Example usage for org.bouncycastle.asn1.pkcs CertificationRequestInfo getEncoded

List of usage examples for org.bouncycastle.asn1.pkcs CertificationRequestInfo getEncoded

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.pkcs.*
  5. CertificationRequestInfo
  6. getEncoded

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.pkcs CertificationRequestInfo getEncoded.

Prototype

public byte[] getEncoded(String encoding) throws IOException

Source Link

Document

Return either the default for "BER" or a DER encoding if "DER" is specified.

Usage

From source file:io.airlift.security.csr.TestCertificationRequestInfo.java

License:Apache License

@Test
public void test() throws Exception {
    // test only with state because BC encodes every other value using UTF8String instead of PrintableString used by the JDK
    String name = "C=country";

    KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
    generator.initialize(new ECGenParameterSpec("secp256r1"));
    KeyPair keyPair = generator.generateKeyPair();

    CertificationRequestInfo actualInfo = new CertificationRequestInfo(new X500Principal(name),
            keyPair.getPublic());//from   w  ww  .  j  av  a 2s . c  o m
    assertEquals(actualInfo.getPublicKey(), keyPair.getPublic());
    assertEquals(actualInfo.getSubject().getName(), name);
    assertEquals(actualInfo, actualInfo);
    assertEquals(actualInfo.hashCode(), actualInfo.hashCode());

    org.bouncycastle.asn1.pkcs.CertificationRequestInfo expectedInfo = new org.bouncycastle.asn1.pkcs.CertificationRequestInfo(
            new X500Name(name), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()),
            new DERSet());

    assertEquals(base16().encode(actualInfo.getEncoded()), base16().encode(expectedInfo.getEncoded("DER")));

    SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = findSignatureAlgorithmIdentifier(
            "SHA256withECDSA");
    byte[] actualSignature = actualInfo.sign(signatureAlgorithmIdentifier, keyPair.getPrivate());
    Signature signature = Signature.getInstance(signatureAlgorithmIdentifier.getName());
    signature.initVerify(keyPair.getPublic());
    signature.update(actualInfo.getEncoded());
    assertTrue(signature.verify(actualSignature));
}

From source file:org.cesecore.util.CertTools.java

License:Open Source License

/**
 * Generates a PKCS10CertificationRequest
 * /*from  w  ww  .  ja  v a2  s .co  m*/
 * Code Example:
 * -------------
 * An example of putting AltName and a password challenge in an 'attributes' set (taken from RequestMessageTest.test01Pkcs10RequestMessage() ):
 *       
 *      {@code
 *      // Create a P10 with extensions, in this case altNames with a DNS name
 *      ASN1EncodableVector altnameattr = new ASN1EncodableVector();
 *      altnameattr.add(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
 *      // AltNames
 *      GeneralNames san = CertTools.getGeneralNamesFromAltName("dNSName=foo1.bar.com");
 *      ExtensionsGenerator extgen = new ExtensionsGenerator();
 *      extgen.addExtension(Extension.subjectAlternativeName, false, san );
 *      Extensions exts = extgen.generate();
 *      altnameattr.add(new DERSet(exts));
 *    
 *      // Add a challenge password as well
 *      ASN1EncodableVector pwdattr = new ASN1EncodableVector();
 *      pwdattr.add(PKCSObjectIdentifiers.pkcs_9_at_challengePassword); 
 *      ASN1EncodableVector pwdvalues = new ASN1EncodableVector();
 *      pwdvalues.add(new DERUTF8String("foo123"));
 *      pwdattr.add(new DERSet(pwdvalues));
 *    
 *      // Complete the Attribute section of the request, the set (Attributes)
 *      // contains one sequence (Attribute)
 *      ASN1EncodableVector v = new ASN1EncodableVector();
 *      v.add(new DERSequence(altnameattr));
 *      v.add(new DERSequence(pwdattr));
 *      DERSet attributes = new DERSet(v);
 *      }
 * 
 * @param signatureAlgorithm
 * @param subject   The request's subjectDN
 * @param publickey the public key for the certificate requesting signing
 * @param attributes    A set of attributes, for example, extensions, challenge password, etc.
 * @param privateKey the private key used to generate the certificate
 * @param provider
 * @return a PKCS10CertificateRequest based on the input parameters.
 * 
 * @throws OperatorCreationException if an error occurred while creating the signing key
 */
public static PKCS10CertificationRequest genPKCS10CertificationRequest(String signatureAlgorithm,
        X500Name subject, PublicKey publickey, ASN1Set attributes, PrivateKey privateKey, String provider)
        throws OperatorCreationException {

    ContentSigner signer;
    CertificationRequestInfo reqInfo;
    try {
        ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(publickey.getEncoded());
        SubjectPublicKeyInfo pkinfo = new SubjectPublicKeyInfo(seq);
        reqInfo = new CertificationRequestInfo(subject, pkinfo, attributes);

        if (provider == null) {
            provider = BouncyCastleProvider.PROVIDER_NAME;
        }
        signer = new BufferingContentSigner(
                new JcaContentSignerBuilder(signatureAlgorithm).setProvider(provider).build(privateKey), 20480);
        signer.getOutputStream().write(reqInfo.getEncoded(ASN1Encoding.DER));
        signer.getOutputStream().flush();
    } catch (IOException e) {
        throw new IllegalStateException("Unexpected IOException was caught.", e);
    }
    byte[] sig = signer.getSignature();
    DERBitString sigBits = new DERBitString(sig);

    CertificationRequest req = new CertificationRequest(reqInfo, signer.getAlgorithmIdentifier(), sigBits);
    return new PKCS10CertificationRequest(req);
}