📄 extendedx509v3certificategenerator.java
字号:
package se.anatom.ejbca.ca.caadmin;import java.io.ByteArrayInputStream;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.math.BigInteger;import java.security.InvalidAlgorithmParameterException;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.SecureRandom;import java.security.Signature;import java.security.SignatureException;import java.security.cert.X509Certificate;import java.security.spec.InvalidParameterSpecException;import java.util.Date;import java.util.Hashtable;import java.util.Iterator;import java.util.Vector;import javax.security.auth.x500.X500Principal;import org.bouncycastle.asn1.ASN1EncodableVector;import org.bouncycastle.asn1.ASN1InputStream;import org.bouncycastle.asn1.ASN1Sequence;import org.bouncycastle.asn1.DERBitString;import org.bouncycastle.asn1.DEREncodable;import org.bouncycastle.asn1.DERInteger;import org.bouncycastle.asn1.DERObjectIdentifier;import org.bouncycastle.asn1.DEROctetString;import org.bouncycastle.asn1.DEROutputStream;import org.bouncycastle.asn1.DERSequence;import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;import org.bouncycastle.asn1.x509.AlgorithmIdentifier;import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;import org.bouncycastle.asn1.x509.TBSCertificateStructure;import org.bouncycastle.asn1.x509.Time;import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;import org.bouncycastle.asn1.x509.X509CertificateStructure;import org.bouncycastle.asn1.x509.X509Extension;import org.bouncycastle.asn1.x509.X509Extensions;import org.bouncycastle.asn1.x509.X509Name;import org.bouncycastle.jce.X509Principal;/** * class to produce an X.509 Version 3 certificate, this is a copy of the bc class X509V3CertificateGenerator but can also issue certificates * using the RSASSA-PSS algorithm.This class should only be used for proof of concept * * @version $Id: ExtendedX509V3CertificateGenerator.java,v 1.1.2.2 2005/11/25 08:38:07 anatom Exp $ */public class ExtendedX509V3CertificateGenerator{ private V3TBSCertificateGenerator tbsGen; private AlgorithmIdentifier sigAlgId; private String signatureAlgorithm; private Hashtable extensions = null; private Vector extOrdering = null; public ExtendedX509V3CertificateGenerator() { tbsGen = new V3TBSCertificateGenerator(); } /** * reset the generator */ public void reset() { tbsGen = new V3TBSCertificateGenerator(); extensions = null; extOrdering = null; } /** * set the serial number for the certificate. */ public void setSerialNumber( BigInteger serialNumber) { tbsGen.setSerialNumber(new DERInteger(serialNumber)); } /** * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the * certificate. */ public void setIssuerDN( X500Principal issuer) { try { tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("can't process principal: " + e); } } /** * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the * certificate. */ public void setIssuerDN( X509Name issuer) { tbsGen.setIssuer(issuer); } public void setNotBefore( Date date) { tbsGen.setStartDate(new Time(date)); } public void setNotAfter( Date date) { tbsGen.setEndDate(new Time(date)); } /** * Set the subject distinguished name. The subject describes the entity associated with the public key. */ public void setSubjectDN( X500Principal subject) { try { tbsGen.setSubject(new X509Principal(subject.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("can't process principal: " + e); } } /** * Set the subject distinguished name. The subject describes the entity associated with the public key. */ public void setSubjectDN( X509Name subject) { tbsGen.setSubject(subject); } public void setPublicKey( PublicKey key) { try { tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( new ByteArrayInputStream(key.getEncoded())).readObject())); } catch (Exception e) { throw new IllegalArgumentException("unable to process key - " + e.toString()); } } /** * Set the signature algorithm. This can be either a name or an OID, names * are treated as case insensitive. * * @param signatureAlgorithm string representation of the algorithm name. */ public void setSignatureAlgorithm( String signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; try { sigAlgId = new AlgorithmIdentifier(ExtendedX509Util.getAlgorithmOID(signatureAlgorithm), ExtendedX509Util.getAlgorithmParameters(signatureAlgorithm)); } catch (Exception e) { throw new IllegalArgumentException("Unknown signature type requested"); } tbsGen.setSignature(sigAlgId); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( String OID, boolean critical, DEREncodable value) { this.addExtension(new DERObjectIdentifier(OID), critical, value); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( DERObjectIdentifier OID, boolean critical, DEREncodable value) { if (extensions == null) { extensions = new Hashtable(); extOrdering = new Vector(); } ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); try { dOut.writeObject(value); } catch (IOException e) { throw new IllegalArgumentException("error encoding value: " + e); } this.addExtension(OID, critical, bOut.toByteArray()); } /** * add a given extension field for the standard extensions tag (tag 3) * The value parameter becomes the contents of the octet string associated * with the extension. */ public void addExtension( String OID, boolean critical, byte[] value) { this.addExtension(new DERObjectIdentifier(OID), critical, value); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( DERObjectIdentifier OID, boolean critical, byte[] value) { if (extensions == null) { extensions = new Hashtable(); extOrdering = new Vector(); } extensions.put(OID, new X509Extension(critical, new DEROctetString(value))); extOrdering.addElement(OID); } /** * generate an X509 certificate, based on the current issuer and subject * using the default provider "BC". */ public X509Certificate generateX509Certificate( PrivateKey key) throws SecurityException, SignatureException, InvalidKeyException { try { return generateX509Certificate(key, "BC", null); } catch (NoSuchProviderException e) { throw new SecurityException("BC provider not installed!"); } } /** * generate an X509 certificate, based on the current issuer and subject * using the default provider "BC", and the passed in source of randomness * (if required). */ public X509Certificate generateX509Certificate( PrivateKey key, SecureRandom random) throws SecurityException, SignatureException, InvalidKeyException { try { return generateX509Certificate(key, "BC", random); } catch (NoSuchProviderException e) { throw new SecurityException("BC provider not installed!"); } } /** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing. */ public X509Certificate generateX509Certificate( PrivateKey key, String provider) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException { return generateX509Certificate(key, provider, null); } static Signature getSignature( AlgorithmIdentifier algId, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidParameterSpecException, InvalidAlgorithmParameterException { final DERObjectIdentifier objId = algId.getObjectId(); final Signature sig; if (provider!=null) sig = Signature.getInstance(objId.getId(), provider); else sig = Signature.getInstance(objId.getId()); if ( objId.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) ) { throw new NoSuchProviderException("RSASSA-PSS Signing Algorithm isn't supported in jdk 1.4"); } return sig; } /** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing and the supplied source * of randomness, if required. */ public X509Certificate generateX509Certificate( PrivateKey key, String provider, SecureRandom random) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException { Signature sig = null; if (sigAlgId.getObjectId().getId() == null) { throw new IllegalStateException("no signature algorithm specified"); } try { sig = getSignature(sigAlgId, provider); } catch (Exception ex) { try { sig = Signature.getInstance(signatureAlgorithm, provider); } catch (NoSuchAlgorithmException e) { throw new SecurityException("exception creating signature: " + e.toString()); } } if (random != null) { sig.initSign(key, random); } else { sig.initSign(key); } if (extensions != null) { tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); } TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(tbsCert); sig.update(bOut.toByteArray()); } catch (Exception e) { throw new SecurityException("exception encoding TBS cert - " + e); } ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(sig.sign())); return new ExtendedX509CertificateObject(new X509CertificateStructure(new DERSequence(v))); } /** * Return an iterator of the signature names supported by the generator. * * @return an iterator containing recognised names. */ public Iterator getSignatureAlgNames() { return ExtendedX509Util.getAlgNames(); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -