List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_extensionRequest
ASN1ObjectIdentifier pkcs_9_at_extensionRequest
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers pkcs_9_at_extensionRequest.
Click Source Link
From source file:org.elasticsearch.xpack.core.ssl.CertificateToolTests.java
License:Open Source License
public void testGeneratingCsr() throws Exception { Path tempDir = initTempDir(); Path outputFile = tempDir.resolve("out.zip"); Path instanceFile = writeInstancesTo(tempDir.resolve("instances.yml")); Collection<CertificateInformation> certInfos = CertificateTool.parseFile(instanceFile); assertEquals(4, certInfos.size());/* w w w .j a v a2s .c o m*/ assertFalse(Files.exists(outputFile)); int keySize = randomFrom(1024, 2048); new CertificateTool.SigningRequestCommand().generateAndWriteCsrs(outputFile, keySize, certInfos); assertTrue(Files.exists(outputFile)); Set<PosixFilePermission> perms = Files.getPosixFilePermissions(outputFile); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_READ)); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_WRITE)); assertEquals(perms.toString(), 2, perms.size()); FileSystem fileSystem = FileSystems.newFileSystem(new URI("jar:" + outputFile.toUri()), Collections.emptyMap()); Path zipRoot = fileSystem.getPath("/"); assertFalse(Files.exists(zipRoot.resolve("ca"))); for (CertificateInformation certInfo : certInfos) { String filename = certInfo.name.filename; assertTrue(Files.exists(zipRoot.resolve(filename))); final Path csr = zipRoot.resolve(filename + "/" + filename + ".csr"); assertTrue(Files.exists(csr)); assertTrue(Files.exists(zipRoot.resolve(filename + "/" + filename + ".key"))); PKCS10CertificationRequest request = readCertificateRequest(csr); assertEquals(certInfo.name.x500Principal.getName(), request.getSubject().toString()); Attribute[] extensionsReq = request.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (certInfo.ipAddresses.size() > 0 || certInfo.dnsNames.size() > 0) { assertEquals(1, extensionsReq.length); Extensions extensions = Extensions.getInstance(extensionsReq[0].getAttributeValues()[0]); GeneralNames subjAltNames = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); assertSubjAltNames(subjAltNames, certInfo); } else { assertEquals(0, extensionsReq.length); } } }
From source file:org.glite.slcs.pki.bouncycastle.PKCS10.java
License:eu-egee.org license
/** * //w w w.ja va2 s . c o m * @param subject * @param publicKey * @param privateKey * @param x509Extensions * @throws GeneralSecurityException */ public PKCS10(String subject, PublicKey publicKey, PrivateKey privateKey, X509Extensions x509Extensions) throws GeneralSecurityException { // subject DN X509PrincipalUtil util = new X509PrincipalUtil(); X509Principal principal = util.createX509Principal(subject); LOG.debug("X509Principal: " + principal); // extensions ASN1Set attributes = new DERSet(); if (x509Extensions != null) { // PKCS9 extensions DERSet extensions = new DERSet(x509Extensions); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); attributes = new DERSet(attribute); } // create CSR bcPKCS10_ = new PKCS10CertificationRequest(SIGNATURE_ALGORITHM, principal, publicKey, attributes, privateKey); // verify if (!bcPKCS10_.verify()) { LOG.error("Failed to verify the PKCS#10"); throw new GeneralSecurityException("PKCS#10 verification failed"); } }
From source file:org.glite.slcs.pki.bouncycastle.PKCS10.java
License:eu-egee.org license
/** * Gets the X509Extensions included in the PKCS10. * // w w w . j a v a 2 s . c o m * @return The X509Extensions or <code>null</code> if there is no * X509Extensions. */ public X509Extensions getX509Extensions() { X509Extensions x509Extensions = null; ASN1Set attributes = this.bcPKCS10_.getCertificationRequestInfo().getAttributes(); if (attributes.size() > 0) { ASN1Sequence attributeSequence = (ASN1Sequence) attributes.getObjectAt(0); Attribute attribute = new Attribute(attributeSequence); DERObjectIdentifier oid = attribute.getAttrType(); if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { ASN1Set attributeValues = attribute.getAttrValues(); if (attributeValues.size() > 0) { ASN1Sequence x509extensionsSequence = (ASN1Sequence) attributeValues.getObjectAt(0); x509Extensions = new X509Extensions(x509extensionsSequence); } } } return x509Extensions; }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
protected PKCS10CertificationRequest generateCertificateRequest() throws IOException, OperatorCreationException, NoSuchAlgorithmException { PublicKey publicKey = loadPublicKey(); PrivateKey privateKey = loadPrivateKey(); final X500Name name = createSubjectNameBuilder(); JcaPKCS10CertificationRequestBuilder certReqBuilder = new JcaPKCS10CertificationRequestBuilder(name, publicKey);//from ww w.jav a 2s .co m List<Extension> extensionList = createExtensions(publicKey, null); Extensions extensions = new Extensions(extensionList.toArray(new Extension[extensionList.size()])); certReqBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); final String signatureAlgorithm = getProperty(PROPERTY_CSR_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer = csBuilder.build(privateKey); return certReqBuilder.build(signer); }
From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java
License:Open Source License
protected X509Certificate createCertificateFromCSR(PKCS10CertificationRequest csr) throws CertException { X509Certificate cert;//from www . j a v a2s. c o m try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(getRootCertificate().getIssuerX500Principal()); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(getCertStartDate()); certGen.setNotAfter(getCertEndDate()); certGen.setPublicKey(csr.getPublicKey("BC")); certGen.setSignatureAlgorithm(CERT_SIGNATURE_ALGORITHM); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(csr.getPublicKey("BC"))); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(getRootCertificate())); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes(); for (int i = 0; i != attributes.size(); i++) { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); @SuppressWarnings("rawtypes") Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } KeyPair rootKeyPair = getKeyPair(rootService.getRootKeyStore(), rootService.getRootKeyAlias(), rootService.getRootCertificateAlias(), rootService.getRootKeyPassword()); cert = certGen.generate(rootKeyPair.getPrivate(), "BC"); } catch (CertificateParsingException e) { throw new CertException(e); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (InvalidKeyException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (java.security.SignatureException e) { throw new CertException(e); } LOG.debug("Certificate generated for subject: " + cert.getSubjectDN()); return cert; }
From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java
License:Open Source License
protected CertificationRequest generateCSR(KeyPair keyPair, UserInfo userInfo) throws CertException { CertificationRequest csr;//w w w .ja va 2 s. c o m GeneralNames subjectAltName = new GeneralNames( new GeneralName(GeneralName.rfc822Name, userInfo.getUserFields().get(CNField.Email))); Vector<DERObjectIdentifier> objectIdentifiers = new Vector<DERObjectIdentifier>(); Vector<X509Extension> extensionValues = new Vector<X509Extension>(); objectIdentifiers.add(X509Extensions.SubjectAlternativeName); extensionValues.add(new X509Extension(false, new DEROctetString(subjectAltName))); X509Extensions extensions = new X509Extensions(objectIdentifiers, extensionValues); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); try { csr = new PKCS10CertificationRequest(CERT_SIGNATURE_ALGORITHM, userInfo.getX500Principal(), keyPair.getPublic(), new DERSet(attribute), keyPair.getPrivate()); } catch (InvalidKeyException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (java.security.SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return csr; }
From source file:org.qipki.crypto.x509.X509ExtensionsReaderImpl.java
License:Open Source License
@Override public List<X509ExtensionHolder> extractRequestedExtensions(PKCS10CertificationRequest pkcs10) { final List<X509ExtensionHolder> extractedExtensions = new ArrayList<X509ExtensionHolder>(); final CertificationRequestInfo certificationRequestInfo = pkcs10.getCertificationRequestInfo(); final ASN1Set attributesAsn1Set = certificationRequestInfo.getAttributes(); if (attributesAsn1Set == null) { return extractedExtensions; }/*w ww. j a v a 2 s .c om*/ // The `Extension Request` attribute is contained within an ASN.1 Set, // usually as the first element. X509Extensions requestedExtensions = null; for (int i = 0; i < attributesAsn1Set.size(); ++i) { // There should be only only one attribute in the set. (that is, only // the `Extension Request`, but loop through to find it properly) final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i); if (derEncodable instanceof DERSequence) { final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i)); if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The `Extension Request` attribute is present. final ASN1Set attributeValues = attribute.getAttrValues(); // The X509Extensions are contained as a value of the ASN.1 Set. // WARN Assuming that it is the first value of the set. if (attributeValues.size() >= 1) { DEREncodable extensionsDEREncodable = attributeValues.getObjectAt(0); ASN1Sequence extensionsASN1Sequence = (ASN1Sequence) extensionsDEREncodable; requestedExtensions = new X509Extensions(extensionsASN1Sequence); // No need to search any more. break; } } } } if (requestedExtensions != null) { Enumeration<?> e = requestedExtensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension extension = requestedExtensions.getExtension(oid); extractedExtensions.add(new X509ExtensionHolder(oid, extension.isCritical(), X509Extension.convertValueToObject(extension))); } } return extractedExtensions; }
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@SuppressWarnings({ "UseOfObsoleteCollectionType", "unchecked" })
private DERSet generateSANAttribute(GeneralNames subGeneralNames) {
if (subGeneralNames == null) {
return new DERSet();
}/*from ww w . j av a2 s. c o m*/
Vector oids = new Vector();
Vector values = new Vector();
oids.add(X509Extensions.SubjectAlternativeName);
values.add(new X509Extension(false, new DEROctetString(subGeneralNames)));
X509Extensions extensions = new X509Extensions(oids, values);
Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
new DERSet(extensions));
return new DERSet(attribute);
}
From source file:org.shredzone.acme4j.util.CSRBuilder.java
License:Apache License
/** * Signs the completed CSR./*from w w w.j av a 2 s. c om*/ * * @param keypair * {@link KeyPair} to sign the CSR with */ public void sign(KeyPair keypair) throws IOException { if (namelist.isEmpty()) { throw new IllegalStateException("No domain was set"); } if (keypair == null) { throw new IllegalArgumentException("keypair must not be null"); } try { GeneralName[] gns = new GeneralName[namelist.size()]; for (int ix = 0; ix < namelist.size(); ix++) { gns[ix] = new GeneralName(GeneralName.dNSName, namelist.get(ix)); } GeneralNames subjectAltName = new GeneralNames(gns); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( namebuilder.build(), keypair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PrivateKey pk = keypair.getPrivate(); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder( pk instanceof ECKey ? EC_SIGNATURE_ALG : SIGNATURE_ALG); ContentSigner signer = csBuilder.build(pk); csr = p10Builder.build(signer); } catch (OperatorCreationException ex) { throw new IOException("Could not generate CSR", ex); } }
From source file:org.shredzone.acme4j.util.CSRBuilderTest.java
License:Apache License
/** * Checks if the CSR contains the right parameters. * <p>/*from w w w . jav a 2 s . c o m*/ * This is not supposed to be a Bouncy Castle test. If the * {@link PKCS10CertificationRequest} contains the right parameters, we assume that * Bouncy Castle encodes it properly. */ @SuppressWarnings("unchecked") private void csrTest(PKCS10CertificationRequest csr) { X500Name name = csr.getSubject(); assertThat(name.getRDNs(BCStyle.CN), arrayContaining(new RDNMatcher("abc.de"))); assertThat(name.getRDNs(BCStyle.C), arrayContaining(new RDNMatcher("XX"))); assertThat(name.getRDNs(BCStyle.L), arrayContaining(new RDNMatcher("Testville"))); assertThat(name.getRDNs(BCStyle.O), arrayContaining(new RDNMatcher("Testing Co"))); assertThat(name.getRDNs(BCStyle.OU), arrayContaining(new RDNMatcher("Testunit"))); assertThat(name.getRDNs(BCStyle.ST), arrayContaining(new RDNMatcher("ABC"))); Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); assertThat(attr.length, is(1)); ASN1Encodable[] extensions = attr[0].getAttrValues().toArray(); assertThat(extensions.length, is(1)); GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName); assertThat(names.getNames(), arrayContaining(new GeneralNameMatcher("abc.de"), new GeneralNameMatcher("fg.hi"), new GeneralNameMatcher("jklm.no"), new GeneralNameMatcher("pqr.st"), new GeneralNameMatcher("uv.wx"), new GeneralNameMatcher("y.z"))); }