List of usage examples for org.bouncycastle.asn1 DERSet DERSet
public DERSet()
From source file:ca.trustpoint.m2m.M2mCertificateFactoryTest.java
License:Apache License
@BeforeClass public static void initializeTests() throws Exception { // Construct certificate data // A full certificate M2mCertificate cert = new M2mCertificate(); // serialNumber byte[] serialNumber = Hex.decode("F964EF36"); cert.setSerialNumber(serialNumber);// ww w. j av a 2s . c o m // cAAlgorithm, CAAlgParams KeyAlgorithmDefinition caKeyDefinition = new KeyAlgorithmDefinition(); caKeyDefinition.setAlgorithm(M2mSignatureAlgorithmOids.ECDSA_SHA512_SECP521R1); caKeyDefinition.setParameters(Hex.decode("102030405060708090A0B0C0E0F0")); cert.setCaKeyDefinition(caKeyDefinition); // issuer EntityName issuer = new EntityName(); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.Country, "CA")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.CommonName, "MyRoot")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.DomainComponent, "DomC")); issuer.addAttribute(new EntityNameAttribute(EntityNameAttributeId.OctetsName, "ca2f00")); cert.setIssuer(issuer); // validFrom Calendar calendar = new GregorianCalendar(2016, 7, 1); Date validFrom = calendar.getTime(); cert.setValidFrom(validFrom); // validDuration cert.setValidDuration(60 * 60 * 24 * 365); // subject EntityName subject = new EntityName(); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.Country, "CA")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.CommonName, "MyTest")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.DomainComponent, "DomC")); subject.addAttribute(new EntityNameAttribute(EntityNameAttributeId.OctetsName, "ca2f01")); cert.setSubject(subject); // pKAlgorithm, pKAlgParams KeyAlgorithmDefinition publicKeyDefinition = new KeyAlgorithmDefinition(); publicKeyDefinition.setAlgorithm(M2mSignatureAlgorithmOids.ECDSA_SHA256_SECP256R1); publicKeyDefinition.setParameters(Hex.decode("0102030405060708090A0B0C0E0F")); cert.setPublicKeyDefinition(publicKeyDefinition); // pubKey byte[] rawPublicKey = Hex.decode("040078EF059D605AB85B6A25A6EF31A1A73A632D3CB04DC606A8CA0B58239661" + "68CFAF6131D8D9B53F6BDF6B62946EC4B41D618FA3FF7F8BBFACBFD4F64FE3C3" + "3DA9D200A47AE528DC50B6F3876D7F5BA3C082D9927751E1A8C4F934D90942B3" + "5C57DFE311B2663E8D0187AD4EDE31BF9CD2AD8317107360522FDB6975AB2CD6" + "6DC029981F"); boolean isCompressed = KeyConversionUtils.isCompressedEcPoint(rawPublicKey); cert.setIsPublicKeyCompressed(isCompressed); PublicKey publicKey = KeyConversionUtils.convertRawBytestoEcPublicKey(rawPublicKey); cert.setPublicKey(publicKey); // authKeyId AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(); authKeyId.setKeyIdentifier(Hex.decode("793F0C56")); GeneralName authKeyIdIssuer = new GeneralName(GeneralNameAttributeId.DnsName, "authKeyIdIssuer"); authKeyId.setCertificateIssuer(authKeyIdIssuer); authKeyId.setCertificateSerialNumber(new BigInteger(Hex.decode("729CB27DAE30"))); cert.setAuthorityKeyIdentifier(authKeyId); // subjKeyId cert.setSubjectKeyIdentifier(Hex.decode("729CB27DAE31")); // keyUsage KeyUsage keyUsage = new KeyUsage(); keyUsage.setDigitalSignature(true); cert.setKeyUsage(keyUsage); // basicConstraints cert.setBasicConstraints(5); // certificatePolicy cert.setCertificatePolicy("1.2.66.148.0.12"); // subjectAltName GeneralName subjectAltName = new GeneralName(GeneralNameAttributeId.DnsName, "subjectAltName"); cert.setSubjectAlternativeName(subjectAltName); // issuerAltName GeneralName issuerAltName = new GeneralName(GeneralNameAttributeId.DnsName, "issuerAltName"); cert.setIssuerAlternativeName(issuerAltName); // extendedKeyUsage cert.setExtendedKeyUsage("1.3.22.174.22"); // authInfoAccessOCSP URI authInfoAccessOCSP = new URI("https://ocsptest.trustpointinnovation.com"); cert.setAuthenticationInfoAccessOcsp(authInfoAccessOCSP); // cRLDistribPointURI URI cRLDistribPointURI = new URI("https://ocsptest.trustpointinnovation.com"); cert.setCrlDistributionPointUri(cRLDistribPointURI); // x509extensions String oid1 = "1.5.24.632.0"; String oid2 = "1.5.24.632.1"; byte[] value1 = Hex.decode("003a772fb1"); byte[] value2 = Hex.decode("98f2b10e27"); cert.addExtension(oid1, true, value1); cert.addExtension(oid2, false, value2); // cACalcValue byte[] caCalcValue = Hex.decode("3081880242014F15CAF8EF38626B2C7CFA85B9544E028668290CADB45F62E215" + "3EAAF5A9D51AF5BF0D02F2C057D3856B5CBFB3529C25B8481405924039FA612D" + "422AE9A1A85591024201868D3DFE5FC2BEDD2F7468B0B17ED2708E76CD0D37C4" + "4F4D0BB88693752046FCFC56D9818B32533B8992923C2C81499400AC44FBBECD" + "6324D8AE1DD41EC73A0B2A"); cert.setCaCalcValue(caCalcValue); // get encoded data fullCertData = cert.getEncoded(); int mySignerIndex = 0; int myIssuerIndex = 1; int bluelineIndex = 2; int certsTotal = 3; // construct certificate array ASN1Encodable[] certArray = new ASN1Encodable[certsTotal]; certArray[mySignerIndex] = ASN1Primitive.fromByteArray(signerData); certArray[myIssuerIndex] = ASN1Primitive.fromByteArray(issuerData); certArray[bluelineIndex] = ASN1Primitive.fromByteArray(rootcaData); ASN1EncodableVector vCerts; // Construct PKI Path encoding input data vCerts = new ASN1EncodableVector(); vCerts.add(certArray[bluelineIndex]); vCerts.add(certArray[myIssuerIndex]); vCerts.add(certArray[mySignerIndex]); pkiPathInputData = new DERSequence(vCerts).getEncoded(); // Construct PKCS7 encoding input data ASN1EncodableVector vContentInfo = new ASN1EncodableVector(); // contentType ASN1ObjectIdentifier contentType = PKCSObjectIdentifiers.data; vContentInfo.add(contentType); // content: signedData ASN1EncodableVector vSignedData = new ASN1EncodableVector(); // version ASN1Integer sdVersion = new ASN1Integer(BigInteger.ONE); vSignedData.add(sdVersion); // digestAlgorithmIds DERSet sdDigestAlgorithmIds = new DERSet(); vSignedData.add(sdDigestAlgorithmIds); // contentInfo without content BERSequence sdContentInfo = new BERSequence(PKCSObjectIdentifiers.data); vSignedData.add(sdContentInfo); // certificates [0] IMPLICIT SET OF certificate vCerts = new ASN1EncodableVector(); vCerts.add(certArray[mySignerIndex]); vCerts.add(certArray[myIssuerIndex]); vCerts.add(certArray[bluelineIndex]); DERTaggedObject sdCertificates = new DERTaggedObject(false, 0, new DERSet(vCerts)); vSignedData.add(sdCertificates); // signerInfos DERSet sdSignerInfos = new DERSet(); vSignedData.add(sdSignerInfos); // content [0] EXPLICIT SEQUENCE signedData BERSequence signedData = new BERSequence(vSignedData); BERTaggedObject content = new BERTaggedObject(true, 0, signedData); vContentInfo.add(content); BERSequence contentInfo = new BERSequence(vContentInfo); pkcs7InputData = contentInfo.getEncoded(); // Contruct cert path data list // Certificates are store in M2MCertPath from target to trust anchor. expectedCertPathData = new byte[][] { signerData, issuerData, rootcaData }; }
From source file:ca.trustpoint.m2m.M2mCertPath.java
License:Apache License
/** * Encode the CertPath using PKCS#7 format. * * @return a byte array containing the binary encoding of the PKCS#7 object * @exception CertificateEncodingException if an exception occurs */// w w w .j a v a2s .c om private byte[] encodePkcs7() throws CertificateEncodingException { ASN1EncodableVector encodedList = new ASN1EncodableVector(); for (M2mCertificate certificate : certificates) { if (isDuplicateCertificate(certificate)) { throw new CertificateEncodingException("Duplicate certificate detected in path."); } try { encodedList.add(ASN1Primitive.fromByteArray(certificate.getEncoded())); } catch (IOException ex) { throw new CertificateEncodingException("Error encoding certificate data.", ex); } } SignedData sd = new SignedData(new ASN1Integer(BigInteger.ONE), // version new DERSet(), // digestAlgorithmIds new ContentInfo(PKCSObjectIdentifiers.data, null), // contentInfo new DERSet(encodedList), // certificates (optional) null, // CRLs (optional) new DERSet() // signerInfos ); // make it a content info sequence ContentInfo ci = new ContentInfo(PKCSObjectIdentifiers.data, sd); try { return ci.getEncoded(); } catch (IOException ex) { throw new CertificateEncodingException("Error encoding certificate path.", ex); } }
From source file:io.airlift.security.csr.TestCertificationRequest.java
License:Apache License
@Test public void test() throws Exception { // test only with state because BC encodes every other value using UTF8String instead of PrintableString used by the JDK String name = "C=country"; KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); generator.initialize(new ECGenParameterSpec("secp256r1")); KeyPair keyPair = generator.generateKeyPair(); CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Principal(name), keyPair.getPublic());//from w ww .ja v a 2s .c o m SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = findSignatureAlgorithmIdentifier( "SHA256withECDSA"); byte[] signature = certificationRequestInfo.sign(signatureAlgorithmIdentifier, keyPair.getPrivate()); CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, signatureAlgorithmIdentifier, signature); assertEquals(certificationRequest.getCertificationRequestInfo(), certificationRequestInfo); assertEquals(certificationRequest.getSignatureAlgorithmIdentifier(), signatureAlgorithmIdentifier); assertEquals(base16().encode(certificationRequest.getSignature()), base16().encode(signature)); assertEquals(certificationRequest, certificationRequest); assertEquals(certificationRequest.hashCode(), certificationRequest.hashCode()); PKCS10CertificationRequest expectedCertificationRequest = new PKCS10CertificationRequest( new org.bouncycastle.asn1.pkcs.CertificationRequest( new org.bouncycastle.asn1.pkcs.CertificationRequestInfo(new X500Name(name), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()), new DERSet()), new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA"), new DERBitString(signature))); assertEquals(base16().encode(certificationRequest.getEncoded()), base16().encode(expectedCertificationRequest.getEncoded())); }
From source file:io.airlift.security.csr.TestCertificationRequestInfo.java
License:Apache License
@Test public void test() throws Exception { // test only with state because BC encodes every other value using UTF8String instead of PrintableString used by the JDK String name = "C=country"; KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); generator.initialize(new ECGenParameterSpec("secp256r1")); KeyPair keyPair = generator.generateKeyPair(); CertificationRequestInfo actualInfo = new CertificationRequestInfo(new X500Principal(name), keyPair.getPublic());/* w ww.j ava2s . c o m*/ assertEquals(actualInfo.getPublicKey(), keyPair.getPublic()); assertEquals(actualInfo.getSubject().getName(), name); assertEquals(actualInfo, actualInfo); assertEquals(actualInfo.hashCode(), actualInfo.hashCode()); org.bouncycastle.asn1.pkcs.CertificationRequestInfo expectedInfo = new org.bouncycastle.asn1.pkcs.CertificationRequestInfo( new X500Name(name), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()), new DERSet()); assertEquals(base16().encode(actualInfo.getEncoded()), base16().encode(expectedInfo.getEncoded("DER"))); SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = findSignatureAlgorithmIdentifier( "SHA256withECDSA"); byte[] actualSignature = actualInfo.sign(signatureAlgorithmIdentifier, keyPair.getPrivate()); Signature signature = Signature.getInstance(signatureAlgorithmIdentifier.getName()); signature.initVerify(keyPair.getPublic()); signature.update(actualInfo.getEncoded()); assertTrue(signature.verify(actualSignature)); }
From source file:mitm.common.security.asn1.ASN1Encoder.java
License:Open Source License
/** * Taken from org.bouncycastle.jce.provider.PKIXCertPath. * //from w w w.j a v a2s .co m * See ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc for info on PKCS#7 encoding */ public static byte[] encodePKCS7(ASN1EncodableVector certificatesVector, ASN1EncodableVector crlsVector) throws IOException { ContentInfo dataContentInfo = new ContentInfo(PKCSObjectIdentifiers.data, null); ASN1Integer version = new ASN1Integer(1); ASN1Set digestAlgorithms = new DERSet(); ASN1Set signerInfos = new DERSet(); ASN1Set crls = null; ASN1Set certificates = null; if (certificatesVector != null) { /* * pre-sort the asn1Certificates vector with a much faster method then DERSet uses */ ASN1EncodableVector sortedASN1Certificates = DERUtils.sortASN1EncodableVector(certificatesVector); certificates = new DERSet(sortedASN1Certificates); } if (crlsVector != null) { /* * pre-sort the asn1Certificates vector with a much faster method then DERSet uses */ ASN1EncodableVector sortedASN1CRLs = DERUtils.sortASN1EncodableVector(crlsVector); crls = new DERSet(sortedASN1CRLs); } SignedData signedData = new SignedData(version, digestAlgorithms, dataContentInfo, certificates, crls, signerInfos); ContentInfo signedContentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, signedData); return DERUtils.toByteArray(signedContentInfo); }
From source file:net.jxta.impl.shell.bin.pse.newcsr.java
License:Open Source License
/** * {@inheritDoc}/*from w w w .j a va2s .c o m*/ */ public int startApp(String[] argv) { ShellEnv env = getEnv(); String credEnvName; GetOpt options = new GetOpt(argv, 0, ""); while (true) { int option; try { option = options.getNextOption(); } catch (IllegalArgumentException badopt) { consoleMessage("Illegal argument :" + badopt); return syntaxError(); } if (-1 == option) { break; } switch (option) { default: consoleMessage("Unrecognized option"); return syntaxError(); } } credEnvName = options.getNextParameter(); if (null == credEnvName) { consoleMessage("Missing <cred> parameter"); return syntaxError(); } if (null != options.getNextParameter()) { consoleMessage("Unsupported parameter"); return syntaxError(); } MembershipService membership = getGroup().getMembershipService(); if (!(membership instanceof PSEMembershipService)) { ModuleImplAdvertisement mia = (ModuleImplAdvertisement) membership.getImplAdvertisement(); consoleMessage("Group membership service is not PSE. (" + mia.getDescription() + ")"); return ShellApp.appMiscError; } PSEMembershipService pse = (PSEMembershipService) membership; if (null == pse.getDefaultCredential()) { consoleMessage("Key store has not been opened."); return ShellApp.appMiscError; } try { ShellObject credEnv = env.get(credEnvName); if (null == credEnv) { consoleMessage("Environment variable '" + credEnvName + "' not found."); return ShellApp.appMiscError; } if (!PSECredential.class.isAssignableFrom(credEnv.getObjectClass())) { consoleMessage("'" + credEnvName + "' is not a is not a PSE credential."); return ShellApp.appMiscError; } PSECredential cred = (PSECredential) credEnv.getObject(); X509Certificate cert = cred.getCertificate(); PrivateKey key = null; try { key = cred.getPrivateKey(); } catch (IllegalStateException notLocal) { //ignored } if (null == key) { consoleMessage("Credential is not a local login credential."); return ShellApp.appMiscError; } PKCS10CertificationRequest csr = new PKCS10CertificationRequest("SHA1withRSA", new X509Principal(cert.getSubjectX500Principal().getEncoded()), cert.getPublicKey(), new DERSet(), key); net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest(); csr_msg.setCSR(csr); XMLDocument asXML = (XMLDocument) csr_msg.getDocument(MimeMediaType.XMLUTF8); ShellObject<XMLDocument> newObj = new ShellObject<XMLDocument>("Certificate Signing Request", asXML); env.add(getReturnVariable(), newObj); } catch (Exception failure) { printStackTrace("Failure while generating csr", failure); return ShellApp.appMiscError; } return ShellApp.appNoError; }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
/** * @see CA#createRequest(Collection, String, Certificate, int) */// w ww . j av a2 s .c o m @Override public byte[] createRequest(CryptoToken cryptoToken, Collection<ASN1Encodable> attributes, String signAlg, Certificate cacert, int signatureKeyPurpose) throws CryptoTokenOfflineException { log.trace( ">createRequest: " + signAlg + ", " + CertTools.getSubjectDN(cacert) + ", " + signatureKeyPurpose); ASN1Set attrset = new DERSet(); if (attributes != null) { log.debug("Adding attributes in the request"); Iterator<ASN1Encodable> iter = attributes.iterator(); ASN1EncodableVector vec = new ASN1EncodableVector(); while (iter.hasNext()) { ASN1Encodable o = (ASN1Encodable) iter.next(); vec.add(o); } attrset = new DERSet(vec); } final X500NameStyle nameStyle; if (getUsePrintableStringSubjectDN()) { nameStyle = PrintableStringNameStyle.INSTANCE; } else { nameStyle = CeSecoreNameStyle.INSTANCE; } X500Name x509dn = CertTools.stringToBcX500Name(getSubjectDN(), nameStyle, getUseLdapDNOrder()); PKCS10CertificationRequest req; try { final CAToken catoken = getCAToken(); final String alias = catoken.getAliasFromPurpose(signatureKeyPurpose); final KeyPair keyPair = new KeyPair(cryptoToken.getPublicKey(alias), cryptoToken.getPrivateKey(alias)); req = CertTools.genPKCS10CertificationRequest(signAlg, x509dn, keyPair.getPublic(), attrset, keyPair.getPrivate(), cryptoToken.getSignProviderName()); log.trace("<createRequest"); return req.getEncoded(); } catch (CryptoTokenOfflineException e) { // NOPMD, since we catch wide below throw e; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.cesecore.certificates.certificate.request.RequestMessageTest.java
License:Open Source License
@Test public void test01Pkcs10RequestMessage() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException { PKCS10CertificationRequest basicpkcs10 = createP10("CN=Test,OU=foo"); PKCS10RequestMessage msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); String username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,OU=foo", msg.getRequestDN()); assertEquals("dNSName=foo1.bar.com", msg.getRequestAltNames()); // Same message by try decoding byte array msg = new PKCS10RequestMessage(basicpkcs10.getEncoded()); username = msg.getUsername();/*from ww w . j a v a 2s . co m*/ assertEquals("Test", username); assertEquals("CN=Test,OU=foo", msg.getRequestDN()); assertEquals("foo123", msg.getPassword()); // Check public key PublicKey pk = msg.getRequestPublicKey(); KeyTools.testKey(keyPair.getPrivate(), pk, "BC"); PKCS10RequestMessage msgempty = new PKCS10RequestMessage(); assertNull(msgempty.getRequestPublicKey()); // Verify POP assertTrue(msg.verify()); assertTrue(msg.verify(pk)); try { KeyPair otherkeys = KeyTools.genKeys("512", "RSA"); assertFalse(msg.verify(otherkeys.getPublic())); } catch (InvalidAlgorithmParameterException e) { assertTrue("Should not throw", false); } // Try different DNs and DN oids X500Name dn = new X500Name("C=SE, O=Foo, CN=Test Testsson"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("C=SE,O=Foo,CN=Test Testsson", msg.getRequestDN()); assertEquals(null, msg.getRequestAltNames()); assertEquals(null, msg.getPassword()); dn = new X500Name("C=SE, O=Foo, CN=Test Testsson"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("C=SE,O=Foo,CN=Test Testsson", msg.getRequestDN()); assertEquals(null, msg.getRequestAltNames()); assertEquals(null, msg.getPassword()); // oid for unstructuredName, will be handles specially by EJBCA dn = new X500Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1 AttrValue2", msg.getRequestDN()); // Completely unknown oid dn = new X500Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test+O=abc"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1\\+\\= AttrValue2+CN=Test+O=abc"); // very strange, but should still be valid basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); }
From source file:org.cesecore.keybind.InternalKeyBindingMgmtSessionBean.java
License:Open Source License
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override/*from w ww . ja va 2s .c o m*/ public byte[] generateCsrForNextKey(AuthenticationToken authenticationToken, int internalKeyBindingId) throws AuthorizationDeniedException, CryptoTokenOfflineException { if (!accessControlSessionSession.isAuthorized(authenticationToken, InternalKeyBindingRules.VIEW.resource() + "/" + internalKeyBindingId)) { final String msg = intres.getLocalizedMessage("authorization.notuathorizedtoresource", InternalKeyBindingRules.VIEW.resource(), authenticationToken.toString()); throw new AuthorizationDeniedException(msg); } final InternalKeyBinding internalKeyBinding = internalKeyBindingDataSession .getInternalKeyBinding(internalKeyBindingId); final int cryptoTokenId = internalKeyBinding.getCryptoTokenId(); final String nextKeyPairAlias = internalKeyBinding.getNextKeyPairAlias(); final String keyPairAlias; if (nextKeyPairAlias == null) { keyPairAlias = internalKeyBinding.getKeyPairAlias(); } else { keyPairAlias = nextKeyPairAlias; } final PublicKey publicKey = cryptoTokenManagementSession .getPublicKey(authenticationToken, cryptoTokenId, keyPairAlias).getPublicKey(); // Chose first available signature algorithm final Collection<String> availableSignatureAlgorithms = AlgorithmTools.getSignatureAlgorithms(publicKey); final String signatureAlgorithm = availableSignatureAlgorithms.iterator().next(); final CryptoToken cryptoToken = cryptoTokenManagementSession.getCryptoToken(cryptoTokenId); final PrivateKey privateKey = cryptoToken.getPrivateKey(keyPairAlias); final X500Name x500Name = CertTools.stringToBcX500Name("CN=Should be ignore by CA"); final String providerName = cryptoToken.getSignProviderName(); try { return CertTools.genPKCS10CertificationRequest(signatureAlgorithm, x500Name, publicKey, new DERSet(), privateKey, providerName).getEncoded(); } catch (OperatorCreationException e) { log.info("CSR generation failed. internalKeyBindingId=" + internalKeyBindingId + ", cryptoTokenId=" + cryptoTokenId + ", keyPairAlias=" + keyPairAlias + ". " + e.getMessage()); } catch (IOException e) { log.info("CSR generation failed. internalKeyBindingId=" + internalKeyBindingId + ", cryptoTokenId=" + cryptoTokenId + ", keyPairAlias=" + keyPairAlias + ". " + e.getMessage()); } return null; }
From source file:org.cesecore.keys.util.KeyStoreTools.java
License:Open Source License
/** Generates a certificate request (CSR) in PKCS#10 format and writes to file * @param alias for the key to be used// w w w.jav a 2s .c om * @param dn the DN to be used. If null the 'CN=alias' will be used * @param explicitEccParameters false should be default and will use NamedCurve encoding of ECC public keys (IETF recommendation), use true to include all parameters explicitly (ICAO ePassport requirement). * @throws Exception */ public void generateCertReq(String alias, String sDN, boolean explicitEccParameters) throws Exception { PublicKey publicKey = getCertificate(alias).getPublicKey(); final PrivateKey privateKey = getPrivateKey(alias); if (log.isDebugEnabled()) { log.debug("alias: " + alias + " SHA1 of public key: " + CertTools.getFingerprintAsString(publicKey.getEncoded())); } String sigAlg = (String) AlgorithmTools.getSignatureAlgorithms(publicKey).iterator().next(); if (sigAlg == null) { sigAlg = "SHA1WithRSA"; } if (sigAlg.contains("ECDSA") && explicitEccParameters) { log.info("Using explicit parameter encoding for ECC key."); publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } else { log.info("Using named curve parameter encoding for ECC key."); } X500Name sDNName = sDN != null ? new X500Name(sDN) : new X500Name("CN=" + alias); final PKCS10CertificationRequest certReq = CertTools.genPKCS10CertificationRequest(sigAlg, sDNName, publicKey, new DERSet(), privateKey, this.keyStore.getProvider().getName()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(publicKey); if (!certReq.isSignatureValid(verifier)) { String msg = intres.getLocalizedMessage("token.errorcertreqverify", alias); throw new Exception(msg); } String filename = alias + ".pem"; final Writer writer = new FileWriter(filename); writer.write(CertTools.BEGIN_CERTIFICATE_REQUEST + "\n"); writer.write(new String(Base64.encode(certReq.getEncoded()))); writer.write("\n" + CertTools.END_CERTIFICATE_REQUEST + "\n"); writer.close(); log.info("Wrote csr to file: " + filename); }