = BcKeyUtil.createSubjectPublicKeyInfo(publicKey);
DigestCalculator calculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils extensionUtils = new X509ExtensionUtils(calculator);
Extension extension = new Extension(
Extension.authorityKeyIdentifier,
false,
extensionUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo).toASN1Primitive().getEncoded());
return extension;
}
/**
* 使用者密钥标识
*
* @param publicKey 使用者公钥
* @return 使用者密钥标识
*/
public static Extension getSubjectKeyIdentifierExtension(PublicKey publicKey) throws OperatorCreationException, IOException {
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
Java基于BC生成X509v3证书,以及部分扩展Extension的使用,如:BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess、AuthorityKeyIdentifier、SubjectKeyIdentifier、NameConstraints。
资源推荐
资源详情
资源评论
收起资源包目录
MyCertificateDemo.rar (11个子文件)
MyCertificateDemo
src
com
liwl
cert
ExtensionUtils.java 11KB
CertIOUtil.java 5KB
BcKeyUtil.java 4KB
CertificateUtils.java 6KB
ConvertUtil.java 11KB
RunTest.java 435B
resource
mycert_121231236.crt 790B
lib
bcpkix-jdk15on-1.60-sources.jar 487KB
bcpkix-jdk15on-1.60.jar 778KB
bcprov-jdk15on-1.60.jar 4MB
bcprov-jdk15on-1.60-sources.jar 3.42MB
共 11 条
- 1
资源评论
- Coodi1442022-07-20没什么用。。。。Java基于BC生成X509v3证书,以及部分扩展Extension的使用,如:BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess、AuthorityKeyIdentifier、SubjectKeyIdentifier、NameConstraints #毫无价值 #标题与内容不符
老李什么也不知道
- 粉丝: 3
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功