List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_extensionRequest
ASN1ObjectIdentifier pkcs_9_at_extensionRequest
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_extensionRequest.
Click Source Link
From source file:edu.washington.iam.tools.IamCertificateHelper.java
License:Apache License
public static int parseCsr(IamCertificate cert) throws IamCertificateException { try {/*from ww w.j av a 2 s.c o m*/ PEMReader pRd = new PEMReader(new StringReader(cert.pemRequest)); PKCS10CertificationRequest request = (PKCS10CertificationRequest) pRd.readObject(); if (request == null) throw new IamCertificateException("invalid CSR (request)"); CertificationRequestInfo info = request.getCertificationRequestInfo(); if (info == null) throw new IamCertificateException("invalid CSR (info)"); X509Name dn = info.getSubject(); if (dn == null) throw new IamCertificateException("invalid CSR (dn)"); log.debug("dn=" + dn.toString()); cert.dn = dn.toString(); try { List cns = dn.getValues(X509Name.CN); cert.cn = (String) (cns.get(0)); log.debug("cn=" + cert.cn); cert.names.add(cert.cn); // first entry for names is always cn cns = dn.getValues(X509Name.C); cert.dnC = (String) (cns.get(0)); cns = dn.getValues(X509Name.ST); cert.dnST = (String) (cns.get(0)); } catch (Exception e) { log.debug("get cn error: " + e); throw new IamCertificateException("invalid CSR"); } // see if we've got alt names (in extensions) ASN1Set attrs = info.getAttributes(); if (attrs != null) { for (int a = 0; a < attrs.size(); a++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(a)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // is the extension X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); // get the subAltName extension DERObjectIdentifier sanoid = new DERObjectIdentifier( X509Extensions.SubjectAlternativeName.getId()); X509Extension xext = extensions.getExtension(sanoid); if (xext != null) { log.debug("processing altname extensions"); ASN1Object asn1 = X509Extension.convertValueToObject(xext); Enumeration dit = DERSequence.getInstance(asn1).getObjects(); while (dit.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(dit.nextElement()); log.debug("altname tag=" + gn.getTagNo()); log.debug("altname name=" + gn.getName().toString()); if (gn.getTagNo() == GeneralName.dNSName) cert.names.add(gn.getName().toString()); } } } } } // check key size PublicKey pk = request.getPublicKey(); log.debug("key alg = " + pk.getAlgorithm()); log.debug("key fmt = " + pk.getFormat()); if (pk.getAlgorithm().equals("RSA")) { RSAPublicKey rpk = (RSAPublicKey) pk; cert.keySize = rpk.getModulus().bitLength(); log.debug("key size = " + cert.keySize); } } catch (IOException e) { log.debug("ioerror: " + e); throw new IamCertificateException("invalid CSR " + e.getMessage()); } catch (Exception e) { log.debug("excp: " + e); throw new IamCertificateException("invalid CSR"); } return 1; }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * A method to build PKCS10 Certification request (BC style) * @param subject: the subject info/data in X500Name format * @param kp: the subject's key pair/*from w w w. jav a2 s . c o m*/ * @param subjectAltName: subject's UFN * @return * @throws Exception */ public static PKCS10CertificationRequest buildCertificateRequest(X500Name subject, AsymmetricCipherKeyPair kp, String subjectAltName) throws Exception { String sigName = "SHA1withECDSA"; SignatureAlgorithmIdentifierFinder algFinder = new DefaultSignatureAlgorithmIdentifierFinder(); PKCS10CertificationRequestBuilder requestBuilder = new BcPKCS10CertificationRequestBuilder(subject, kp.getPublic()); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, subjectAltName + "@betaas.eu"))); requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); AlgorithmIdentifier sigAlg = algFinder.find(sigName); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(kp.getPrivate()); PKCS10CertificationRequest req1 = requestBuilder.build(signer); return req1; }
From source file:io.aos.crypto.spl06.PKCS10CertCreateExample.java
License:Apache License
public static X509Certificate[] buildChain() throws Exception { // create the certification request KeyPair pair = Utils.generateRSAKeyPair(); PKCS10CertificationRequest request = PKCS10ExtensionExample.generateRequest(pair); // create a root certificate KeyPair rootPair = Utils.generateRSAKeyPair(); X509Certificate rootCert = X509V1CreateExample.generateV1Certificate(rootPair); // validate the certification request if (!request.verify("BC")) { System.out.println("request failed to verify!"); System.exit(1);//from ww w . j av a 2s .c o m } // create the certificate using the information in the request X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(rootCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject()); certGen.setPublicKey(request.getPublicKey("BC")); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); // extract the extension request attribute ASN1Set attributes = request.getCertificationRequestInfo().getAttributes(); for (int i = 0; i != attributes.size(); i++) { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); // process extension request if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } X509Certificate issuedCert = certGen.generateX509Certificate(rootPair.getPrivate()); return new X509Certificate[] { issuedCert, rootCert }; }
From source file:io.aos.crypto.spl06.PKCS10ExtensionExample.java
License:Apache License
public static PKCS10CertificationRequest generateRequest(KeyPair pair) throws Exception { // create a SubjectAlternativeName extension value GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")); // create the extensions object and add it as an attribute Vector oids = new Vector(); Vector values = new Vector(); oids.add(X509Extensions.SubjectAlternativeName); values.add(new X509Extension(false, new DEROctetString(subjectAltNames))); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Requested Test Certificate"), pair.getPublic(), new DERSet(attribute), pair.getPrivate()); }
From source file:it.zero11.acme.utils.X509Utils.java
License:Apache License
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException { X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle()); namebuilder.addRDN(BCStyle.CN, commonNames[0]); List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length); for (String cn : commonNames) subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn)); GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0])); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive()); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());/*from w ww .j a va 2 s. c om*/ p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(pair.getPrivate()); PKCS10CertificationRequest request = p10Builder.build(signer); return request; }
From source file:net.felsing.client_cert.utilities.CertificateFabric.java
License:Open Source License
private void getSubjectAlternativeNames(PKCS10CertificationRequest csr) { subjectAlternativeNames = new ArrayList<>(new ArrayList<>()); // GeneralName.otherName is lowest and // GeneralName.registeredID is highest id for (int i = GeneralName.otherName; i <= GeneralName.registeredID; i++) { subjectAlternativeNames.add(new ArrayList<>()); }/*w w w . j a v a2s . c o m*/ try { Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // @ToDo: Is there really one object only? Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns != null) { GeneralName[] names = gns.getNames(); for (GeneralName name : names) { subjectAlternativeNames.get(name.getTagNo()).add(name.getName().toString()); } } } } } catch (Exception e) { e.printStackTrace(); } }
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestBuilder.java
License:BSD License
public PKCS10CertificationRequest build(KeyPair keyPair) { try {/* w w w .j a v a2 s.c om*/ Extensions extensions = createExtensions(); ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(signatureProvider) .build(keyPair.getPrivate()); JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); return builder.build(signer); } catch (Exception e) { throw new RpkiCaCertificateRequestBuilderException(e); } }
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestParser.java
License:BSD License
private ASN1Set getPkcs9ExtensionRequest() throws RpkiCaCertificateRequestParserException { Attribute[] attributes = pkcs10CertificationRequest.getAttributes(); for (Attribute attr : attributes) { ASN1ObjectIdentifier oid = attr.getAttrType(); if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { return attr.getAttrValues(); }// ww w . j a va 2 s. c om } throw new RpkiCaCertificateRequestParserException("Could not find PKCS 9 Extension Request"); }
From source file:org.apache.nifi.registry.security.util.CertificateUtils.java
License:Apache License
/** * Extract extensions from CSR object/* w ww .j ava 2 s .c o m*/ */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static JcaPKCS10CertificationRequest generateCertificationRequest(String requestedDn, String domainAlternativeNames, KeyPair keyPair, String signingAlgorithm) throws OperatorCreationException { JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(requestedDn), keyPair.getPublic()); // add Subject Alternative Name(s) try {/*from ww w. j a v a 2 s . c om*/ jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createDomainAlternativeNamesExtensions(domainAlternativeNames, requestedDn)); } catch (IOException e) { throw new OperatorCreationException( "Error while adding " + domainAlternativeNames + " as Subject Alternative Name.", e); } JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signingAlgorithm); return new JcaPKCS10CertificationRequest( jcaPKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()))); }