List of usage examples for org.bouncycastle.asn1.pkcs Attribute Attribute
public Attribute(ASN1ObjectIdentifier attrType, ASN1Set attrValues)
From source file:chapter6.PKCS10ExtensionExample.java
public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception { // Create a SubjectAlternativeName extension value GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")); // Create the extensions object and add it as an attribute Vector oids = new Vector(); Vector values = new Vector(); oids.add(X509Extensions.SubjectAlternativeName); values.add(new X509Extension(false, new DEROctetString(subjectAltName))); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair.getPrivate()); }
From source file:io.aos.crypto.spl06.PKCS10ExtensionExample.java
License:Apache License
public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception { // create a SubjectAlternativeName extension value GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")); // create the extensions object and add it as an attribute Vector oids = new Vector(); Vector values = new Vector(); oids.add(X509Extensions.SubjectAlternativeName); values.add(new X509Extension(false, new DEROctetString(subjectAltNames))); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair.getPrivate()); }
From source file:me.it_result.ca.bouncycastle.Utils.java
License:Open Source License
public static Attribute generateProfileIdAttribute(String profileId) { return new Attribute(PROFILE_ID_ATTR, new DERSet(new ASN1Encodable[] { new DERPrintableString(profileId) })); }
From source file:me.it_result.ca.bouncycastle.Utils.java
License:Open Source License
public static Attribute generateChallengePasswordAttribute(String challengePassword) { ASN1EncodableVector passwordVector = new ASN1EncodableVector(); passwordVector.add(new DERPrintableString(challengePassword)); Attribute passwordAttribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERSet(passwordVector)); return passwordAttribute; }
From source file:org.clever.Common.XMPPCommunicator.ScepRequest.java
License:Open Source License
public CertificationRequest createCsr(X500Principal subject, PublicKey pubKey, PrivateKey priKey, char[] password) throws GeneralSecurityException, IOException { AlgorithmIdentifier sha1withRsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption); ASN1Set cpSet = new DERSet(new DERPrintableString(new String(password))); Attribute challengePassword = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, cpSet); ASN1Set attrs = new DERSet(challengePassword); SubjectPublicKeyInfo pkInfo = new SubjectPublicKeyInfo( (ASN1Sequence) ASN1Object.fromByteArray(pubKey.getEncoded())); Properties ht = new Properties(); ht.put(X509Principal.CN, this.hostname); ht.put(X509Principal.C, this.C); ht.put(X509Principal.O, this.O); ht.put(X509Principal.OU, this.OU); ht.put(X509Principal.EmailAddress, this.hostname + "@" + this.domain); X509Name nn = new X509Name(ht); X509Name name = new X509Name(subject.toString()); CertificationRequestInfo requestInfo = new CertificationRequestInfo(nn, pkInfo, attrs); Signature signer = Signature.getInstance("SHA1withRSA"); signer.initSign(priKey);/*ww w .ja v a 2 s. c o m*/ signer.update(requestInfo.getEncoded()); byte[] signatureBytes = signer.sign(); DERBitString signature = new DERBitString(signatureBytes); return new CertificationRequest(requestInfo, sha1withRsa, signature); }
From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java
License:Open Source License
protected CertificationRequest generateCSR(KeyPair keyPair, UserInfo userInfo) throws CertException { CertificationRequest csr;/*ww w . java 2s .c om*/ GeneralNames subjectAltName = new GeneralNames( new GeneralName(GeneralName.rfc822Name, userInfo.getUserFields().get(CNField.Email))); Vector<DERObjectIdentifier> objectIdentifiers = new Vector<DERObjectIdentifier>(); Vector<X509Extension> extensionValues = new Vector<X509Extension>(); objectIdentifiers.add(X509Extensions.SubjectAlternativeName); extensionValues.add(new X509Extension(false, new DEROctetString(subjectAltName))); X509Extensions extensions = new X509Extensions(objectIdentifiers, extensionValues); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); try { csr = new PKCS10CertificationRequest(CERT_SIGNATURE_ALGORITHM, userInfo.getX500Principal(), keyPair.getPublic(), new DERSet(attribute), keyPair.getPrivate()); } catch (InvalidKeyException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (java.security.SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return csr; }
From source file:org.primeoservices.cfpass.PassUtils.java
License:Apache License
public static void createSignature(final String directoryPath, final String keyStoreFilePath, final String keyStorePassword) throws Exception { // Add BC provider if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); }/* w w w . j a v a 2 s.c o m*/ // Check directory final File directory = new File(directoryPath); if (directory.exists() && !directory.isDirectory()) { throw new IllegalArgumentException(directoryPath + " is not a directory"); } // Check manifest file final File manifest = new File(directory, "manifest.json"); if (manifest.exists() && !manifest.isFile()) { throw new IllegalArgumentException("File manifest.json doesn't exists"); } // Check key store final File keyStore = new File(keyStoreFilePath); if (keyStore.exists() && !keyStore.isFile()) { throw new IllegalArgumentException("Keystore not found"); } // Load key store final FileInputStream clientStoreIn = new FileInputStream(keyStore); final KeyStore clientStore = KeyStore.getInstance("PKCS12"); clientStore.load(clientStoreIn, keyStorePassword.toCharArray()); // Extract private key and certificate final Enumeration<String> aliases = clientStore.aliases(); String alias = ""; while (aliases.hasMoreElements()) { alias = aliases.nextElement(); if (clientStore.isKeyEntry(alias)) { break; } } final PrivateKey key = (PrivateKey) clientStore.getKey(alias, keyStorePassword.toCharArray()); final X509Certificate cert = (X509Certificate) clientStore.getCertificate(alias); // Load Apple certificate final InputStream appleCertIn = PassUtils.class.getResourceAsStream("/AppleWWDRCA.cer"); final CertificateFactory appleCertFactory = CertificateFactory.getInstance("X.509"); final X509Certificate appleCert = (X509Certificate) appleCertFactory.generateCertificate(appleCertIn); // Signature final ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(key); final ASN1EncodableVector signedAttributes = new ASN1EncodableVector(); final Attribute signingAttribute = new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))); signedAttributes.add(signingAttribute); // Create the signing table final AttributeTable signedAttributesTable = new AttributeTable(signedAttributes); // Create the table table generator that will added to the Signer builder final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator( signedAttributesTable); List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(appleCert); certList.add(cert); Store certs = new JcaCertStore(certList); final CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); generator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) .setSignedAttributeGenerator(signedAttributeGenerator).build(sha1Signer, cert)); generator.addCertificates(certs); final CMSSignedData sigData = generator.generate(new CMSProcessableFile(manifest), false); final byte[] signedDataBytes = sigData.getEncoded(); // Write signature final File signatureFile = new File(directoryPath, "signature"); final FileOutputStream signatureOutputStream = new FileOutputStream(signatureFile); signatureOutputStream.write(signedDataBytes); signatureOutputStream.close(); }
From source file:org.sipfoundry.sipxconfig.cert.CertificateRequestGenerator.java
License:Contributor Agreement License
/** * Take an existing certificate and private key and generate a CSR from that with new company * details but use cert's public key and other details. * * Many deprecated calls, but there's no documentation on what the new calls are *///from w ww .j av a 2 s.c o m public String getCertificateRequestText(String certTxt, String keyTxt) { X509Certificate cert = CertificateUtils.readCertificate(certTxt); PrivateKey key = CertificateUtils.readCertificateKey(keyTxt); X509Principal subject = new X509Principal(getSubject()); try { Vector<ASN1ObjectIdentifier> oids = new Vector<ASN1ObjectIdentifier>(); Vector<X509Extension> values = new Vector<X509Extension>(); copyExtensions(cert, cert.getNonCriticalExtensionOIDs(), false, oids, values); copyExtensions(cert, cert.getCriticalExtensionOIDs(), true, oids, values); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(m_algorithm, subject, cert.getPublicKey(), new DERSet(attribute), key); StringWriter data = new StringWriter(); CertificateUtils.writeObject(data, csr, null); return data.toString(); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } }