在Bouncycastle证书请求上添加KeyUsage扩展

时间:2010-07-08 20:33:34

标签: java request x509certificate bouncycastle

任何人都可以发布一个Java代码,用于向PKCS10 bouncycastle证书请求添加关于KeyUsage的扩展(例如KeyUsage.keyEncipherment)。

我没有找到任何广告我找不到适合使用KeyUsage的X509Extension的构造函数。

由于

2 个答案:

答案 0 :(得分:3)

试试这个

import org.bouncycastle.asn1.x509.KeyUsage;

KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);

X509Extension extension = new X509Extension(true, new DEROctetString(keyUsage));

答案 1 :(得分:2)

这似乎是正确的方法。您必须为CSR构建器添加扩展请求属性:

... generate X500Name name and a SubjectPublicKeInfo spki ...
PKCS10CertificationRequestBuilder p10Builder =
        new PKCS10CertificationRequestBuilder(name,spki);
KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
ExtensionsGenerator extgen = new ExtensionsGenerator();
extgen.addExtension(Extension.keyUsage,true,ku);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
                        extgen.generate());
...set up your signer here ...
PKCS10CertificationRequest csr = p10Builder.build(signer);