开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 加密解密 > 查看源码
AttrCertExample.java
资源名称:BouncyCastleTest.rar [点击查看]
上传用户:mbg588933
上传日期:2022-08-05
资源大小:10k
文件大小:12k
源码类别:

加密解密

开发平台:

Java

AttrCertExample.java:源码内容
  3. import java.security.cert.*;
  4. import java.security.spec.RSAPrivateCrtKeySpec;
  5. import java.security.spec.RSAPublicKeySpec;
  6. import java.security.*;
  7. import java.math.*;
  8. import java.util.Date;
  9. import java.util.Hashtable;
  10. import java.util.Vector;
  12. import org.bouncycastle.jce.X509Principal;
  13. import org.bouncycastle.jce.provider.*;
  14. import org.bouncycastle.asn1.*;
  15. import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
  16. import org.bouncycastle.asn1.misc.NetscapeCertType;
  17. import org.bouncycastle.asn1.x509.GeneralName;
  18. import org.bouncycastle.x509.*;
  20. /**
  21.  * A simple example that generates an attribute certificate.
  22.  */
  23. public class AttrCertExample
  24. {
  25.     static X509V1CertificateGenerator  v1CertGen = new X509V1CertificateGenerator();
  26.     static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
  27.     
  28.     /**
  29.      * we generate the AC issuer's certificate
  30.      */
  31.     public static X509Certificate createAcIssuerCert(
  32.         PublicKey       pubKey,
  33.         PrivateKey      privKey)
  34.         throws Exception
  35.     {
  36.         //
  37.         // signers name 
  38.         //
  39.         String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
  41.         //
  42.         // subjects name - the same as we are self signed.
  43.         //
  44.         String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
  46.         //
  47.         // create the certificate - version 1
  48.         //f
  50.         v1CertGen.setSerialNumber(BigInteger.valueOf(10));
  51.         v1CertGen.setIssuerDN(new X509Principal(issuer));
  52.         v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
  53.         v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
  54.         v1CertGen.setSubjectDN(new X509Principal(subject));
  55.         v1CertGen.setPublicKey(pubKey);
  56.         v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
  58.         X509Certificate cert = v1CertGen.generateX509Certificate(privKey);
  60.         cert.checkValidity(new Date());
  62.         cert.verify(pubKey);
  64.         return cert;
  65.     }
  66.     
  67.     /**
  68.      * we generate a certificate signed by our CA's intermediate certficate
  69.      */
  70.     public static X509Certificate createClientCert(
  71.         PublicKey       pubKey,
  72.         PrivateKey      caPrivKey,
  73.         PublicKey       caPubKey)
  74.         throws Exception
  75.     {
  76.         //
  77.         // issuer
  78.         //
  79.         String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
  81.         //
  82.         // subjects name table.
  83.         //
  84.         Hashtable                   attrs = new Hashtable();
  85.         Vector                      order = new Vector();
  87.         attrs.put(X509Principal.C, "AU");
  88.         attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
  89.         attrs.put(X509Principal.L, "Melbourne");
  90.         attrs.put(X509Principal.CN, "Eric H. Echidna");
  91.         attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
  93.         order.addElement(X509Principal.C);
  94.         order.addElement(X509Principal.O);
  95.         order.addElement(X509Principal.L);
  96.         order.addElement(X509Principal.CN);
  97.         order.addElement(X509Principal.EmailAddress);
  99.         //
  100.         // create the certificate - version 3
  101.         //
  102.         v3CertGen.reset();
  104.         v3CertGen.setSerialNumber(BigInteger.valueOf(20));
  105.         v3CertGen.setIssuerDN(new X509Principal(issuer));
  106.         v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
  107.         v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
  108.         v3CertGen.setSubjectDN(new X509Principal(order, attrs));
  109.         v3CertGen.setPublicKey(pubKey);
  110.         v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
  112.         //
  113.         // add the extensions
  114.         //
  116.         v3CertGen.addExtension(
  117.             MiscObjectIdentifiers.netscapeCertType,
  118.             false,
  119.             new NetscapeCertType(NetscapeCertType.objectSigning | NetscapeCertType.smime));
  121.         X509Certificate cert = v3CertGen.generateX509Certificate(caPrivKey);
  123.         cert.checkValidity(new Date());
  125.         cert.verify(caPubKey);
  127.         return cert;
  128.     }
  129.     
  130.     public static void main(String args[])
  131.         throws Exception
  132.     {
  133.         Security.addProvider(new BouncyCastleProvider());
  135.         //
  136.         // personal keys
  137.         //
  138.         RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
  139.             new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
  140.             new BigInteger("11", 16));
  142.         RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
  143.             new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
  144.             new BigInteger("11", 16),
  145.             new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
  146.             new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
  147.             new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
  148.             new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
  149.             new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
  150.             new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
  152.         //
  153.         // ca keys
  154.         //
  155.         RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
  156.             new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
  157.             new BigInteger("11", 16));
  159.         RSAPrivateCrtKeySpec   caPrivKeySpec = new RSAPrivateCrtKeySpec(
  160.             new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
  161.             new BigInteger("11", 16),
  162.             new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
  163.             new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
  164.             new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
  165.             new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
  166.             new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
  167.             new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
  169.         //
  170.         // set up the keys
  171.         //
  172.         KeyFactory          fact = KeyFactory.getInstance("RSA", "BC");
  173.         PrivateKey          caPrivKey = fact.generatePrivate(caPrivKeySpec);
  174.         PublicKey           caPubKey = fact.generatePublic(caPubKeySpec);
  175.         PrivateKey          privKey = fact.generatePrivate(privKeySpec);
  176.         PublicKey           pubKey = fact.generatePublic(pubKeySpec);
  178.         //
  179.         // note in this case we are using the CA certificate for both the client cetificate
  180.         // and the attribute certificate. This is to make the vcode simpler to read, in practice
  181.         // the CA for the attribute certificate should be different to that of the client certificate
  182.         //
  183.         X509Certificate     caCert = createAcIssuerCert(caPubKey, caPrivKey);
  184.         X509Certificate     clientCert = createClientCert(pubKey, caPrivKey, caPubKey);
  186.         // Instantiate a new AC generator
  187.         X509V2AttributeCertificateGenerator acGen = new X509V2AttributeCertificateGenerator();
  189.         acGen.reset();
  191.         //
  192.         // Holder: here we use the IssuerSerial form
  193.         //
  194.         acGen.setHolder(new AttributeCertificateHolder(clientCert));
  196.         // set the Issuer
  197.         acGen.setIssuer(new AttributeCertificateIssuer(caCert.getSubjectX500Principal()));
  199.         //
  200.         // serial number (as it's an example we don't have to keep track of the
  201.         // serials anyway
  202.         //
  203.         acGen.setSerialNumber(new BigInteger("1"));
  205.         // not Before
  206.         acGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
  208.         // not After
  209.         acGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
  211.         // signature Algorithmus
  212.         acGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
  214.         // the actual attributes
  215.         GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
  216.         ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
  217.         roleSyntax.add(roleName);
  219.         // roleSyntax OID: 2.5.24.72
  220.         X509Attribute attributes = new X509Attribute("2.5.24.72",
  221.                 new DERSequence(roleSyntax));
  223.         acGen.addAttribute(attributes);
  225.         //      finally create the AC
  226.         X509V2AttributeCertificate att = (X509V2AttributeCertificate)acGen
  227.                 .generateCertificate(caPrivKey, "BC");
  229.         //
  230.         // starting here, we parse the newly generated AC
  231.         //
  233.         // Holder
  235.         AttributeCertificateHolder h = att.getHolder();
  236.         if (h.match(clientCert))
  237.         {
  238.             if (h.getEntityNames() != null)
  239.             {
  240.                 System.out.println(h.getEntityNames().length + " entity names found");
  241.             }
  242.             if (h.getIssuer() != null)
  243.             {
  244.                 System.out.println(h.getIssuer().length + " issuer names found, serial number " + h.getSerialNumber());
  245.             }
  246.             System.out.println("Matches original client x509 cert");
  247.         }
  249.         // Issuer
  250.         
  251.         AttributeCertificateIssuer issuer = att.getIssuer();
  252.         if (issuer.match(caCert))
  253.         {
  254.             if (issuer.getPrincipals() != null)
  255.             {
  256.                 System.out.println(issuer.getPrincipals().length + " entity names found");
  257.             }
  258.             System.out.println("Matches original ca x509 cert");
  259.         }
  260.         
  261.         // Dates
  262.         System.out.println("valid not before: " + att.getNotBefore());
  263.         System.out.println("valid not before: " + att.getNotAfter());
  265.         // check the dates, an exception is thrown in checkValidity()...
  267.         try
  268.         {
  269.             att.checkValidity();
  270.             att.checkValidity(new Date());
  271.         }
  272.         catch (Exception e)
  273.         {
  274.             System.out.println(e);
  275.         }
  277.         // verify
  279.         try
  280.         {
  281.             att.verify(caPubKey, "BC");
  282.         }
  283.         catch (Exception e)
  284.         {
  285.             System.out.println(e);
  286.         }
  288.         // Attribute
  289.         X509Attribute[] attribs = att.getAttributes();
  290.         System.out.println("cert has " + attribs.length + " attributes:");
  291.         for (int i = 0; i < attribs.length; i++)
  292.         {
  293.             X509Attribute a = attribs[i];
  294.             System.out.println("OID: " + a.getOID());
  295.             
  296.             // currently we only check for the presence of a 'RoleSyntax' attribute
  298.             if (a.getOID().equals("2.5.24.72"))
  299.             {
  300.                 System.out.println("rolesyntax read from cert!");
  301.             }
  302.         }
  303.     }
  304. }