📄 certtest.java
字号:
certGen.setSubjectDN(new X509Principal(attrs)); certGen.setPublicKey(pubKey); certGen.setSignatureAlgorithm("SHA1withDSA"); try { X509Certificate cert = certGen.generateX509Certificate(privKey); cert.checkValidity(new Date()); cert.verify(pubKey); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); cert = (X509Certificate)fact.generateCertificate(bIn); // System.out.println(cert); } catch (Exception e) { fail("error setting generating cert - " + e.toString()); } // // create the certificate - version 1 // X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); certGen1.setSerialNumber(BigInteger.valueOf(1)); certGen1.setIssuerDN(new X509Principal(attrs)); certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen1.setSubjectDN(new X509Principal(attrs)); certGen1.setPublicKey(pubKey); certGen1.setSignatureAlgorithm("SHA1withDSA"); try { X509Certificate cert = certGen1.generateX509Certificate(privKey); cert.checkValidity(new Date()); cert.verify(pubKey); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); cert = (X509Certificate)fact.generateCertificate(bIn); //System.out.println(cert); } catch (Exception e) { fail("error setting generating cert - " + e.toString()); } } /** * we generate a self signed certificate for the sake of testing - ECDSA */ public void checkCreation3() { ECCurve curve = new ECCurve.Fp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECParameterSpec spec = new ECParameterSpec( curve, curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec( new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d spec); ECPublicKeySpec pubKeySpec = new ECPublicKeySpec( curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q spec); // // set up the keys // PrivateKey privKey; PublicKey pubKey; try { KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); privKey = fact.generatePrivate(privKeySpec); pubKey = fact.generatePublic(pubKeySpec); } catch (Exception e) { fail("error setting up keys - " + e.toString()); return; } // // distinguished name table. // Hashtable attrs = new Hashtable(); Vector order = new Vector(); attrs.put(X509Principal.C, "AU"); attrs.put(X509Principal.O, "The Legion of the Bouncy Castle"); attrs.put(X509Principal.L, "Melbourne"); attrs.put(X509Principal.ST, "Victoria"); attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org"); order.addElement(X509Principal.C); order.addElement(X509Principal.O); order.addElement(X509Principal.L); order.addElement(X509Principal.ST); order.addElement(X509Principal.E); // // toString test // X509Principal p = new X509Principal(order, attrs); String s = p.toString(); if (!s.equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne,ST=Victoria,E=feedback-crypto@bouncycastle.org")) { fail("ordered X509Principal test failed - s = " + s + "."); } p = new X509Principal(attrs); s = p.toString(); // // we need two of these as the hash code for strings changed... // if (!s.equals("O=The Legion of the Bouncy Castle,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU") && !s.equals("ST=Victoria,L=Melbourne,C=AU,E=feedback-crypto@bouncycastle.org,O=The Legion of the Bouncy Castle")) { fail("unordered X509Principal test failed."); } // // create the certificate - version 3 // X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Principal(order, attrs)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X509Principal(order, attrs)); certGen.setPublicKey(pubKey); certGen.setSignatureAlgorithm("ECDSAwithSHA1"); try { X509Certificate cert = certGen.generateX509Certificate(privKey); cert.checkValidity(new Date()); cert.verify(pubKey); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); cert = (X509Certificate)fact.generateCertificate(bIn); // // try with point compression turned off // ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED"); certGen.setPublicKey(pubKey); cert = certGen.generateX509Certificate(privKey); cert.checkValidity(new Date()); cert.verify(pubKey); bIn = new ByteArrayInputStream(cert.getEncoded()); fact = CertificateFactory.getInstance("X.509", "BC"); cert = (X509Certificate)fact.generateCertificate(bIn); // System.out.println(cert); } catch (Exception e) { fail("error setting generating cert - " + e.toString()); } X509Principal pr = new X509Principal("O=\"The Bouncy Castle, The Legion of\",E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"); if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) { fail("string based X509Principal test failed."); } pr = new X509Principal("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"); if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) { fail("string based X509Principal test failed."); } } public void checkCRL( int id, byte[] bytes) { ByteArrayInputStream bIn; String dump = ""; try { bIn = new ByteArrayInputStream(bytes); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); CRL cert = fact.generateCRL(bIn); // System.out.println(cert); } catch (Exception e) { fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e); } } public void checkCRLCreation() { try { KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); KeyPair pair = kpGen.generateKeyPair(); crlGen.setIssuerDN(new X500Principal("CN=Test CA")); crlGen.setThisUpdate(now); crlGen.setNextUpdate(new Date(now.getTime() + 100000)); crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); X509CRL crl = crlGen.generateX509CRL(pair.getPrivate(), "BC"); if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA"))) { fail("failed CRL issuer test"); } byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (authExt == null) { fail("failed to find CRL extension"); } AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt); X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE); if (entry == null) { fail("failed to find CRL entry"); } if (!entry.getSerialNumber().equals(BigInteger.ONE)) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -