任何人都可以发布一个Java代码,用于向PKCS10 bouncycastle证书请求添加关于KeyUsage的扩展(例如KeyUsage.keyEncipherment)。
我没有找到任何广告我找不到适合使用KeyUsage的X509Extension的构造函数。
由于
答案 0 :(得分:3)
试试这个
import org.bouncycastle.asn1.x509.KeyUsage;
KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
X509Extension extension = new X509Extension(true, new DEROctetString(keyUsage));
答案 1 :(得分:2)
这似乎是正确的方法。您必须为CSR构建器添加扩展请求属性:
... generate X500Name name and a SubjectPublicKeInfo spki ...
PKCS10CertificationRequestBuilder p10Builder =
new PKCS10CertificationRequestBuilder(name,spki);
KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
ExtensionsGenerator extgen = new ExtensionsGenerator();
extgen.addExtension(Extension.keyUsage,true,ku);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extgen.generate());
...set up your signer here ...
PKCS10CertificationRequest csr = p10Builder.build(signer);