当前位置: 首页 > wzjs >正文

网站制作建设公司网站内容编辑

wzjs 2025/8/30 4:37:37
网站制作建设公司,网站内容编辑,织梦移动端网站模板下载地址,安徽全网优化X.500 可辨别名称 X.500 可辨别名称(Distinguished Name,简称DN),是用于在X.500目录服务中唯一标识一个条目(Entry)的名称。它由一系列相对可辨别名称(Relative Distinguished Names&#xff0…

X.500 可辨别名称

X.500 可辨别名称(Distinguished Name,简称DN),是用于在X.500目录服务中唯一标识一个条目(Entry)的名称。它由一系列相对可辨别名称(Relative Distinguished Names,简称RDNs)组成,每个RDN由一个或多个属性值对构成,这些属性值对在不同的目录级别上提供了条目的唯一标识。在X.500目录服务中,DN用于确保每个条目都可以被唯一地识别和访问。

例如,一个X.500 DN可能看起来像这样:

CN=John Doe,OU=Users,DC=example,DC=com

在这个例子中:

  • CN=John Doe 是一个RDN,表示通用名称(Common Name)为“John Doe”。

  • OU=Users 是另一个RDN,表示组织单位(Organizational Unit)为“Users”。

  • DC=example 和 DC=com 是额外的RDNs,表示域组件(Domain Component)分别为“example”和“com”。

X.500 DN在多种应用中被使用,包括在公钥基础设施(PKI)中标识证书持有者,以及在轻量级目录访问协议(LDAP)中标识目录条目。

X500Principal 使用示例

X500Principal 类用于表示X.500可辨别名称(Distinguished Name, DN)。它通常用于处理与安全相关的操作,例如在公钥基础设施(PKI)中处理X.509证书的主题或颁发者名称。

import javax.security.auth.x500.X500Principal;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.io.FileInputStream;public class X500PrincipalExample {public static void main(String[] args) {try {// 加载X.509证书FileInputStream fis = new FileInputStream("path/to/your/certificate.crt");CertificateFactory cf = CertificateFactory.getInstance("X.509");X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);fis.close();// 获取证书的主题DNX500Principal subjectDN = cert.getSubjectX500Principal();System.out.println("Subject DN: " + subjectDN.getName());// 获取证书的颁发者DNX500Principal issuerDN = cert.getIssuerX500Principal();System.out.println("Issuer DN: " + issuerDN.getName());// 使用X500Principal的构造函数创建一个新的DNX500Principal newDN = new X500Principal("CN=John Doe, OU=Users, O=Example Corp, C=US");System.out.println("New DN: " + newDN.getName());} catch (Exception e) {e.printStackTrace();}}
}

X500Name (BouncyCastle)使用示例

X500Name 类是用于表示X.500可辨别名称(Distinguished Name, DN)的另一种方式。它通常用于处理与安全相关的操作,例如在公钥基础设施(PKI)中处理X.509证书的主题或颁发者名称。X500Name 类通常与BouncyCastle库一起使用,因为它是BouncyCastle库的一部分,而不是标准JDK的一部分。

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.io.FileInputStream;public class X500NameExample {public static void main(String[] args) {try {// 加载X.509证书FileInputStream fis = new FileInputStream("path/to/your/certificate.crt");CertificateFactory cf = CertificateFactory.getInstance("X.509");X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);fis.close();// 将X509Certificate转换为X500NameJcaX509CertificateHolder certHolder = new JcaX509CertificateHolder(cert);X500Name subjectDN = certHolder.getSubject();X500Name issuerDN = certHolder.getIssuer();// 输出主题DNSystem.out.println("Subject DN: " + subjectDN.toString());// 输出颁发者DNSystem.out.println("Issuer DN: " + issuerDN.toString());// 获取主题DN中的特定属性(例如通用名称CN)String commonName = IETFUtils.valueToString(subjectDN.getRDNs(BCStyle.CN)[0].getFirst().getValue());System.out.println("Common Name (CN): " + commonName);// 创建一个新的X500NameX500Name newDN = new X500Name("CN=John Doe, OU=Users, O=Example Corp, C=US");System.out.println("New DN: " + newDN.toString());} catch (Exception e) {e.printStackTrace();}}
}

X500NameBuilder 新建X500Name 示例

X500NameBuilder 是BouncyCastle库提供的一个工具类,用于构建 X500Name 对象。X500NameBuilder 提供了一种灵活的方式来创建和自定义X.500可辨别名称(Distinguished Name, DN)。

  • 使用 addRDN 方法添加相对可辨别名称(RDN)。

  • 每个RDN由一个属性类型(如 BCStyle.CN)和一个属性值(如 "John Doe")组成。

  • 常用的属性类型包括:

    • BCStyle.CN:通用名称(Common Name)

    • BCStyle.OU:组织单位(Organizational Unit)

    • BCStyle.O:组织名称(Organization)

    • BCStyle.L:地点(Locality)

    • BCStyle.ST:州/省(State or Province)

    • BCStyle.C:国家代码(Country Code)

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;public class X500NameBuilderExample {public static void main(String[] args) {// 创建X500NameBuilder实例X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);// 添加属性到DNbuilder.addRDN(BCStyle.CN, "John Doe"); // 通用名称 (Common Name)builder.addRDN(BCStyle.OU, "Engineering"); // 组织单位 (Organizational Unit)builder.addRDN(BCStyle.O, "Example Corp"); // 组织名称 (Organization)builder.addRDN(BCStyle.L, "New York"); // 地点 (Locality)builder.addRDN(BCStyle.ST, "NY"); // 州/省 (State or Province)builder.addRDN(BCStyle.C, "US"); // 国家代码 (Country Code)// 构建X500Name对象X500Name x500Name = builder.build();// 输出X500NameSystem.out.println("X500Name: " + x500Name.toString());}
}

X500NameBuilder 修改X500Name 示例

X500Name originalName = new X500Name("CN=Alice, OU=Development, O=Example Corp, C=US");// 使用X500NameBuilder从现有名称构建
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
for (var rdn : originalName.getRDNs()) {builder.addRDN(rdn.getFirst());
}// 添加新属性
builder.addRDN(BCStyle.OU, "Engineering");// 构建新的X500Name
X500Name newName = builder.build();
System.out.println("New X500Name: " + newName.toString());

公钥证书

1. X509v1CertificateBuilder

  • 用途:用于构建X.509版本1(v1)证书。

  • 特点

    • X.509 v1 证书是最简单的证书格式,仅包含基本字段,如主题名称、颁发者名称、有效期和公钥。

    • 不支持扩展:X.509 v1 证书没有扩展字段,因此无法添加自定义扩展(如密钥用途、扩展密钥用途等)。

    • 使用场景:由于功能有限,X.509 v1 证书在现代应用中较少使用,通常用于简单的场景或兼容旧系统。

2. X509v2AttributeCertificateBuilder

  • 用途:用于构建X.509版本2(v2)属性证书。

  • 特点

    • 属性证书(Attribute Certificate)与传统的公钥证书不同,它不包含公钥,而是包含与某个实体(通常是公钥证书的持有者)相关的属性信息。

    • 属性证书通常用于基于角色的访问控制(RBAC)或其他与权限相关的场景。

    • 支持扩展:X.509 v2 属性证书可以包含扩展字段。

3. X509v3CertificateBuilder

  • 用途:用于构建X.509版本3(v3)证书。

  • 特点

    • X.509 v3 证书是最常用的证书格式,支持扩展字段。

    • 支持扩展:X.509 v3 证书可以包含各种扩展字段,如密钥用途(Key Usage)、扩展密钥用途(Extended Key Usage)、主题备用名称(Subject Alternative Name)等。

    • 使用场景:X.509 v3 证书广泛应用于现代PKI(公钥基础设施)中,例如SSL/TLS证书、代码签名证书、客户端身份验证证书等。

创建一个基础的公钥证书

    /*** Calculate a date in seconds (suitable for the PKIX profile - RFC 5280)** @param hoursInFuture hours ahead of now, may be negative.* @return a Date set to now + (hoursInFuture * 60 * 60) seconds*/public static Date calculateDate(int hoursInFuture){long secs = System.currentTimeMillis() / 1000;return new Date((secs + (hoursInFuture * 60 * 60)) * 1000);}private static long serialNumberBase = System.currentTimeMillis();/*** Calculate a serial number using a monotonically increasing value.** @return a BigInteger representing the next serial number in the sequence.*/public static synchronized BigInteger calculateSerialNumber(){return BigInteger.valueOf(serialNumberBase++);}/*** Build a sample self-signed V1 certificate to use as a trust anchor, or* root certificate.** @param keyPair the key pair to use for signing and providing the*                public key.* @param sigAlg the signature algorithm to sign the certificate with.* @return an X509CertificateHolder containing the V1 certificate.*/public static X509CertificateHolder createTrustAnchor(KeyPair keyPair, String sigAlg)throws OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo Root Certificate");X500Name name = x500NameBld.build();X509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(name,calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),name,keyPair.getPublic());ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(keyPair.getPrivate());return certBldr.build(signer);}

调用示例

    public static X509KeyCertPair createTrustCert()throws GeneralSecurityException, OperatorCreationException{KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair trustKp = kpGen.generateKeyPair();X509CertificateHolder trustCert =createTrustAnchor(trustKp, "SHA256withECDSA");return new X509KeyCertPair(trustKp, trustCert);}

转换X509CertificateHolder为X509Certificate

    /*** Simple method to convert an X509CertificateHolder to an X509Certificate* using the java.security.cert.CertificateFactory class.*/public static X509Certificate convertX509CertificateHolder(X509CertificateHolder certHolder)throws GeneralSecurityException, IOException{CertificateFactory cFact = CertificateFactory.getInstance("X.509", "BC");return (X509Certificate)cFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));}

创建带有扩展的CA证书

    /*** Build a sample V3 intermediate certificate that can be used as a CA* certificate.** @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @param followingCACerts* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createIntermediateCertificate(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey, int followingCACerts)throws CertIOException, GeneralSecurityException,OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo Intermediate Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(followingCACerts)).addExtension(Extension.keyUsage,true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyCertSign| KeyUsage.cRLSign));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}

调用示例

    public static X509KeyCertPair createInterCert(X509KeyCertPair trustPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey trustAnchorKey = trustPair.getKeyPair().getPrivate();X509CertificateHolder trustCert = trustPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair caKp = kpGen.generateKeyPair();X509CertificateHolder caCert =createIntermediateCertificate(trustCert,trustAnchorKey,"SHA256withECDSA", caKp.getPublic(), 0);return new X509KeyCertPair(caKp, caCert);}

创建终端实体证书

    /*** Create a general end-entity certificate for use in verifying digital* signatures.* * @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createEndEntity(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey)throws CertIOException, GeneralSecurityException,OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo End-Entity Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder   certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(false)).addExtension(Extension.keyUsage,true, new KeyUsage(KeyUsage.digitalSignature));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}

调用示例

    public static X509KeyCertPair createEECert(X509KeyCertPair caPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey caPrivKey = caPair.getKeyPair().getPrivate();X509CertificateHolder caCert = caPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair eeKp = kpGen.generateKeyPair();X509CertificateHolder eeCert =createEndEntity(caCert, caPrivKey, "SHA256withECDSA", eeKp.getPublic());return new X509KeyCertPair(eeKp, eeCert);}

使用ExtendedKeyUsage

    /*** Create a special purpose end entity cert which is associated with a* particular key purpose.* * @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @param keyPurpose the specific KeyPurposeId to associate with this*                   certificate's public key.* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createSpecialPurposeEndEntity(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey, KeyPurposeId keyPurpose)throws OperatorCreationException, CertIOException,GeneralSecurityException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo End-Entity Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder   certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(false)).addExtension(Extension.extendedKeyUsage,true, new ExtendedKeyUsage(keyPurpose));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}

调用示例

    public static X509KeyCertPair createEESpecCert(X509KeyCertPair caPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey caPrivKey = caPair.getKeyPair().getPrivate();X509CertificateHolder caCert = caPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair specEEKp = kpGen.generateKeyPair();X509CertificateHolder specEECert =createSpecialPurposeEndEntity(caCert, caPrivKey,"SHA256withECDSA",specEEKp.getPublic(),KeyPurposeId.id_kp_timeStamping);return new X509KeyCertPair(specEEKp, specEECert);}

属性证书

    public static X509AttributeCertificateHolder createAttributeCertificate(X509CertificateHolder issuerCert, PrivateKey issuerKey, String sigAlg,X509CertificateHolder holderCert, String holderRoleUri)throws OperatorCreationException{X509v2AttributeCertificateBuilder acBldr =new X509v2AttributeCertificateBuilder(new AttributeCertificateHolder(holderCert),new AttributeCertificateIssuer(issuerCert.getSubject()),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 7));GeneralName roleName = new GeneralName(GeneralName.uniformResourceIdentifier, holderRoleUri);acBldr.addAttribute(X509AttributeIdentifiers.id_at_role, new RoleSyntax(roleName));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(issuerKey);return acBldr.build(signer);}

调用示例

    public static X509AttributeCertificateHolder createAttrCertSample(PrivateKey issuerSigningKey,  X509CertificateHolder issuerCert, X509CertificateHolder holderCert)throws OperatorCreationException{X509AttributeCertificateHolder attrCert =createAttributeCertificate(issuerCert,issuerSigningKey,"SHA256withECDSA", holderCert, "id://DAU123456789");return attrCert;}

附录(完整代码)

package chapter8;import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.*;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;/*** Example methods showing generation and verification of X.509 certificates*/
public class JcaX509Certificate
{/*** Calculate a date in seconds (suitable for the PKIX profile - RFC 5280)** @param hoursInFuture hours ahead of now, may be negative.* @return a Date set to now + (hoursInFuture * 60 * 60) seconds*/public static Date calculateDate(int hoursInFuture){long secs = System.currentTimeMillis() / 1000;return new Date((secs + (hoursInFuture * 60 * 60)) * 1000);}private static long serialNumberBase = System.currentTimeMillis();/*** Calculate a serial number using a monotonically increasing value.** @return a BigInteger representing the next serial number in the sequence.*/public static synchronized BigInteger calculateSerialNumber(){return BigInteger.valueOf(serialNumberBase++);}/*** Simple method to convert an X509CertificateHolder to an X509Certificate* using the java.security.cert.CertificateFactory class.*/public static X509Certificate convertX509CertificateHolder(X509CertificateHolder certHolder)throws GeneralSecurityException, IOException{CertificateFactory cFact = CertificateFactory.getInstance("X.509", "BC");return (X509Certificate)cFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));}/*** Convert an X500Name to use the IETF style.*/public static X500Name toIETFName(X500Name name){return X500Name.getInstance(RFC4519Style.INSTANCE, name);}public static X509KeyCertPair createTrustCert()throws GeneralSecurityException, OperatorCreationException{KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair trustKp = kpGen.generateKeyPair();X509CertificateHolder trustCert =createTrustAnchor(trustKp, "SHA256withECDSA");return new X509KeyCertPair(trustKp, trustCert);}/*** Build a sample self-signed V1 certificate to use as a trust anchor, or* root certificate.** @param keyPair the key pair to use for signing and providing the*                public key.* @param sigAlg the signature algorithm to sign the certificate with.* @return an X509CertificateHolder containing the V1 certificate.*/public static X509CertificateHolder createTrustAnchor(KeyPair keyPair, String sigAlg)throws OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo Root Certificate");X500Name name = x500NameBld.build();X509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(name,calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),name,keyPair.getPublic());ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(keyPair.getPrivate());return certBldr.build(signer);}public static X509KeyCertPair createInterCert(X509KeyCertPair trustPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey trustAnchorKey = trustPair.getKeyPair().getPrivate();X509CertificateHolder trustCert = trustPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair caKp = kpGen.generateKeyPair();X509CertificateHolder caCert =createIntermediateCertificate(trustCert,trustAnchorKey,"SHA256withECDSA", caKp.getPublic(), 0);return new X509KeyCertPair(caKp, caCert);}/*** Build a sample V3 intermediate certificate that can be used as a CA* certificate.** @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @param followingCACerts* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createIntermediateCertificate(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey, int followingCACerts)throws CertIOException, GeneralSecurityException,OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo Intermediate Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(followingCACerts)).addExtension(Extension.keyUsage,true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyCertSign| KeyUsage.cRLSign));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}public static X509KeyCertPair createEECert(X509KeyCertPair caPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey caPrivKey = caPair.getKeyPair().getPrivate();X509CertificateHolder caCert = caPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair eeKp = kpGen.generateKeyPair();X509CertificateHolder eeCert =createEndEntity(caCert, caPrivKey, "SHA256withECDSA", eeKp.getPublic());return new X509KeyCertPair(eeKp, eeCert);}/*** Create a general end-entity certificate for use in verifying digital* signatures.* * @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createEndEntity(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey)throws CertIOException, GeneralSecurityException,OperatorCreationException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo End-Entity Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder   certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(false)).addExtension(Extension.keyUsage,true, new KeyUsage(KeyUsage.digitalSignature));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}public static X509KeyCertPair createEESpecCert(X509KeyCertPair caPair)throws GeneralSecurityException, OperatorCreationException, CertIOException{PrivateKey caPrivKey = caPair.getKeyPair().getPrivate();X509CertificateHolder caCert = caPair.getCert();KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");KeyPair specEEKp = kpGen.generateKeyPair();X509CertificateHolder specEECert =createSpecialPurposeEndEntity(caCert, caPrivKey,"SHA256withECDSA",specEEKp.getPublic(),KeyPurposeId.id_kp_timeStamping);return new X509KeyCertPair(specEEKp, specEECert);}/*** Create a special purpose end entity cert which is associated with a* particular key purpose.* * @param signerCert certificate carrying the public key that will later*                   be used to verify this certificate's signature.* @param signerKey private key used to generate the signature in the*                  certificate.* @param sigAlg the signature algorithm to sign the certificate with.* @param certKey public key to be installed in the certificate.* @param keyPurpose the specific KeyPurposeId to associate with this*                   certificate's public key.* @return an X509CertificateHolder containing the V3 certificate.*/public static X509CertificateHolder createSpecialPurposeEndEntity(X509CertificateHolder signerCert, PrivateKey signerKey,String sigAlg, PublicKey certKey, KeyPurposeId keyPurpose)throws OperatorCreationException, CertIOException,GeneralSecurityException{X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "AU").addRDN(BCStyle.ST, "Victoria").addRDN(BCStyle.L, "Melbourne").addRDN(BCStyle.O, "The Legion of the Bouncy Castle").addRDN(BCStyle.CN, "Demo End-Entity Certificate");X500Name subject = x500NameBld.build();X509v3CertificateBuilder   certBldr = new JcaX509v3CertificateBuilder(signerCert.getSubject(),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 31),subject,certKey);JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();certBldr.addExtension(Extension.authorityKeyIdentifier,false, extUtils.createAuthorityKeyIdentifier(signerCert)).addExtension(Extension.subjectKeyIdentifier,false, extUtils.createSubjectKeyIdentifier(certKey)).addExtension(Extension.basicConstraints,true, new BasicConstraints(false)).addExtension(Extension.extendedKeyUsage,true, new ExtendedKeyUsage(keyPurpose));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(signerKey);return certBldr.build(signer);}/*** Extract the DER encoded value octets of an extension from a JCA* X509Certificate.** @param cert the certificate of interest.* @param extensionOID the OID associated with the extension of interest.* @return the DER encoding inside the extension, null if extension missing.*/public static byte[] extractExtensionValue(X509Certificate cert,ASN1ObjectIdentifier extensionOID){byte[] octString = cert.getExtensionValue(extensionOID.getId());if (octString == null){return null;}return ASN1OctetString.getInstance(octString).getOctets();}public static X509AttributeCertificateHolder createAttrCertSample(PrivateKey issuerSigningKey,  X509CertificateHolder issuerCert, X509CertificateHolder holderCert)throws OperatorCreationException{X509AttributeCertificateHolder attrCert =createAttributeCertificate(issuerCert,issuerSigningKey,"SHA256withECDSA", holderCert, "id://DAU123456789");return attrCert;}public static X509AttributeCertificateHolder createAttributeCertificate(X509CertificateHolder issuerCert, PrivateKey issuerKey, String sigAlg,X509CertificateHolder holderCert, String holderRoleUri)throws OperatorCreationException{X509v2AttributeCertificateBuilder acBldr =new X509v2AttributeCertificateBuilder(new AttributeCertificateHolder(holderCert),new AttributeCertificateIssuer(issuerCert.getSubject()),calculateSerialNumber(),calculateDate(0),calculateDate(24 * 7));GeneralName roleName = new GeneralName(GeneralName.uniformResourceIdentifier, holderRoleUri);acBldr.addAttribute(X509AttributeIdentifiers.id_at_role, new RoleSyntax(roleName));ContentSigner signer = new JcaContentSignerBuilder(sigAlg).setProvider("BC").build(issuerKey);return acBldr.build(signer);}
}

http://www.dtcms.com/wzjs/540148.html

相关文章:

  • 网站开发与设计是什么茄子直播
  • 网站推广服务网站连锁网上发布信息的网站怎么做
  • 网站上的用户注册怎么做的做系统后之前网站怎么找回
  • 网站建设 软件开发的公司深圳防疫最新政策
  • html5单页网站模板外包和劳务派遣哪个更好
  • 免费网站程序下载网站导航怎么做外链
  • wordpress模板的网站_网页字体怎么修改?重庆网站建设的意义
  • 临清市住房和城乡建设局网站湛江免费建站公司
  • 做公司网站需要的资料英文网站建设的原因
  • 重庆市公共资源交易中心网官网seo查询是什么意思
  • 网上装修公司网站策划书总裁培训班
  • 额尔古纳做网站广西网站制作
  • wordpress谷歌云网站seo排名优化工具
  • 建设小型网站系统开题报告做网站虚拟主机配置
  • 建设工程安全事故在哪个网站查图片生成链接在线工具
  • 自己的网站怎么创建网站建设交印花税嘛
  • 昆明网站建设公司猎狐科技怎么样宿州房地产网站建设
  • 搭建网站需要哪些东西wordpress+插件+h5
  • seo查询 站长工具市场营销策略有哪4种
  • 北京城乡建设官方网站网站开发 专有名词
  • 比较大气的网站开发软件的app有哪些
  • 家装公司名称wordpress seo教程网
  • 2024中国进入一级战备了吗seo搜索引擎优化介绍
  • 外贸网站推广销售品牌建设工作的意义
  • 杂志社网站建设意义标准论坛网站建设
  • 广州网站优化工具如何做网络营销直播
  • 教学资源网站建设方案优秀企业网站设计制作
  • 国家城乡建设规划部网站vps网站管理助手
  • 建大网站xp花生壳做网站
  • 网站要怎样建设wordpress divi主题