- 浏览: 162335 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
沙舟狼客:
为了方便使用可以配置到环境变量里面MINGW_HOME=C:\ ...
windows下用mingw32+sdl进行简单2d游戏开发(c语言) -
沙舟狼客:
如果安装autotools时不用gcccc相当于gcc的链接n ...
windows下用mingw32+sdl进行简单2d游戏开发(c语言) -
lirihong:
java中文乱码完全解决方案 ?? 高度很高,深度、全面度全 ...
java中文乱码完全解决方案 -
沙舟狼客:
非常适合想写windows游戏的菜鸟
windows下用mingw32+sdl进行简单2d游戏开发(c语言) -
xixilive:
噢喔~~语义全无
京东导航的jquery实现
CreateCert.java
package com.secpki.jce.demo; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileOutputStream; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Security; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.Date; import java.util.Hashtable; import java.util.Random; import java.util.Vector; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERBoolean; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTCTime; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AccessDescription; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.Attribute; import org.bouncycastle.asn1.x509.CRLDistPoint; import org.bouncycastle.asn1.x509.DistributionPoint; import org.bouncycastle.asn1.x509.DistributionPointName; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.GeneralSubtree; import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.NameConstraints; import org.bouncycastle.asn1.x509.PolicyMappings; import org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod; import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; import org.bouncycastle.asn1.x509.X509CertificateStructure; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x509.X509ExtensionsGenerator; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.X509CertificateObject; public class CreateCert { public BigInteger genCertSerial() { // BigInteger bigInteger = new BigInteger(val); byte[] b = new byte[32]; Random random = new Random(new Date().getTime()); for (int i = 0; i < 32; i++) { byte[] tmp = new byte[10]; random.nextBytes(tmp); b[i] = tmp[random.nextInt(tmp.length - 1)]; } return new BigInteger(b); } public X509Certificate createAcIssuerCert(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, final SubjectPublicKeyInfo publicKeyInfo, PrivateKey privKey) throws Exception { V3TBSCertificateGenerator certificateGenerator = new V3TBSCertificateGenerator(); certificateGenerator.setExtensions(getCertGen()); certificateGenerator.setSignature(publicKeyInfo.getAlgorithmId()); certificateGenerator.setIssuer(issuer); certificateGenerator.setSubject(subject); certificateGenerator.setSerialNumber(new DERInteger(serial)); certificateGenerator.setStartDate(new DERUTCTime(notBefore)); certificateGenerator.setEndDate(new DERUTCTime(notAfter)); certificateGenerator.setSubjectPublicKeyInfo(publicKeyInfo); System.out.println(certificateGenerator.generateTBSCertificate() .getEncoded().length); ASN1EncodableVector asn1encodablevector = new ASN1EncodableVector(); asn1encodablevector.add(certificateGenerator.generateTBSCertificate()); asn1encodablevector.add(publicKeyInfo.getAlgorithmId()); byte[] pubData = new byte[65]; pubData[0] = 0; for(byte i=1;i<pubData.length;i++){ pubData[i] = i; } byte[] signInfo = new byte[69];//..... for(byte i=1;i<pubData.length;i++){ pubData[i] = i; } asn1encodablevector.add(new DERBitString(signInfo)); X509CertificateObject cert = new X509CertificateObject(new X509CertificateStructure(new DERSequence(asn1encodablevector))); return cert; } @SuppressWarnings("deprecation") static X509Extensions getCertGen() { // 添加扩展 X509ExtensionsGenerator certGen = new X509ExtensionsGenerator(); // 基本限制 certGen.addExtension(X509Extensions.BasicConstraints, false, new DEREncodable() { @Override public DERObject getDERObject() { // TODO Auto-generated method stub ASN1EncodableVector bConstraints = new ASN1EncodableVector(); // 是否是CA证书 boolean bCA = false; bConstraints.add(new DERBoolean(bCA)); // 证书路径长度限制 int pathLenConstraint = 3; if ((pathLenConstraint >= 0) && (bCA)) bConstraints.add(new DERInteger(pathLenConstraint)); return new DERSequence(bConstraints); } }); // 密钥用法 certGen.addExtension(X509Extensions.KeyUsage, false, new DEREncodable() { @SuppressWarnings("unused") public int keyUsage; public static final int digitalSignature = (1 << 7); public static final int nonRepudiation = (1 << 6); public static final int keyEncipherment = (1 << 5); public static final int dataEncipherment = (1 << 4); public static final int keyAgreement = (1 << 3); public static final int keyCertSign = (1 << 2); public static final int cRLSign = (1 << 1); public static final int encipherOnly = (1 << 0); public static final int decipherOnly = (1 << 15); @Override public DERObject getDERObject() { // TODO Auto-generated method stub return new KeyUsage(digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly | decipherOnly); } }); // 扩展密钥用法 certGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new DEREncodable() { private static final String id_kp = "1.3.6.1.5.5.7.3"; @SuppressWarnings("unused") public final KeyPurposeId anyExtendedKeyUsage = new KeyPurposeId( X509Extensions.ExtendedKeyUsage.getId() + ".0"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_serverAuth = new KeyPurposeId( id_kp + ".1"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_clientAuth = new KeyPurposeId( id_kp + ".2"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_codeSigning = new KeyPurposeId( id_kp + ".3"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_emailProtection = new KeyPurposeId( id_kp + ".4"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_ipsecEndSystem = new KeyPurposeId( id_kp + ".5"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_ipsecTunnel = new KeyPurposeId( id_kp + ".6"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_ipsecUser = new KeyPurposeId( id_kp + ".7"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_timeStamping = new KeyPurposeId( id_kp + ".8"); public final KeyPurposeId id_kp_OCSPSigning = new KeyPurposeId( id_kp + ".9"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_dvcs = new KeyPurposeId( id_kp + ".10"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_sbgpCertAAServerAuth = new KeyPurposeId( id_kp + ".11"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_scvp_responder = new KeyPurposeId( id_kp + ".12"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_eapOverPPP = new KeyPurposeId( id_kp + ".13"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_eapOverLAN = new KeyPurposeId( id_kp + ".14"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_scvpServer = new KeyPurposeId( id_kp + ".15"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_scvpClient = new KeyPurposeId( id_kp + ".16"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_ipsecIKE = new KeyPurposeId( id_kp + ".17"); public final KeyPurposeId id_kp_capwapAC = new KeyPurposeId( id_kp + ".18"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_capwapWTP = new KeyPurposeId( id_kp + ".19"); @SuppressWarnings("unused") public final KeyPurposeId id_kp_smartcardlogon = new KeyPurposeId( "1.3.6.1.4.1.311.20.2.2"); ASN1EncodableVector extKeyUsage = new ASN1EncodableVector(); @Override public DERObject getDERObject() { // TODO Auto-generated method stub extKeyUsage.add(id_kp_OCSPSigning); extKeyUsage.add(id_kp_capwapAC); return new DERSequence(extKeyUsage); } }); // 主题备用名称 certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new DEREncodable() { @SuppressWarnings("unused") public static final int otherName = 0; @SuppressWarnings("unused") public static final int rfc822Name = 1; @SuppressWarnings("unused") public static final int dNSName = 2; @SuppressWarnings("unused") public static final int x400Address = 3; @SuppressWarnings("unused") public static final int directoryName = 4; @SuppressWarnings("unused") public static final int ediPartyName = 5; @SuppressWarnings("unused") public static final int uniformResourceIdentifier = 6; public static final int iPAddress = 7; @SuppressWarnings("unused") public static final int registeredID = 8; @Override public DERObject getDERObject() { // TODO Auto-generated method stub ASN1EncodableVector nameVector = new ASN1EncodableVector(); nameVector.add(new GeneralName(iPAddress, "127.0.0.1")); return new GeneralNames(new DERSequence(nameVector)) .getDERObject(); } }); // 颁发者备用别名 certGen.addExtension(X509Extensions.IssuerAlternativeName, false, new DEREncodable() { @SuppressWarnings("unused") public static final int otherName = 0; @SuppressWarnings("unused") public static final int rfc822Name = 1; @SuppressWarnings("unused") public static final int dNSName = 2; @SuppressWarnings("unused") public static final int x400Address = 3; @SuppressWarnings("unused") public static final int directoryName = 4; @SuppressWarnings("unused") public static final int ediPartyName = 5; @SuppressWarnings("unused") public static final int uniformResourceIdentifier = 6; public static final int iPAddress = 7; @SuppressWarnings("unused") public static final int registeredID = 8; @Override public DERObject getDERObject() { // TODO Auto-generated method stub ASN1EncodableVector nameVector = new ASN1EncodableVector(); nameVector.add(new GeneralName(iPAddress, "127.0.0.1")); return new GeneralNames(new DERSequence(nameVector)) .getDERObject(); } }); // 秘钥有效期 certGen.addExtension(X509Extensions.PrivateKeyUsagePeriod, false, new DEREncodable() { @Override public DERObject getDERObject() { // TODO Auto-generated method stub Date notBefore = new Date(); Date notAfter = new Date(notBefore.getTime() * 2); DERGeneralizedTime keyNotBefore = new DERGeneralizedTime( notBefore); DERGeneralizedTime keyNotAfter = new DERGeneralizedTime( notAfter); DERTaggedObject atokeyNotBefore = new DERTaggedObject( false, 0, keyNotBefore); DERTaggedObject atokeyNotAfter = new DERTaggedObject( false, 1, keyNotAfter); ASN1EncodableVector periodVector = new ASN1EncodableVector(); periodVector.add(atokeyNotBefore); periodVector.add(atokeyNotAfter); return PrivateKeyUsagePeriod.getInstance( new DERSequence(periodVector)).getDERObject(); } }); // 策略限制 certGen.addExtension(X509Extensions.PolicyConstraints, false, new DEREncodable() { int requireExplicitPolicy = -1; int inhibitPolicyMapping = -1; @Override public DERObject getDERObject() { // TODO Auto-generated method stub ASN1EncodableVector pConstraints = new ASN1EncodableVector(); if (requireExplicitPolicy >= 0) pConstraints.add(new DERTaggedObject(false, 0, new DERInteger(requireExplicitPolicy))); if (inhibitPolicyMapping >= 0) pConstraints.add(new DERTaggedObject(false, 1, new DERInteger(inhibitPolicyMapping))); return new DERSequence(pConstraints); } }); // 禁止任意策略 certGen.addExtension(X509Extensions.InhibitAnyPolicy, false, new DEREncodable() { public int InhibitAnyPolicy; @Override public DERObject getDERObject() { // TODO Auto-generated method stub if (InhibitAnyPolicy >= 0) return new DERInteger(InhibitAnyPolicy); else return null; } }); // 证书策略 certGen.addExtension(X509Extensions.CertificatePolicies, false, new CertificatePoliciesInfo()); // 策略映射 certGen.addExtension(X509Extensions.PolicyMappings, false, new DEREncodable() { public Hashtable<String, String> policyMappings = new Hashtable<String, String>(); @Override public DERObject getDERObject() { return new PolicyMappings(policyMappings) .getDERObject(); } @SuppressWarnings("unused") public void add(String policyOID, String mappingPolicyOID) { policyMappings.put(policyOID, mappingPolicyOID); } }); // 主题密钥标识符 /* * certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new * DEREncodable() { //TODO public需要设置 public PublicKey keyIdentifier; * * @Override public DERObject getDERObject() { // TODO Auto-generated * method stub return new * SubjectKeyIdentifierStructure(keyIdentifier).getDERObject(); } * * }); */ // 权威密钥标识符 // TODO 请参考RFC3093实现 /* * certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, * new DEREncodable() { * * public PublicKey keyIdentifier; //public ExtensionGeneralName * authorityCertIssuer; public BigInteger authorityCertSerialNumber; * * @Override public DERObject getDERObject() { // TODO Auto-generated * method stub ASN1EncodableVector apkInfo = new ASN1EncodableVector(); * SubjectPublicKeyInfo apki; try { if (keyIdentifier != null) { apki = * new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream( new * ByteArrayInputStream( keyIdentifier .getEncoded())) .readObject()); * Digest digest = new SHA1Digest(); byte[] resBuf = new * byte[digest.getDigestSize()]; byte[] bytes = apki.getPublicKeyData() * .getBytes(); digest.update(bytes, 0, bytes.length); * digest.doFinal(resBuf, 0); apkInfo.add(new DERTaggedObject(false, 0, * new DEROctetString(resBuf))); } if (authorityCertIssuer != null) * apkInfo.add(new DERTaggedObject(false, 1, new GeneralNames(new * GeneralName( authorityCertIssuer.nameType, * authorityCertIssuer.value)))); if (authorityCertSerialNumber != null) * apkInfo.add(new DERTaggedObject(false, 2, new DERInteger( * authorityCertSerialNumber))); return new DERSequence(apkInfo); } * catch (IOException e) { // TODO Auto-generated catch block * e.printStackTrace(); } * * return null; } * * }); */ // 主体目录属性 certGen.addExtension(X509Extensions.SubjectDirectoryAttributes, false, new DEREncodable() { public String gender; public String dateOfBirth; public String streetAddress; public String telephoneNumber; public String mobileTelephoneNumber; @Override public DERObject getDERObject() { String genderOid = "1.3.6.1.5.5.7.9.4"; String dateOfBirthOid = "1.3.6.1.5.5.7.9.1"; String streetAddressOid = "2.5.4.9"; String telephoneNumberOid = "2.5.4.20"; String mobileTelephoneNumberOid = "0.9.2342.19200300.100.1.41"; Vector<Attribute> attributes = new Vector<Attribute>(); try { if (gender != null) attributes .add(makeAttribute(genderOid, gender)); if (dateOfBirth != null) attributes.add(makeAttribute(dateOfBirthOid, dateOfBirth)); if (streetAddress != null) attributes.add(makeAttribute(streetAddressOid, streetAddress)); if (telephoneNumber != null) attributes.add(makeAttribute( telephoneNumberOid, telephoneNumber)); if (mobileTelephoneNumber != null) attributes.add(makeAttribute( mobileTelephoneNumberOid, mobileTelephoneNumber)); return new SubjectDirectoryAttributes(attributes) .getDERObject(); } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } return null; } private Attribute makeAttribute(String oid, String value) throws UnsupportedEncodingException { DERSet valueSet = new DERSet(new DERPrintableString( value.getBytes("UTF-8"))); return new Attribute(new DERObjectIdentifier(oid), valueSet); } }); // 名称限制 certGen.addExtension(X509Extensions.NameConstraints, false, new DEREncodable() { private Vector<GeneralSubtree> permittedSubtrees = new Vector<GeneralSubtree>(); private Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>(); @Override public DERObject getDERObject() { // TODO Auto-generated method stub return new NameConstraints(permittedSubtrees, excludedSubtrees).getDERObject(); } @SuppressWarnings("unused") public void addPermitted( ExtensionGeneralName permittedName, int minimum, int maximum) { permittedSubtrees.add(new GeneralSubtree( new GeneralName(permittedName.nameType, permittedName.value), BigInteger .valueOf(minimum), BigInteger .valueOf(maximum))); } @SuppressWarnings("unused") public void addExcluded(ExtensionGeneralName excludedName, int minimum, int maximum) { excludedSubtrees.add(new GeneralSubtree( new GeneralName(excludedName.nameType, excludedName.value), BigInteger .valueOf(minimum), BigInteger .valueOf(maximum))); } }); // CRL分布点 certGen.addExtension(X509Extensions.CRLDistributionPoints, false, new DEREncodable() { private Vector<ExtensionGeneralName> crlDistPoints = new Vector<ExtensionGeneralName>(); @Override public DERObject getDERObject() { // TODO Auto-generated method stub int iCount = crlDistPoints.size(); assert (iCount > 0); DistributionPoint[] dp = new DistributionPoint[iCount]; for (int i = 0; i < iCount; ++i) { DistributionPointName dpn = new DistributionPointName( new GeneralNames( new GeneralName( crlDistPoints.elementAt(i).nameType, crlDistPoints.elementAt(i).value))); dp[i] = new DistributionPoint(dpn, null, null); } return new CRLDistPoint(dp).getDERObject(); } @SuppressWarnings("unused") public void add(ExtensionGeneralName info) { crlDistPoints.add(info); } }); // 最新/增量CRL分布点 certGen.addExtension(X509Extensions.FreshestCRL, false, new DEREncodable() { private Vector<ExtensionGeneralName> crlDistPoints = new Vector<ExtensionGeneralName>(); @Override public DERObject getDERObject() { // TODO Auto-generated method stub int iCount = crlDistPoints.size(); assert (iCount > 0); DistributionPoint[] dp = new DistributionPoint[iCount]; for (int i = 0; i < iCount; ++i) { DistributionPointName dpn = new DistributionPointName( new GeneralNames( new GeneralName( crlDistPoints.elementAt(i).nameType, crlDistPoints.elementAt(i).value))); dp[i] = new DistributionPoint(dpn, null, null); } return new CRLDistPoint(dp).getDERObject(); } @SuppressWarnings("unused") public void add(ExtensionGeneralName info) { crlDistPoints.add(info); } }); // 机构信息访问 certGen.addExtension(X509Extensions.AuthorityInfoAccess, false, new DEREncodable() { public final DERObjectIdentifier id_ad_caIssuers = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.2"); public final DERObjectIdentifier id_ad_ocsp = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); private ASN1EncodableVector authorityInfoAccessVec = new ASN1EncodableVector(); @Override public DERObject getDERObject() { // TODO Auto-generated method stub return new DERSequence(authorityInfoAccessVec); } @SuppressWarnings("unused") public void add(DERObjectIdentifier accessMethod, ExtensionGeneralName accessLocation) { authorityInfoAccessVec.add(new AccessDescription( accessMethod, new GeneralName( accessLocation.nameType, accessLocation.value))); } @SuppressWarnings("unused") public void add(String accessMethod, ExtensionGeneralName accessLocation) { DERObjectIdentifier am = null; if (accessMethod.equalsIgnoreCase("caIssuers")) am = id_ad_caIssuers; else if (accessMethod.equalsIgnoreCase("ocsp")) am = id_ad_ocsp; else { System.out .println("InfoAccessInfo:no supported type!"); assert (false); } authorityInfoAccessVec.add(new AccessDescription(am, new GeneralName(accessLocation.nameType, accessLocation.value))); } }); // 主题信息访问 /* * certGen.addExtension(X509Extensions.AuthorityInfoAccess, false, new * DEREncodable() { public final DERObjectIdentifier id_ad_caIssuers = * new DERObjectIdentifier( "1.3.6.1.5.5.7.48.2"); public final * DERObjectIdentifier id_ad_ocsp = new DERObjectIdentifier( * "1.3.6.1.5.5.7.48.1"); private ASN1EncodableVector * authorityInfoAccessVec = new ASN1EncodableVector(); * * @Override public DERObject getDERObject() { // TODO Auto-generated * method stub return new DERSequence(authorityInfoAccessVec); } * * @SuppressWarnings("unused") public void add(DERObjectIdentifier * accessMethod, ExtensionGeneralName accessLocation) { * authorityInfoAccessVec.add(new AccessDescription( accessMethod, new * GeneralName( accessLocation.nameType, accessLocation.value))); } * * @SuppressWarnings("unused") public void add(String accessMethod, * ExtensionGeneralName accessLocation) { DERObjectIdentifier am = null; * if (accessMethod.equalsIgnoreCase("caIssuers")) am = id_ad_caIssuers; * else if (accessMethod.equalsIgnoreCase("ocsp")) am = id_ad_ocsp; else * { System.out .println("InfoAccessInfo:no supported type!"); assert * (false); } authorityInfoAccessVec.add(new AccessDescription(am, new * GeneralName(accessLocation.nameType, accessLocation.value))); } }); */ return certGen.generate(); } public static void main(String args[]) throws Exception { Security.addProvider(new BouncyCastleProvider()); X500Name issuer = new X500Name("O=IBM,OU=CSC,CN=dev"); X500Name subject = new X500Name("O=IBM,OU=CSC,CN=ligson"); CreateCert cert = new CreateCert(); BigInteger serail = cert.genCertSerial(); RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( new BigInteger( "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( new BigInteger( "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16), new BigInteger( "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), new BigInteger( "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), new BigInteger( "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), new BigInteger( "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), new BigInteger( "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), new BigInteger( "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); KeyFactory fact = KeyFactory.getInstance("RSA", "BC"); PublicKey pkKey = fact.generatePublic(pubKeySpec); PrivateKey privateKey = fact.generatePrivate(privKeySpec); System.out.println(pkKey); AlgorithmIdentifier algorithmIdentifier = AlgorithmIdentifier .getInstance(X509Util.getAlgorithmOID("SHA1WITHRSA")); SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo( algorithmIdentifier, pkKey.getEncoded()); X509Certificate certificate = cert.createAcIssuerCert(issuer, serail, new Date(), new Date(new Date().getTime() + 10000000), subject, subjectPublicKeyInfo, privateKey); // certificate.getEncoded(); FileOutputStream fileOutputStream = new FileOutputStream(new File( "E:/code/itrusca/SecPKI/cert/2.cer")); fileOutputStream.write(certificate.getEncoded()); fileOutputStream.close(); } }
ExtensionGeneralName.java
package com.secpki.jce.demo; public class ExtensionGeneralName{ public int nameType; public String value; public static final int otherName = 0; public static final int rfc822Name = 1; public static final int dNSName = 2; public static final int x400Address = 3; public static final int directoryName = 4; public static final int ediPartyName = 5; public static final int uniformResourceIdentifier = 6; public static final int iPAddress = 7; public static final int registeredID = 8; public static final String[] typeTable = new String[9]; public ExtensionGeneralName() { } public ExtensionGeneralName(int nameType,String value) { this.nameType = nameType; this.value = value; } public void setNameType(int nameType) { this.nameType = nameType; } public void setNameType(String nameType) { if(nameType.equalsIgnoreCase("otherName")) this.nameType = otherName; else if(nameType.equalsIgnoreCase("rfc822Name")) this.nameType = rfc822Name; else if(nameType.equalsIgnoreCase("dNSName")) this.nameType = dNSName; else if(nameType.equalsIgnoreCase("x400Address")) this.nameType = x400Address; else if(nameType.equalsIgnoreCase("directoryName")) this.nameType = directoryName; else if(nameType.equalsIgnoreCase("ediPartyName")) this.nameType = ediPartyName; else if(nameType.equalsIgnoreCase("uniformResourceIdentifier")) this.nameType = uniformResourceIdentifier; else if(nameType.equalsIgnoreCase("iPAddress")) this.nameType = iPAddress; else if(nameType.equalsIgnoreCase("registeredID")) this.nameType = registeredID; else { System.out.println("ExtensionGeneralName:no supported type!"); assert(false); } } }
X509Util.java
package com.secpki.jce.demo; import java.io.IOException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.Provider; import java.security.SecureRandom; import java.security.Security; import java.security.Signature; import java.security.SignatureException; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashSet; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Set; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.util.Strings; @SuppressWarnings("unchecked") class X509Util { @SuppressWarnings("rawtypes") public static Hashtable algorithms = new Hashtable(); @SuppressWarnings("rawtypes") private static Hashtable params = new Hashtable(); @SuppressWarnings("rawtypes") private static Set noParams = new HashSet(); static { algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. // The parameters field SHALL be NULL for RSA based signature algorithms. // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); noParams.add(NISTObjectIdentifiers.dsa_with_sha224); noParams.add(NISTObjectIdentifiers.dsa_with_sha256); noParams.add(NISTObjectIdentifiers.dsa_with_sha384); noParams.add(NISTObjectIdentifiers.dsa_with_sha512); // // RFC 4491 // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // // explicit params // AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull()); params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull()); params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull()); params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull()); params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); } private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) { return new RSASSAPSSparams( hashAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), new DERInteger(saltSize), new DERInteger(1)); } static DERObjectIdentifier getAlgorithmOID( String algorithmName) { algorithmName = Strings.toUpperCase(algorithmName); if (algorithms.containsKey(algorithmName)) { return (DERObjectIdentifier)algorithms.get(algorithmName); } return new DERObjectIdentifier(algorithmName); } static AlgorithmIdentifier getSigAlgID( DERObjectIdentifier sigOid, String algorithmName) { if (noParams.contains(sigOid)) { return new AlgorithmIdentifier(sigOid); } algorithmName = Strings.toUpperCase(algorithmName); if (params.containsKey(algorithmName)) { return new AlgorithmIdentifier(sigOid, (DEREncodable)params.get(algorithmName)); } else { return new AlgorithmIdentifier(sigOid, new DERNull()); } } @SuppressWarnings("rawtypes") static Iterator getAlgNames() { Enumeration e = algorithms.keys(); List l = new ArrayList(); while (e.hasMoreElements()) { l.add(e.nextElement()); } return l.iterator(); } static Signature getSignatureInstance( String algorithm) throws NoSuchAlgorithmException { return Signature.getInstance(algorithm); } static Signature getSignatureInstance( String algorithm, String provider) throws NoSuchProviderException, NoSuchAlgorithmException { if (provider != null) { return Signature.getInstance(algorithm, provider); } else { return Signature.getInstance(algorithm); } } static byte[] calculateSignature( DERObjectIdentifier sigOid, String sigName, PrivateKey key, SecureRandom random, ASN1Encodable object) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { Signature sig; if (sigOid == null) { throw new IllegalStateException("no signature algorithm specified"); } sig = X509Util.getSignatureInstance(sigName); if (random != null) { sig.initSign(key, random); } else { sig.initSign(key); } sig.update(object.getEncoded(ASN1Encodable.DER)); return sig.sign(); } static byte[] calculateSignature( DERObjectIdentifier sigOid, String sigName, String provider, PrivateKey key, SecureRandom random, ASN1Encodable object) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { Signature sig; if (sigOid == null) { throw new IllegalStateException("no signature algorithm specified"); } sig = X509Util.getSignatureInstance(sigName, provider); if (random != null) { sig.initSign(key, random); } else { sig.initSign(key); } sig.update(object.getEncoded(ASN1Encodable.DER)); return sig.sign(); } static X509Principal convertPrincipal( X500Principal principal) { try { return new X509Principal(principal.getEncoded()); } catch (IOException e) { throw new IllegalArgumentException("cannot convert principal"); } } static class Implementation { Object engine; Provider provider; Implementation( Object engine, Provider provider) { this.engine = engine; this.provider = provider; } Object getEngine() { return engine; } Provider getProvider() { return provider; } } /** * see if we can find an algorithm (or its alias and what it represents) in * the property table for the given provider. */ static Implementation getImplementation( String baseName, String algorithm, Provider prov) throws NoSuchAlgorithmException { algorithm = Strings.toUpperCase(algorithm); String alias; while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) { algorithm = alias; } String className = prov.getProperty(baseName + "." + algorithm); if (className != null) { try { @SuppressWarnings("rawtypes") Class cls; ClassLoader clsLoader = prov.getClass().getClassLoader(); if (clsLoader != null) { cls = clsLoader.loadClass(className); } else { cls = Class.forName(className); } return new Implementation(cls.newInstance(), prov); } catch (ClassNotFoundException e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but no class \"" + className + "\" found!"); } catch (Exception e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but class \"" + className + "\" inaccessible!"); } } throw new NoSuchAlgorithmException("cannot find implementation " + algorithm + " for provider " + prov.getName()); } /** * return an implementation for a given algorithm/provider. * If the provider is null, we grab the first avalaible who has the required algorithm. */ static Implementation getImplementation( String baseName, String algorithm) throws NoSuchAlgorithmException { Provider[] prov = Security.getProviders(); // // search every provider looking for the algorithm we want. // for (int i = 0; i != prov.length; i++) { // // try case insensitive // Implementation imp = getImplementation(baseName, Strings.toUpperCase(algorithm), prov[i]); if (imp != null) { return imp; } try { imp = getImplementation(baseName, algorithm, prov[i]); } catch (NoSuchAlgorithmException e) { // continue } } throw new NoSuchAlgorithmException("cannot find implementation " + algorithm); } static Provider getProvider(String provider) throws NoSuchProviderException { Provider prov = Security.getProvider(provider); if (prov == null) { throw new NoSuchProviderException("Provider " + provider + " not found"); } return prov; } }
CertificatePoliciesInfo.java
package com.secpki.jce.demo; /** * */ import java.util.Enumeration; import java.util.Vector; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.DisplayText; import org.bouncycastle.asn1.x509.NoticeReference; import org.bouncycastle.asn1.x509.PolicyInformation; import org.bouncycastle.asn1.x509.PolicyQualifierId; import org.bouncycastle.asn1.x509.PolicyQualifierInfo; import org.bouncycastle.asn1.x509.UserNotice; /** * @author TBear * */ public class CertificatePoliciesInfo implements DEREncodable{ public CertificatePoliciesInfo(){ certPolicies = new ASN1EncodableVector(); } public void add(String policy) { certPolicies.add(new PolicyInformation(new DERObjectIdentifier(policy))); } public void add(String policy,String cps) { ASN1EncodableVector policyQualifiers = new ASN1EncodableVector(); PolicyQualifierInfo qualifierInfo = new PolicyQualifierInfo(cps); policyQualifiers.add(qualifierInfo.getDERObject()); certPolicies.add(new PolicyInformation(new DERObjectIdentifier(policy),new DERSequence(policyQualifiers))); } public void add(String policy,Vector<String> cpss,Vector<UserNotice> userNotices) { ASN1EncodableVector policyQualifiers = new ASN1EncodableVector(); for(int i=0;i<cpss.size();i++) { String cps = cpss.elementAt(i); PolicyQualifierInfo qualifierInfo = new PolicyQualifierInfo(cps); policyQualifiers.add(qualifierInfo.toASN1Object()); } for(int i=0;i<userNotices.size();i++) { UserNotice userNotice = userNotices.elementAt(i); PolicyQualifierInfo qualifierInfo = new PolicyQualifierInfo(PolicyQualifierId.id_qt_unotice,userNotice.toASN1Object()); policyQualifiers.add(qualifierInfo.toASN1Object()); } if(policyQualifiers.size()==0){ certPolicies.add(new PolicyInformation(new DERObjectIdentifier(policy))); } else{ certPolicies.add(new PolicyInformation(new DERObjectIdentifier(policy),new DERSequence(policyQualifiers))); } } public void add(String policy,ASN1Sequence qualifierInfo) { certPolicies.add(new PolicyInformation(new DERObjectIdentifier(policy),qualifierInfo)); } public DERObject getDERObject() { return new DERSequence(certPolicies); } public static UserNotice makeUserNotice(String orgType,String org,Vector<Integer> nums,String displayTextType,String displayText) { NoticeReference noticeReference = null; DisplayText text = null; int iType = 2; if((org!=null)&&(nums.size()>0)){ if(orgType!=null){ if(displayTextType.equalsIgnoreCase("IA5STRING")){ iType = 0; } else if(displayTextType.equalsIgnoreCase("BMPSTRING")){ iType = 1; } else if(displayTextType.equalsIgnoreCase("UTF8STRING")){ iType = 2; } else if(displayTextType.equalsIgnoreCase("VISIBLESTRING")){ iType = 3; } } ASN1EncodableVector asn1encodablevector = new ASN1EncodableVector(); DERInteger derinteger; for(Enumeration<Integer> enumeration = nums.elements(); enumeration.hasMoreElements(); asn1encodablevector.add(derinteger)) { Integer integer = enumeration.nextElement(); derinteger = new DERInteger(integer.intValue()); } noticeReference = new NoticeReference(iType,org, new DERSequence(asn1encodablevector)); } if(displayText!=null){ if(displayTextType==null){ text = new DisplayText(displayText); } else{ if(displayTextType.equalsIgnoreCase("IA5STRING")){ text = new DisplayText(DisplayText.CONTENT_TYPE_IA5STRING,displayText); } else if(displayTextType.equalsIgnoreCase("BMPSTRING")){ text = new DisplayText(DisplayText.CONTENT_TYPE_BMPSTRING,displayText); } else if(displayTextType.equalsIgnoreCase("UTF8STRING")){ text = new DisplayText(DisplayText.CONTENT_TYPE_UTF8STRING,displayText); } else if(displayTextType.equalsIgnoreCase("VISIBLESTRING")){ text = new DisplayText(DisplayText.CONTENT_TYPE_VISIBLESTRING,displayText); } else{ text = new DisplayText(displayText); } } } UserNotice un = new UserNotice(noticeReference,text); return un; } public static UserNotice makeUserNotice(String displayText) { UserNotice un = new UserNotice(null,displayText); return un; } private ASN1EncodableVector certPolicies; }
发表评论
-
java中文乱码完全解决方案
2013-11-18 22:05 24361、代码编码全部用UTF8,特别是配置用的属性文件 2、J ... -
Highcharts动态曲线图(使用jna监视cpu使用率)
2012-01-10 22:30 92731、CPU使用率获取,因为我要用JNA调用,所以用c++调用w ... -
grails验证码插件-JCaptcha
2012-01-10 12:56 23781、安装 grails install-plugin jca ... -
jogl入门之简单的贪吃蛇
2012-01-05 13:43 20211、代码: package org.ligson.jo ... -
jogl入门
2011-12-31 13:19 51341、jogl是什么? jogl是Java OpenGL的 ... -
grails学习之自定义标签
2011-12-30 17:22 57891、在grails项目结构中有一个taglib文件夹(项目名/ ... -
加密机制的发展(JCE/JCA)
2011-12-23 17:56 4855一、对称密钥-------最原始的加密解密 对称 ... -
开发一个JCE的Provider
2011-12-23 13:42 44921、开发环境ubuntu+eclipse+openJDK ... -
enum还有人记得吗?
2011-12-21 15:42 1119enum其实挺好用的,特别是对于一些固定的东西! packa ... -
JNA入门1
2011-12-06 22:15 37211、jna是什么 jna是java native acces ... -
利用BC替换X509证书的公钥
2011-11-23 09:54 2258public static X509Certificate r ... -
利用BC的X509v3CertificateBuilder组装X509证书
2011-11-22 17:38 3905// 设置开始日期和结束日期 long year = 3 ... -
grails框架中webService插件的使用(axis2,cxf)
2011-09-17 22:40 3222一、cxf插件的使用: 1、运行命令: grails in ... -
Java直接发送邮件或写好的eml邮件
2011-08-03 13:50 1543import java.io.File; import ... -
Java中对称密钥、非对称密钥和数字签名的用法
2011-04-16 12:21 32371、非对称密钥: package com.mysec; ... -
eclipse3.6 太阳神版 中文汉化插件
2011-04-09 20:00 1167经常用eclipse,但用多了英文版,突然间想找个新鲜感,于是 ... -
Java中的按位取反运算符,哪位能详解一下?
2011-03-14 23:29 2257最近面试遇到了这样一道题: System.out.print ... -
Java常见排序算法
2011-02-24 17:53 863package test; import java ... -
常见模式例子
2011-02-24 17:37 1033工厂模式 package login.sj; ... -
关于Java中各种修饰符与访问修饰符的说明
2011-02-24 15:05 1037类: 访问修饰符 修饰符 class 类名称 exte ...
相关推荐
BouncyCastle库是一个强大的Java加密库,支持多种加密算法,包括国密算法,对于生成符合中国国家标准的X509证书非常有用。在这个场景中,我们不仅会讨论如何使用Java生成X509证书,还会涉及如何将其存储为PEM格式,...
利用BouncyCastle解析SM2证书国密证书测试程序,源码直接可用
- **自定义证书和CA**:开发者可以利用BouncyCastle库来生成自签名的X.509证书,这对于测试环境或者内部服务器之间的通信很有用。同时,它也可以用来处理和信任非标准的或自定义的证书颁发机构(CA)。 - **数据...
Java基于BC生成X509v3证书,以及部分扩展Extension的使用,如:BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess...
总结来说,"BouncyCastle,SM2、SM3、SM4 证书加解密应用例子"是一个关于使用C#和BouncyCastle库实现中国国密标准的实战案例,适用于需要跨平台、高安全性的应用程序。通过理解和应用这个示例,开发者可以增强在密码...
在数字证书处理方面,BouncyCastle提供了从PEM、DER格式的证书导入导出,以及证书链的验证等功能。这对于HTTPS服务器配置、邮件安全、代码签名等场景尤为重要。例如,使用BouncyCastle可以轻松地创建自签名证书或者...
X.509证书用于表示公钥及其相关属性,BouncyCastle提供读取、解析和创建X.509证书的能力,这对于SSL/TLS连接、代码签名等应用至关重要。 7. **随机数生成器**: 随机数在加密中扮演重要角色,BouncyCastle提供强...
2. **证书和证书链管理**:Bouncy Castle提供了生成、解析和验证X.509证书的能力,这是SSL/TLS、PGP等协议中的基础组件。通过Bouncy Castle,我们可以创建自签名证书,也可以构建复杂的证书链来验证证书的信任路径。...
2. **证书和证书链**:BouncyCastle支持X.509证书,用于身份验证和公钥分发。证书链可以验证证书的完整性和来源,确保通信双方的身份可信。 3. **密钥管理**:密钥的生成、存储、交换和销毁都是安全体系的重要环节...
Bouncy Castle 包含了一个全面的 ASN.1 编码/解码器,对于处理 X.509 证书和 PKCS#7 格式的文件尤其有用。 8. **PKCS(Public Key Cryptography Standards)支持**: Bouncy Castle 实现了 PKCS#1、PKCS#5、PKCS#7...
这个压缩包包含了Bouncy Castle库的不同组件,如X509证书处理、JCE(Java Cryptography Extension)、Crypto加密算法、Util工具类以及TLS(Transport Layer Security)协议支持。下面将详细阐述这些组件及其在IT领域...
这可以通过BouncyCastle的`X509CertificateParser`和`X509Store`类来完成。 以上就是C#中使用BouncyCastle库实现PKCS#7签名和验签的基本流程。值得注意的是,实际应用中可能需要考虑更多的安全因素,比如处理密钥的...
在实际项目中,开发者可以利用BouncyCastle提供的类和方法,轻松实现数据加密、解密、签名、验签等操作。 总的来说,这份“BouncyCastle1.59帮助文档”是开发者学习和使用BouncyCastle的重要参考资料,结合CHM制作...
6. **PKI组件**:Bouncy Castle还包含了证书和证书链的处理,支持X.509证书格式,可用于SSL/TLS协议,建立安全的网络连接。 7. **随机数生成器**:加密过程中需要使用高质量的随机数,Bouncy Castle提供了安全的...
5. **X.509 证书处理**:BouncyCastle 提供了创建、解析和管理X.509证书的功能,这对于建立安全的网络通信至关重要。 6. **TLS/SSL 实现**:BouncyCastle 可以作为.NET的SSL/TLS实现,用于安全的网络连接。 7. **...
1. **证书管理**:生成、解析和操作X.509数字证书,支持PFX(PKCS#12)文件的处理。 2. **密钥生成与交换**:创建和管理公钥和私钥,实现Diffie-Hellman、RSA等密钥交换协议。 3. **数据加密解密**:使用AES、DES...