我正在使用bouncycastle 1.48创建属性证书请求。由于API中有一些变化(我在这个问题上是初学者),我无法为创建的请求添加属性 我目前的代码是
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair rsaKey = keyGen.generateKeyPair();
PrivateKey privateKey = rsaKey.getPrivate();
PublicKey publicKey = rsaKey.getPublic();
System.out.println(privateKey.getEncoded());
System.out.println(publicKey.getEncoded());
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey);
AlgorithmIdentifier rsaEncryption = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, null);
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(rsaEncryption, publicKey.getEncoded());
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);
X500NameBuilder nameBuilder = new X500NameBuilder();
nameBuilder.addRDN(BCStyle.CN, "test request");
nameBuilder.addRDN(BCStyle.C, "UK");
nameBuilder.addRDN(BCStyle.E,"qwerasd@gmail.com");
nameBuilder.addRDN(BCStyle.GENDER,"M");
X500Name name = nameBuilder.build();
PKCS10CertificationRequestBuilder genReq = new PKCS10CertificationRequestBuilder(name,publicKeyInfo);
PKCS10CertificationRequest request = genReq.build(sigGen);
PEMWriter pemWriter = new PEMWriter(new FileWriter(new File("C:\\certs\\request.txt")));
pemWriter.writeObject(request);
pemWriter.flush();
我的问题是 - 如何为addAttribute方法提供正确的语法? 提前致谢
答案 0 :(得分:2)
这取决于你想要添加的内容。最重要的是要记住证书请求上的属性和证书中的扩展名是不一样的。通常人们会尝试添加一个或多个扩展名,但在这种情况下,您需要使用适当的PKCS#9属性来表示这一点,而不是与扩展名相关联的OID。
比如说,例如,您想要从CA请求特定的KeyUsage扩展,您可以使用以下内容:
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));
genReq.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
然后,CA应假定extensionRequest块包含您想要的扩展名。