List of usage examples for org.bouncycastle.asn1.pkcs CertificationRequest getInstance
public static CertificationRequest getInstance(Object o)
From source file:org.dcache.srm.client.GsiConnectionSocketFactory.java
License:Open Source License
private void delegate(Socket socket, HttpClientTransport.Delegation delegation, X509Credential credential) throws IOException { if (delegation != null) { switch (delegation) { case SKIP: break; case NONE: socket.getOutputStream().write('0'); socket.getOutputStream().flush(); break; case LIMITED: case FULL: socket.getOutputStream().write('D'); socket.getOutputStream().flush(); try { // read csr ASN1InputStream dIn = new ASN1InputStream(socket.getInputStream()); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( CertificationRequest.getInstance(dIn.readObject())); // generate proxy ProxyRequestOptions options = new ProxyRequestOptions(credential.getCertificateChain(), csr); options.setLimited(delegation == HttpClientTransport.Delegation.LIMITED); X509Certificate[] chain = ProxyGenerator.generate(options, credential.getKey()); // send to server socket.getOutputStream().write(chain[0].getEncoded()); socket.getOutputStream().flush(); } catch (SignatureException | NoSuchProviderException | CertificateEncodingException | InvalidKeyException | NoSuchAlgorithmException | CertificateParsingException e) { throw new IOException("Failed to signed CSR during delegation: " + e.getMessage(), e); }/*from w ww . j a va 2s . c o m*/ break; } } }
From source file:org.jruby.ext.openssl.impl.PKCS10Request.java
License:LGPL
public PKCS10Request(byte[] bytes) { this(CertificationRequest.getInstance(bytes)); }
From source file:org.jruby.ext.openssl.impl.PKCS10Request.java
License:LGPL
public PKCS10Request(ASN1Sequence sequence) { this(CertificationRequest.getInstance(sequence)); }
From source file:org.xipki.ca.client.shell.P10EnrollCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { CertificationRequest p10Req = CertificationRequest.getInstance(IoUtil.read(p10File)); EnrollCertResult result;/*from ww w .j a va2 s . c o m*/ RequestResponseDebug debug = getRequestResponseDebug(); try { result = caClient.requestCert(p10Req, profile, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert == null) { throw new CmdFailure("no certificate received from the server"); } File certFile = new File(outputFile); saveVerbose("certificate saved to file", certFile, cert.getEncoded()); return null; }
From source file:org.xipki.ca.qa.shell.CheckCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { Set<String> issuerNames = qaSystemManager.getIssuerNames(); if (isEmpty(issuerNames)) { throw new IllegalCmdParamException("no issuer is configured"); }// w ww. ja v a 2s .co m if (issuerName == null) { if (issuerNames.size() != 1) { throw new IllegalCmdParamException("no issuer is specified"); } issuerName = issuerNames.iterator().next(); } if (issuerNames.contains(issuerName) == false) { throw new IllegalCmdParamException( "issuer " + issuerName + " is not within the configured issuers " + issuerNames); } X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName); X509CertprofileQA qa = qaSystemManager.getCertprofile(profileName); if (qa == null) { throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'"); } CertificationRequest p10Req = CertificationRequest.getInstance(IoUtil.read(p10File)); Extensions extensions = null; ASN1Set attrs = p10Req.getCertificationRequestInfo().getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { extensions = Extensions.getInstance(attr.getAttributeValues()[0]); } } byte[] certBytes = IoUtil.read(certFile); ValidationResult result = qa.checkCert(certBytes, issuerInfo, p10Req.getCertificationRequestInfo().getSubject(), p10Req.getCertificationRequestInfo().getSubjectPublicKeyInfo(), extensions); StringBuilder sb = new StringBuilder(); sb.append("certificate is "); sb.append(result.isAllSuccessful() ? "valid" : "invalid"); if (verbose.booleanValue()) { for (ValidationIssue issue : result.getValidationIssues()) { sb.append("\n"); format(issue, " ", sb); } } out(sb.toString()); if (result.isAllSuccessful() == false) { throw new CmdFailure("certificate is invalid"); } return null; }
From source file:org.xipki.ca.qa.shell.NegP10EnrollCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { CertificationRequest p10Req = CertificationRequest.getInstance(IoUtil.read(p10File)); EnrollCertResult result;//from www .ja va 2s. co m RequestResponseDebug debug = getRequestResponseDebug(); try { result = caClient.requestCert(p10Req, profile, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert != null) { throw new CmdFailure("no certificate is excepted, but received one"); } return null; }
From source file:org.xipki.ca.server.impl.CAManagerImpl.java
License:Open Source License
@Override public X509Certificate generateCertificate(final String caName, final String profileName, final String user, final byte[] encodedPkcs10Request) throws CAMgmtException { ParamChecker.assertNotBlank("caName", caName); ParamChecker.assertNotBlank("profileName", profileName); ParamChecker.assertNotNull("encodedPkcs10Request", encodedPkcs10Request); X509CA ca = getX509CA(caName);/*from w w w .j a va2s . c o m*/ CertificationRequest p10cr; try { p10cr = CertificationRequest.getInstance(encodedPkcs10Request); } catch (Exception e) { throw new CAMgmtException("invalid PKCS#10 request. ERROR: " + e.getMessage()); } if (securityFactory.verifyPOPO(p10cr) == false) { throw new CAMgmtException("could not validate POP for the pkcs#10 requst"); } CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo(); Extensions extensions = null; ASN1Set attrs = certTemp.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { extensions = Extensions.getInstance(attr.getAttributeValues()[0]); } } X500Name subject = certTemp.getSubject(); SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo(); X509CertificateInfo certInfo; try { certInfo = ca.generateCertificate(false, null, profileName, user, subject, publicKeyInfo, null, null, extensions); } catch (OperationException e) { throw new CAMgmtException(e.getMessage(), e); } return certInfo.getCert().getCert(); }
From source file:org.xipki.ca.server.impl.CAManagerImpl.java
License:Open Source License
@Override public X509Certificate generateRootCA(final X509CAEntry caEntry, final String certprofileName, final byte[] p10Req) throws CAMgmtException { ParamChecker.assertNotNull("caEntry", caEntry); ParamChecker.assertNotBlank("certprofileName", certprofileName); ParamChecker.assertNotNull("p10Req", p10Req); String name = caEntry.getName(); long nextSerial = caEntry.getNextSerial(); int numCrls = caEntry.getNumCrls(); int expirationPeriod = caEntry.getExpirationPeriod(); int nextCrlNumber = caEntry.getNextCRLNumber(); CAStatus status = caEntry.getStatus(); List<String> crl_uris = caEntry.getCrlUris(); List<String> delta_crl_uris = caEntry.getDeltaCrlUris(); List<String> ocsp_uris = caEntry.getOcspUris(); List<String> cacert_uris = caEntry.getCacertUris(); String signer_type = caEntry.getSignerType(); String signer_conf = caEntry.getSignerConf(); asssertMasterMode();/* ww w . j a va 2 s. c o m*/ if (nextSerial < 0) { System.err.println("invalid serial number: " + nextSerial); return null; } if (numCrls < 0) { System.err.println("invalid numCrls: " + numCrls); return null; } if (expirationPeriod < 0) { System.err.println("invalid expirationPeriod: " + expirationPeriod); return null; } CertificationRequest p10Request; if (p10Req == null) { System.err.println("p10Req is null"); return null; } try { p10Request = CertificationRequest.getInstance(p10Req); } catch (Exception e) { System.err.println("invalid p10Req"); return null; } IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(certprofileName); if (certprofile == null) { throw new CAMgmtException("unknown cert profile " + certprofileName); } long serialOfThisCert; if (nextSerial > 0) { serialOfThisCert = nextSerial; nextSerial++; } else { serialOfThisCert = RandomSerialNumberGenerator.getInstance().getSerialNumber().longValue(); } GenerateSelfSignedResult result; try { result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signer_type, signer_conf, certprofile, p10Request, serialOfThisCert, cacert_uris, ocsp_uris, crl_uris, delta_crl_uris); } catch (OperationException | ConfigurationException e) { throw new CAMgmtException(e.getClass().getName() + ": " + e.getMessage(), e); } String signerConf = result.getSignerConf(); X509Certificate caCert = result.getCert(); if ("PKCS12".equalsIgnoreCase(signer_type) || "JKS".equalsIgnoreCase(signer_type)) { try { signerConf = canonicalizeSignerConf(signer_type, signerConf, securityFactory.getPasswordResolver(), new X509Certificate[] { caCert }); } catch (Exception e) { throw new CAMgmtException(e.getClass().getName() + ": " + e.getMessage(), e); } } X509CAEntry entry = new X509CAEntry(name, nextSerial, nextCrlNumber, signer_type, signerConf, cacert_uris, ocsp_uris, crl_uris, delta_crl_uris, numCrls, expirationPeriod); entry.setCertificate(caCert); entry.setCmpControlName(caEntry.getCmpControlName()); entry.setCrlSignerName(caEntry.getCrlSignerName()); entry.setDuplicateKeyMode(caEntry.getDuplicateKeyMode()); entry.setDuplicateSubjectMode(caEntry.getDuplicateSubjectMode()); entry.setExtraControl(caEntry.getExtraControl()); entry.setMaxValidity(caEntry.getMaxValidity()); entry.setPermissions(caEntry.getPermissions()); entry.setResponderName(caEntry.getResponderName()); entry.setStatus(status); entry.setValidityMode(caEntry.getValidityMode()); addCA(entry); return caCert; }
From source file:org.xipki.commons.security.shell.CertRequestValidateCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile)); String sigAlgo = AlgorithmUtil.getSignatureAlgoName(csr.getSignatureAlgorithm()); boolean bo = securityFactory.verifyPopo(csr, null); String txt = bo ? "valid" : "invalid"; println("The POP is " + txt + " (signature algorithm " + sigAlgo + ")."); return null;//from www. j a v a 2s .co m }
From source file:org.xipki.pki.ca.client.shell.CsrEnrollCertCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile)); Date notBefore = StringUtil.isNotBlank(notBeforeS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS) : null; Date notAfter = StringUtil.isNotBlank(notAfterS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS) : null; EnrollCertResult result;//from ww w . j av a 2 s . co m RequestResponseDebug debug = getRequestResponseDebug(); try { result = caClient.requestCert(caName, csr, profile, user, notBefore, notAfter, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert == null) { throw new CmdFailure("no certificate received from the server"); } File certFile = new File(outputFile); saveVerbose("certificate saved to file", certFile, cert.getEncoded()); return null; }