为证书请求添加属性，Java + bouncycastle 1.48 [英] Adding attributes to certificate request, java + bouncycastle 1.48

问题描述

我目前正在使用Bouncycastle 1.48创建属性证书请求。由于API进行了一些更改（因此我是新手），因此我无法向创建的请求
添加属性。我当前的代码是

I'm currently working on creating attribute certificate requests using bouncycastle 1.48. Since there were some changes in API (and I'm beginner in this matter) I am unnable to add attributes to created request My current code is

        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);

    KeyPair rsaKey = keyGen.generateKeyPair();
    PrivateKey privateKey = rsaKey.getPrivate();
    PublicKey publicKey = rsaKey.getPublic();

    System.out.println(privateKey.getEncoded());
    System.out.println(publicKey.getEncoded());
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey);
    AlgorithmIdentifier rsaEncryption = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, null); 
    SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(rsaEncryption, publicKey.getEncoded());
    Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);
    X500NameBuilder nameBuilder = new X500NameBuilder();
    nameBuilder.addRDN(BCStyle.CN, "test request");
    nameBuilder.addRDN(BCStyle.C, "UK");
    nameBuilder.addRDN(BCStyle.E,"qwerasd@gmail.com");
    nameBuilder.addRDN(BCStyle.GENDER,"M");
    X500Name name = nameBuilder.build();

    PKCS10CertificationRequestBuilder genReq = new PKCS10CertificationRequestBuilder(name,publicKeyInfo);
    PKCS10CertificationRequest request = genReq.build(sigGen);
    PEMWriter pemWriter = new PEMWriter(new FileWriter(new File("C:\\certs\\request.txt")));
    pemWriter.writeObject(request);
    pemWriter.flush();      

我的问题是-addAttribute方法的正确语法应如何？
预先感谢

My question is - how should proper syntax looks like for addAttribute method? Thanks in advance

推荐答案

这取决于您要添加的内容。最主要的是要记住，证书请求中的属性和证书中的扩展名不是同一回事。通常，人们正在尝试添加一个或多个扩展名，但是在那种情况下，您需要使用适当的PKCS＃9属性来表示这一点，而不是与该扩展名关联的OID。

It depends what you want to add. The main thing is to remember that attributes on a certificate request and extensions in a certificate are not the same thing. Generally people are trying to add one or more extensions, but in that case you need to use the appropriate PKCS#9 attribute to signify this, not the OID associated with the extension.

例如，如果您想从CA请求特定的KeyUsage扩展，则将具有以下内容：

Say, for example, you wanted to request a specific KeyUsage extension from the CA, you would have something like:

ExtensionsGenerator extGen = new ExtensionsGenerator();

extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));

genReq.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());

CA随后应将extensionRequest块视为包含所需扩展名。

The extensionRequest block should then be assumed by the CA to contain the extensions you want.

这篇关于为证书请求添加属性，Java + bouncycastle 1.48的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！