Example usage for org.bouncycastle.asn1.pkcs CertificationRequest CertificationRequest

List of usage examples for org.bouncycastle.asn1.pkcs CertificationRequest CertificationRequest

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.pkcs.*
  5. CertificationRequest
  6. CertificationRequest

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.pkcs CertificationRequest CertificationRequest.

Prototype

public CertificationRequest(CertificationRequestInfo requestInfo, AlgorithmIdentifier algorithm,
            DERBitString signature)

Source Link

Usage

From source file:org.cesecore.util.CertTools.java

License:Open Source License

/**
 * Generates a PKCS10CertificationRequest
 * //from   w  w  w .j av a  2s . c o m
 * Code Example:
 * -------------
 * An example of putting AltName and a password challenge in an 'attributes' set (taken from RequestMessageTest.test01Pkcs10RequestMessage() ):
 *       
 *      {@code
 *      // Create a P10 with extensions, in this case altNames with a DNS name
 *      ASN1EncodableVector altnameattr = new ASN1EncodableVector();
 *      altnameattr.add(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
 *      // AltNames
 *      GeneralNames san = CertTools.getGeneralNamesFromAltName("dNSName=foo1.bar.com");
 *      ExtensionsGenerator extgen = new ExtensionsGenerator();
 *      extgen.addExtension(Extension.subjectAlternativeName, false, san );
 *      Extensions exts = extgen.generate();
 *      altnameattr.add(new DERSet(exts));
 *    
 *      // Add a challenge password as well
 *      ASN1EncodableVector pwdattr = new ASN1EncodableVector();
 *      pwdattr.add(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); 
 *      ASN1EncodableVector pwdvalues = new ASN1EncodableVector();
 *      pwdvalues.add(new DERUTF8String("foo123"));
 *      pwdattr.add(new DERSet(pwdvalues));
 *    
 *      // Complete the Attribute section of the request, the set (Attributes)
 *      // contains one sequence (Attribute)
 *      ASN1EncodableVector v = new ASN1EncodableVector();
 *      v.add(new DERSequence(altnameattr));
 *      v.add(new DERSequence(pwdattr));
 *      DERSet attributes = new DERSet(v);
 *      }
 * 
 * @param signatureAlgorithm
 * @param subject   The request's subjectDN
 * @param publickey the public key for the certificate requesting signing
 * @param attributes    A set of attributes, for example, extensions, challenge password, etc.
 * @param privateKey the private key used to generate the certificate
 * @param provider
 * @return a PKCS10CertificateRequest based on the input parameters.
 * 
 * @throws OperatorCreationException if an error occurred while creating the signing key
 */
public static PKCS10CertificationRequest genPKCS10CertificationRequest(String signatureAlgorithm,
        X500Name subject, PublicKey publickey, ASN1Set attributes, PrivateKey privateKey, String provider)
        throws OperatorCreationException {

    ContentSigner signer;
    CertificationRequestInfo reqInfo;
    try {
        ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(publickey.getEncoded());
        SubjectPublicKeyInfo pkinfo = new SubjectPublicKeyInfo(seq);
        reqInfo = new CertificationRequestInfo(subject, pkinfo, attributes);

        if (provider == null) {
            provider = BouncyCastleProvider.PROVIDER_NAME;
        }
        signer = new BufferingContentSigner(
                new JcaContentSignerBuilder(signatureAlgorithm).setProvider(provider).build(privateKey), 20480);
        signer.getOutputStream().write(reqInfo.getEncoded(ASN1Encoding.DER));
        signer.getOutputStream().flush();
    } catch (IOException e) {
        throw new IllegalStateException("Unexpected IOException was caught.", e);
    }
    byte[] sig = signer.getSignature();
    DERBitString sigBits = new DERBitString(sig);

    CertificationRequest req = new CertificationRequest(reqInfo, signer.getAlgorithmIdentifier(), sigBits);
    return new PKCS10CertificationRequest(req);
}

From source file:org.clever.Common.XMPPCommunicator.ScepRequest.java

License:Open Source License

public CertificationRequest createCsr(X500Principal subject, PublicKey pubKey, PrivateKey priKey,
        char[] password) throws GeneralSecurityException, IOException {
    AlgorithmIdentifier sha1withRsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);

    ASN1Set cpSet = new DERSet(new DERPrintableString(new String(password)));
    Attribute challengePassword = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, cpSet);
    ASN1Set attrs = new DERSet(challengePassword);

    SubjectPublicKeyInfo pkInfo = new SubjectPublicKeyInfo(
            (ASN1Sequence) ASN1Object.fromByteArray(pubKey.getEncoded()));

    Properties ht = new Properties();
    ht.put(X509Principal.CN, this.hostname);
    ht.put(X509Principal.C, this.C);
    ht.put(X509Principal.O, this.O);
    ht.put(X509Principal.OU, this.OU);
    ht.put(X509Principal.EmailAddress, this.hostname + "@" + this.domain);
    X509Name nn = new X509Name(ht);

    X509Name name = new X509Name(subject.toString());

    CertificationRequestInfo requestInfo = new CertificationRequestInfo(nn, pkInfo, attrs);

    Signature signer = Signature.getInstance("SHA1withRSA");
    signer.initSign(priKey);//  ww w  . jav  a2  s.  c o  m
    signer.update(requestInfo.getEncoded());
    byte[] signatureBytes = signer.sign();
    DERBitString signature = new DERBitString(signatureBytes);

    return new CertificationRequest(requestInfo, sha1withRsa, signature);
}