org.bouncycastle.asn1.misc.MiscObjectIdentifiers Java Examples

The following examples show how to use org.bouncycastle.asn1.misc.MiscObjectIdentifiers. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PKCGenerate.java    From ofdrw with Apache License 2.0 4 votes vote down vote up 
/**
 * 签发证书
 *
 * @param p10Obj     证书请求ASN1对象
 * @param root       CA根证书
 * @param privateKey CA私钥
 * @return X509证书对象
 */
public static X509Certificate GenCert(PKCS10CertificationRequest p10Obj,
                                      Certificate root,
                                      PrivateKey privateKey)
        throws GeneralSecurityException,
        IOException,
        OperatorCreationException {
    JcaPKCS10CertificationRequest req = new JcaPKCS10CertificationRequest(p10Obj);
    // 从证书请求中获取到使用DN
    X500Name subject = req.getSubject();

    // 取得根证书的Subject,签发证书的使用者就是根证书的使用者
    X500Name issuer = new X509CertificateHolder(root.getEncoded())
            .getSubject();

    // 根据需求构造实体证书
    X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
            // 颁发者信息
            issuer
            // 证书序列号
            , BigInteger.valueOf(Instant.now().toEpochMilli())
            // 证书生效日期
            , Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant())
            // 证书失效日期
            , Date.from(LocalDateTime.now().plusYears(2).atZone(ZoneId.systemDefault()).toInstant())
            // 使用者信息
            , subject
            // 证书公钥
            , req.getPublicKey())
            // 设置密钥用法
            .addExtension(Extension.keyUsage,
                    false
                    , new X509KeyUsage(X509KeyUsage.digitalSignature
                            | X509KeyUsage.nonRepudiation
                            | X509KeyUsage.keyCertSign))
            // 设置扩展密钥用法:客户端身份认证
            .addExtension(Extension.extendedKeyUsage,
                    false,
                    new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth))
            // 基础约束,标识是否是CA证书,这里false标识为实体证书
            .addExtension(Extension.basicConstraints,
                    false,
                    new BasicConstraints(false))
            // Netscape Cert Type SSL客户端身份认证
            .addExtension(MiscObjectIdentifiers.netscapeCertType,
                    false,
                    new NetscapeCertType(NetscapeCertType.sslClient));

    // 5. 证书签名实现类
    ContentSigner sigGen = new JcaContentSignerBuilder("SM3withSM2")
            .setProvider("BC")
            .build(privateKey);

    // 6. 签发证书
    return new JcaX509CertificateConverter()
            .setProvider("BC")
            .getCertificate(certGen.build(sigGen));
}