List of usage examples for org.bouncycastle.jce X509KeyUsage dataEncipherment
int dataEncipherment
To view the source code for org.bouncycastle.jce X509KeyUsage dataEncipherment.
Click Source Link
From source file:com.google.android.gms.common.GooglePlayServicesUtil.java
public static String getErrorString(int i) { switch (i) {//from w ww . j av a 2s .c o m case ECCurve.COORD_AFFINE /*0*/: return "SUCCESS"; case ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL /*1*/: return "SERVICE_MISSING"; case CipherSpiExt.DECRYPT_MODE /*2*/: return "SERVICE_VERSION_UPDATE_REQUIRED"; case F2m.PPB /*3*/: return "SERVICE_DISABLED"; case ECCurve.COORD_JACOBIAN_MODIFIED /*4*/: return "SIGN_IN_REQUIRED"; case ECCurve.COORD_LAMBDA_AFFINE /*5*/: return "INVALID_ACCOUNT"; case ECCurve.COORD_LAMBDA_PROJECTIVE /*6*/: return "RESOLUTION_REQUIRED"; case ECCurve.COORD_SKEWED /*7*/: return "NETWORK_ERROR"; case X509KeyUsage.keyAgreement /*8*/: return "INTERNAL_ERROR"; case NamedCurve.sect283k1 /*9*/: return "SERVICE_INVALID"; case NamedCurve.sect283r1 /*10*/: return "DEVELOPER_ERROR"; case CertStatus.UNREVOKED /*11*/: return "LICENSE_CHECK_FAILED"; case X509KeyUsage.dataEncipherment /*16*/: return "API_UNAVAILABLE"; default: return "UNKNOWN_ERROR_CODE"; } }
From source file:com.google.android.gms.common.GooglePlayServicesUtil.java
private static Dialog zza(int i, Activity activity, Fragment fragment, int i2, OnCancelListener onCancelListener) { AlertDialog.Builder builder;// w ww .j av a 2s.co m Intent zzan; OnClickListener com_google_android_gms_common_internal_zzg; CharSequence zzf; if (zzlu.zzQ(activity) && i == 2) { i = 42; } if (zzme.zzkg()) { TypedValue typedValue = new TypedValue(); activity.getTheme().resolveAttribute(16843529, typedValue, true); if ("Theme.Dialog.Alert".equals(activity.getResources().getResourceEntryName(typedValue.resourceId))) { builder = new AlertDialog.Builder(activity, 5); if (builder == null) { builder = new AlertDialog.Builder(activity); } builder.setMessage(zze(activity, i)); if (onCancelListener != null) { builder.setOnCancelListener(onCancelListener); } zzan = zzan(i); com_google_android_gms_common_internal_zzg = fragment != null ? new zzg(activity, zzan, i2) : new zzg(fragment, zzan, i2); zzf = zzf(activity, i); if (zzf != null) { builder.setPositiveButton(zzf, com_google_android_gms_common_internal_zzg); } switch (i) { case ECCurve.COORD_AFFINE /*0*/: return null; case ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL /*1*/: return builder.setTitle(C0078R.string.common_google_play_services_install_title).create(); case CipherSpiExt.DECRYPT_MODE /*2*/: return builder.setTitle(C0078R.string.common_google_play_services_update_title).create(); case F2m.PPB /*3*/: return builder.setTitle(C0078R.string.common_google_play_services_enable_title).create(); case ECCurve.COORD_JACOBIAN_MODIFIED /*4*/: case ECCurve.COORD_LAMBDA_PROJECTIVE /*6*/: return builder.create(); case ECCurve.COORD_LAMBDA_AFFINE /*5*/: Log.e("GooglePlayServicesUtil", "An invalid account was specified when connecting. Please provide a valid account."); return builder.setTitle(C0078R.string.common_google_play_services_invalid_account_title) .create(); case ECCurve.COORD_SKEWED /*7*/: Log.e("GooglePlayServicesUtil", "Network error occurred. Please retry request later."); return builder.setTitle(C0078R.string.common_google_play_services_network_error_title).create(); case X509KeyUsage.keyAgreement /*8*/: Log.e("GooglePlayServicesUtil", "Internal error occurred. Please see logs for detailed information"); return builder.create(); case NamedCurve.sect283k1 /*9*/: Log.e("GooglePlayServicesUtil", "Google Play services is invalid. Cannot recover."); return builder.setTitle(C0078R.string.common_google_play_services_unsupported_title).create(); case NamedCurve.sect283r1 /*10*/: Log.e("GooglePlayServicesUtil", "Developer error occurred. Please see logs for detailed information"); return builder.create(); case CertStatus.UNREVOKED /*11*/: Log.e("GooglePlayServicesUtil", "The application is not licensed to the user."); return builder.create(); case X509KeyUsage.dataEncipherment /*16*/: Log.e("GooglePlayServicesUtil", "One of the API components you attempted to connect to is not available."); return builder.create(); case NamedCurve.secp160r2 /*17*/: Log.e("GooglePlayServicesUtil", "The specified account could not be signed in."); return builder.setTitle(C0078R.string.common_google_play_services_sign_in_failed_title) .create(); case Place.TYPE_GENERAL_CONTRACTOR /*42*/: return builder.setTitle(C0078R.string.common_android_wear_update_title).create(); default: Log.e("GooglePlayServicesUtil", "Unexpected error code " + i); return builder.create(); } } } builder = null; if (builder == null) { builder = new AlertDialog.Builder(activity); } builder.setMessage(zze(activity, i)); if (onCancelListener != null) { builder.setOnCancelListener(onCancelListener); } zzan = zzan(i); if (fragment != null) { } zzf = zzf(activity, i); if (zzf != null) { builder.setPositiveButton(zzf, com_google_android_gms_common_internal_zzg); } switch (i) { case ECCurve.COORD_AFFINE /*0*/: return null; case ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL /*1*/: return builder.setTitle(C0078R.string.common_google_play_services_install_title).create(); case CipherSpiExt.DECRYPT_MODE /*2*/: return builder.setTitle(C0078R.string.common_google_play_services_update_title).create(); case F2m.PPB /*3*/: return builder.setTitle(C0078R.string.common_google_play_services_enable_title).create(); case ECCurve.COORD_JACOBIAN_MODIFIED /*4*/: case ECCurve.COORD_LAMBDA_PROJECTIVE /*6*/: return builder.create(); case ECCurve.COORD_LAMBDA_AFFINE /*5*/: Log.e("GooglePlayServicesUtil", "An invalid account was specified when connecting. Please provide a valid account."); return builder.setTitle(C0078R.string.common_google_play_services_invalid_account_title).create(); case ECCurve.COORD_SKEWED /*7*/: Log.e("GooglePlayServicesUtil", "Network error occurred. Please retry request later."); return builder.setTitle(C0078R.string.common_google_play_services_network_error_title).create(); case X509KeyUsage.keyAgreement /*8*/: Log.e("GooglePlayServicesUtil", "Internal error occurred. Please see logs for detailed information"); return builder.create(); case NamedCurve.sect283k1 /*9*/: Log.e("GooglePlayServicesUtil", "Google Play services is invalid. Cannot recover."); return builder.setTitle(C0078R.string.common_google_play_services_unsupported_title).create(); case NamedCurve.sect283r1 /*10*/: Log.e("GooglePlayServicesUtil", "Developer error occurred. Please see logs for detailed information"); return builder.create(); case CertStatus.UNREVOKED /*11*/: Log.e("GooglePlayServicesUtil", "The application is not licensed to the user."); return builder.create(); case X509KeyUsage.dataEncipherment /*16*/: Log.e("GooglePlayServicesUtil", "One of the API components you attempted to connect to is not available."); return builder.create(); case NamedCurve.secp160r2 /*17*/: Log.e("GooglePlayServicesUtil", "The specified account could not be signed in."); return builder.setTitle(C0078R.string.common_google_play_services_sign_in_failed_title).create(); case Place.TYPE_GENERAL_CONTRACTOR /*42*/: return builder.setTitle(C0078R.string.common_android_wear_update_title).create(); default: Log.e("GooglePlayServicesUtil", "Unexpected error code " + i); return builder.create(); } }
From source file:com.google.android.gms.common.GooglePlayServicesUtil.java
public static String zze(Context context, int i) { Resources resources = context.getResources(); switch (i) {/*from w ww. j ava 2s . c o m*/ case ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL /*1*/: return zza(context.getResources()) ? resources.getString(C0078R.string.common_google_play_services_install_text_tablet) : resources.getString(C0078R.string.common_google_play_services_install_text_phone); case CipherSpiExt.DECRYPT_MODE /*2*/: return resources.getString(C0078R.string.common_google_play_services_update_text); case F2m.PPB /*3*/: return resources.getString(C0078R.string.common_google_play_services_enable_text); case ECCurve.COORD_LAMBDA_AFFINE /*5*/: return resources.getString(C0078R.string.common_google_play_services_invalid_account_text); case ECCurve.COORD_SKEWED /*7*/: return resources.getString(C0078R.string.common_google_play_services_network_error_text); case NamedCurve.sect283k1 /*9*/: return resources.getString(C0078R.string.common_google_play_services_unsupported_text); case X509KeyUsage.dataEncipherment /*16*/: return resources.getString(C0078R.string.commono_google_play_services_api_unavailable_text); case NamedCurve.secp160r2 /*17*/: return resources.getString(C0078R.string.common_google_play_services_sign_in_failed_text); case Place.TYPE_GENERAL_CONTRACTOR /*42*/: return resources.getString(C0078R.string.common_android_wear_update_text); default: return resources.getString(C0078R.string.common_google_play_services_unknown_issue); } }
From source file:com.google.android.gms.common.GooglePlayServicesUtil.java
public static String zzg(Context context, int i) { Resources resources = context.getResources(); switch (i) {/*from w ww . j ava 2s . c om*/ case ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL /*1*/: return resources.getString(C0078R.string.f5x8f024ee1); case CipherSpiExt.DECRYPT_MODE /*2*/: return resources.getString(C0078R.string.common_google_play_services_notification_needs_update_title); case F2m.PPB /*3*/: return resources.getString(C0078R.string.common_google_play_services_needs_enabling_title); case ECCurve.COORD_LAMBDA_AFFINE /*5*/: return resources.getString(C0078R.string.common_google_play_services_invalid_account_text); case ECCurve.COORD_SKEWED /*7*/: return resources.getString(C0078R.string.common_google_play_services_network_error_text); case NamedCurve.sect283k1 /*9*/: return resources.getString(C0078R.string.common_google_play_services_unsupported_text); case X509KeyUsage.dataEncipherment /*16*/: return resources.getString(C0078R.string.commono_google_play_services_api_unavailable_text); case NamedCurve.secp160r2 /*17*/: return resources.getString(C0078R.string.common_google_play_services_sign_in_failed_text); case Place.TYPE_GENERAL_CONTRACTOR /*42*/: return resources.getString(C0078R.string.common_android_wear_notification_needs_update_text); default: return resources.getString(C0078R.string.common_google_play_services_unknown_issue); } }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Converts Sun Key usage bits to Bouncy castle key usage kits * // w w w. ja va 2 s. c o m * @param sku key usage bit fields according to java.security.cert.X509Certificate#getKeyUsage, must be a boolean aray of size 9. * @return key usage int according to org.bouncycastle.jce.X509KeyUsage#X509KeyUsage, or -1 if input is null. * @see java.security.cert.X509Certificate#getKeyUsage * @see org.bouncycastle.jce.X509KeyUsage#X509KeyUsage */ public static int sunKeyUsageToBC(boolean[] sku) { if (sku == null) { return -1; } int bcku = 0; if (sku[0]) { bcku = bcku | X509KeyUsage.digitalSignature; } if (sku[1]) { bcku = bcku | X509KeyUsage.nonRepudiation; } if (sku[2]) { bcku = bcku | X509KeyUsage.keyEncipherment; } if (sku[3]) { bcku = bcku | X509KeyUsage.dataEncipherment; } if (sku[4]) { bcku = bcku | X509KeyUsage.keyAgreement; } if (sku[5]) { bcku = bcku | X509KeyUsage.keyCertSign; } if (sku[6]) { bcku = bcku | X509KeyUsage.cRLSign; } if (sku[7]) { bcku = bcku | X509KeyUsage.encipherOnly; } if (sku[8]) { bcku = bcku | X509KeyUsage.decipherOnly; } return bcku; }
From source file:org.signserver.validationservice.server.ValidationServiceWorkerTest.java
License:Open Source License
@Test public void test00SetupDatabase() throws Exception { KeyPair validRootCA1Keys = KeyTools.genKeys("1024", "RSA"); validRootCA1 = ValidationTestUtils.genCert("CN=ValidRootCA1", "CN=ValidRootCA1", validRootCA1Keys.getPrivate(), validRootCA1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); KeyPair validSubCA1Keys = KeyTools.genKeys("1024", "RSA"); validSubCA1 = ValidationTestUtils.genCert("CN=ValidSubCA1", "CN=ValidRootCA1", validRootCA1Keys.getPrivate(), validSubCA1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); KeyPair validCert1Keys = KeyTools.genKeys("1024", "RSA"); validCert1 = ValidationTestUtils.genCert("CN=ValidCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); revokedCert1 = ValidationTestUtils.genCert("CN=revokedCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); expiredCert1 = ValidationTestUtils.genCert("CN=expiredCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() - 1000000), false); noYetValidCert1 = ValidationTestUtils.genCert("CN=noYetValidCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(System.currentTimeMillis() + 1000000), new Date(System.currentTimeMillis() + 2000000), false);/*ww w . j a v a 2s. c o m*/ badSigCert1 = ValidationTestUtils.genCert("CN=badSigCert1", "CN=ValidSubCA1", validRootCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); identificationCert1 = ValidationTestUtils.genCert("CN=identificationCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false, X509KeyUsage.digitalSignature + X509KeyUsage.keyEncipherment); esigCert1 = ValidationTestUtils.genCert("CN=esigCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false, X509KeyUsage.nonRepudiation); badKeyUsageCert1 = ValidationTestUtils.genCert("CN=badKeyUsageCert1", "CN=ValidSubCA1", validSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false, X509KeyUsage.dataEncipherment + X509KeyUsage.cRLSign); KeyPair expiredRootCA1Keys = KeyTools.genKeys("1024", "RSA"); expiredRootCA1 = ValidationTestUtils.genCert("CN=expiredRootCA1", "CN=expiredRootCA1", expiredRootCA1Keys.getPrivate(), expiredRootCA1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() - 1000000), true); certByExpiredRoot = ValidationTestUtils.genCert("CN=certByExpiredRoot", "CN=expiredRootCA1", expiredRootCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); KeyPair notYetValidSubCA1Keys = KeyTools.genKeys("1024", "RSA"); notYetValidCA = ValidationTestUtils.genCert("CN=notYetValidCA", "CN=ValidRootCA1", validRootCA1Keys.getPrivate(), notYetValidSubCA1Keys.getPublic(), new Date(System.currentTimeMillis() + 1000000), new Date(System.currentTimeMillis() + 2000000), true); certByNotYetValidSub = ValidationTestUtils.genCert("CN=certByNotYetValidSub", "CN=notYetValidCA", notYetValidSubCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); KeyPair revocedRootCA1Keys = KeyTools.genKeys("1024", "RSA"); revocedRootCA1 = ValidationTestUtils.genCert("CN=revocedRootCA1", "CN=revocedRootCA1", revocedRootCA1Keys.getPrivate(), revocedRootCA1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); certByRevocedRoot = ValidationTestUtils.genCert("CN=certByRevocedRoot", "CN=revocedRootCA1", revocedRootCA1Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); KeyPair validSubCA2Keys = KeyTools.genKeys("1024", "RSA"); validSubCA2 = ValidationTestUtils.genCert("CN=ValidSubCA2", "CN=ValidRootCA1", validRootCA1Keys.getPrivate(), validSubCA2Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); KeyPair validSubSubCA2Keys = KeyTools.genKeys("1024", "RSA"); validSubSubCA2 = ValidationTestUtils.genCert("CN=ValidSubSubCA2", "CN=ValidSubCA2", validSubCA2Keys.getPrivate(), validSubSubCA2Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); KeyPair validSubSubSubCA2Keys = KeyTools.genKeys("1024", "RSA"); validSubSubSubCA2 = ValidationTestUtils.genCert("CN=ValidSubSubSubCA2", "CN=ValidSubSubCA2", validSubSubCA2Keys.getPrivate(), validSubSubSubCA2Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); KeyPair validSubSubSubSubCA2Keys = KeyTools.genKeys("1024", "RSA"); validSubSubSubSubCA2 = ValidationTestUtils.genCert("CN=ValidSubSubSubSubCA2", "CN=ValidSubSubSubCA2", validSubSubSubCA2Keys.getPrivate(), validSubSubSubSubCA2Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), true); certSignedByLongChain = ValidationTestUtils.genCert("CN=certSignedByLongChain", "CN=ValidSubSubSubSubCA2", validSubSubSubSubCA2Keys.getPrivate(), validCert1Keys.getPublic(), new Date(0), new Date(System.currentTimeMillis() + 1000000), false); ArrayList<X509Certificate> validChain1 = new ArrayList<X509Certificate>(); // Add in the wrong order validChain1.add(validRootCA1); validChain1.add(validSubCA1); ArrayList<X509Certificate> expiredRootChain = new ArrayList<X509Certificate>(); expiredRootChain.add(expiredRootCA1); ArrayList<X509Certificate> notYetValidSubChain = new ArrayList<X509Certificate>(); notYetValidSubChain.add(notYetValidCA); notYetValidSubChain.add(validRootCA1); ArrayList<X509Certificate> revocedRootCA1Chain = new ArrayList<X509Certificate>(); revocedRootCA1Chain.add(revocedRootCA1); ArrayList<X509Certificate> longChain = new ArrayList<X509Certificate>(); longChain.add(validSubCA2); longChain.add(validSubSubSubCA2); longChain.add(validRootCA1); longChain.add(validSubSubSubSubCA2); longChain.add(validSubSubCA2); // Worker 15 - DummyValidator gCSession.setProperty(GlobalConfiguration.SCOPE_GLOBAL, "WORKER15.CLASSPATH", "org.signserver.validationservice.server.ValidationServiceWorker"); sSSession.setWorkerProperty(15, "AUTHTYPE", "NOAUTH"); sSSession.setWorkerProperty(15, "VAL1.CLASSPATH", "org.signserver.validationservice.server.DummyValidator"); sSSession.setWorkerProperty(15, "VAL1.TESTPROP", "TEST"); sSSession.setWorkerProperty(15, "VAL1.ISSUER1.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(validChain1)); sSSession.setWorkerProperty(15, "VAL1.ISSUER2.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(expiredRootChain)); sSSession.setWorkerProperty(15, "VAL1.ISSUER4.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(notYetValidSubChain)); sSSession.setWorkerProperty(15, "VAL2.CLASSPATH", "org.signserver.validationservice.server.DummyValidator"); sSSession.setWorkerProperty(15, "VAL2.TESTPROP", "TEST"); sSSession.setWorkerProperty(15, "VAL2.ISSUER1.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(revocedRootCA1Chain)); sSSession.setWorkerProperty(15, "VAL2.ISSUER250.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(longChain)); sSSession.reloadConfiguration(15); // Worker 16 - NoRevokationCheckingValidator gCSession.setProperty(GlobalConfiguration.SCOPE_GLOBAL, "WORKER16.CLASSPATH", "org.signserver.validationservice.server.ValidationServiceWorker"); sSSession.setWorkerProperty(16, "AUTHTYPE", "NOAUTH"); sSSession.setWorkerProperty(16, "VAL1.CLASSPATH", "org.signserver.validationservice.server.NoRevocationCheckingValidator"); sSSession.setWorkerProperty(16, "VAL1.ISSUER1.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(validChain1)); sSSession.setWorkerProperty(16, "VAL1.ISSUER2.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(expiredRootChain)); sSSession.setWorkerProperty(16, "VAL1.ISSUER4.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(notYetValidSubChain)); sSSession.setWorkerProperty(16, "VAL2.CLASSPATH", "org.signserver.validationservice.server.NoRevocationCheckingValidator"); sSSession.setWorkerProperty(16, "VAL2.ISSUER1.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(revocedRootCA1Chain)); sSSession.setWorkerProperty(16, "VAL2.ISSUER250.CERTCHAIN", ValidationTestUtils.genPEMStringFromChain(longChain)); sSSession.reloadConfiguration(16); }
From source file:org.xipki.pki.scep.serveremulator.CaEmulator.java
License:Open Source License
public Certificate generateCert(final SubjectPublicKeyInfo pubKeyInfo, final X500Name subjectDn, final Date notBefore) throws Exception { ParamUtil.requireNonNull("pubKeyInfo", pubKeyInfo); ParamUtil.requireNonNull("subjectDn", subjectDn); ParamUtil.requireNonNull("notBefore", notBefore); Date notAfter = new Date(notBefore.getTime() + 730 * DAY_IN_MS); BigInteger tmpSerialNumber = BigInteger.valueOf(serialNumber.getAndAdd(1)); X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(caSubject, tmpSerialNumber, notBefore, notAfter, subjectDn, pubKeyInfo); X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.dataEncipherment | X509KeyUsage.keyAgreement | X509KeyUsage.keyEncipherment); certGenerator.addExtension(Extension.keyUsage, true, ku); BasicConstraints bc = new BasicConstraints(false); certGenerator.addExtension(Extension.basicConstraints, true, bc); String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgoType.SHA256); ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey); Certificate asn1Cert = certGenerator.build(contentSigner).toASN1Structure(); serialCertMap.put(tmpSerialNumber, asn1Cert); reqSubjectCertMap.put(subjectDn, asn1Cert); return asn1Cert; }
From source file:org.xipki.pki.scep.util.ScepUtil.java
License:Open Source License
public static X509Certificate generateSelfsignedCert(final X500Name subjectDn, final SubjectPublicKeyInfo pubKeyInfo, final PrivateKey identityKey) throws CertificateException { ParamUtil.requireNonNull("subjectDn", subjectDn); ParamUtil.requireNonNull("pubKeyInfo", pubKeyInfo); ParamUtil.requireNonNull("identityKey", identityKey); Date notBefore = new Date(System.currentTimeMillis() - 5 * MIN_IN_MS); Date notAfter = new Date(notBefore.getTime() + 30 * DAY_IN_MS); X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(subjectDn, BigInteger.ONE, notBefore, notAfter, subjectDn, pubKeyInfo); X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.dataEncipherment | X509KeyUsage.keyAgreement | X509KeyUsage.keyEncipherment); try {/* w w w . jav a 2 s . c o m*/ certGenerator.addExtension(Extension.keyUsage, true, ku); } catch (CertIOException ex) { throw new CertificateException("could not generate self-signed certificate: " + ex.getMessage(), ex); } String sigAlgorithm = ScepUtil.getSignatureAlgorithm(identityKey, ScepHashAlgoType.SHA1); ContentSigner contentSigner; try { contentSigner = new JcaContentSignerBuilder(sigAlgorithm).build(identityKey); } catch (OperatorCreationException ex) { throw new CertificateException("error while creating signer", ex); } Certificate asn1Cert = certGenerator.build(contentSigner).toASN1Structure(); return toX509Cert(asn1Cert); }