List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:org.signserver.server.cryptotokens.CryptoTokenHelper.java
License:Open Source License
/** * Generate a certificate signing request (PKCS#10). * @param info A PKCS10CertReqInfo// w w w . j a v a 2s.co m * @param privateKey Private key for signing the request * @param signatureProvider Name of provider to sign with * @param publicKey Public key to include in the request * @param explicitEccParameters True if the EC domain parameters should be included (ie. not a named curve) * @return the certificate request data */ public static ICertReqData genCertificateRequest(ISignerCertReqInfo info, final PrivateKey privateKey, final String signatureProvider, PublicKey publicKey, final boolean explicitEccParameters) throws IllegalArgumentException { LOG.debug(">genCertificateRequest"); final Base64SignerCertReqData retval; if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; if (LOG.isDebugEnabled()) { LOG.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm()); LOG.debug("subjectDN: " + reqInfo.getSubjectDN()); LOG.debug("explicitEccParameters: " + explicitEccParameters); } try { // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } if (LOG.isDebugEnabled()) { LOG.debug("Public key SHA1: " + createKeyHash(publicKey)); LOG.debug("Public key SHA256: " + KeyUsageCounterHash.create(publicKey)); } // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(signatureProvider).build(privateKey); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (NoSuchProviderException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } LOG.debug("<genCertificateRequest"); return retval; } else { throw new IllegalArgumentException( "Unsupported certificate request info type: " + info.getClass().getName()); } }
From source file:org.signserver.server.cryptotokens.CryptoTokenTestBase.java
License:Open Source License
protected void importCertificateChainHelper(final String existingKey) throws NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, CertificateException, CryptoTokenOfflineException, IllegalArgumentException, CertificateEncodingException, OperationUnsupportedException, InvalidWorkerIdException, SignServerException { final String additionalAlias = "additionalKey"; try {/* w w w .j a va 2 s. com*/ final ISignerCertReqInfo req = new PKCS10CertReqInfo("SHA1WithRSA", "CN=imported", null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, existingKey); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest( Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(cert.getEncoded())), existingKey); List<Certificate> chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); Certificate foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); generateKey("RSA", "1024", additionalAlias); // Isse additional certificate reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, additionalAlias); csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder newCert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer2"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(newCert.getEncoded())), additionalAlias); // check that previously imported cert chain is un-affected chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); // Test that it is not allowed to import a certificate for // an other key try { final List<Certificate> chainForExistingKey = chain; final String aliasForAnOtherKey = additionalAlias; importCertificateChain(chainForExistingKey, aliasForAnOtherKey); fail("Should have thrown exception about the key not matching"); } catch (CryptoTokenOfflineException expected) { assertTrue("ex: " + expected.getMessage(), expected.getMessage().contains("does not match")); } } finally { try { destroyKey(additionalAlias); } catch (KeyStoreException ex) { LOG.error("Failed to remove additional key"); } } }
From source file:org.signserver.server.cryptotokens.CryptoTokenTestBase.java
License:Open Source License
/** * Tests export of certificate chain. First imports a generate certificate * chain and then checks that it can be read back. Then imports an other * chain and checks again./*from ww w . ja v a2s . c o m*/ * @param existingKey entry to use */ protected void exportCertificatesHelper(final String existingKey) throws CryptoTokenOfflineException, KeyStoreException, InvalidWorkerIdException, SignServerException, IllegalArgumentException, CertificateException, CertificateEncodingException, OperationUnsupportedException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, QueryException, OperationUnsupportedException, AuthorizationDeniedException, InvalidAlgorithmParameterException, UnsupportedCryptoTokenParameter { final ISignerCertReqInfo req = new PKCS10CertReqInfo("SHA1WithRSA", "CN=imported", null); final Base64SignerCertReqData reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, existingKey); // Generate a certificate chain that we will try to import and later export KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder issuerCert = new JcaX509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(3650)), new X500Name("CN=Test Import/Export CA"), issuerKeyPair.getPublic()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); final X509CertificateHolder subjectCert1 = new X509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=Test Import/Export 1"), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); final X509CertificateHolder subjectCert2 = new X509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=Test Import/Export 2"), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Import certficate chain 1 importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(subjectCert1.getEncoded()), CertTools.getCertfromByteArray(issuerCert.getEncoded())), existingKey); // Find the entry TokenSearchResults searchResults = searchTokenEntries(0, Integer.MAX_VALUE, QueryCriteria.create() .add(new Term(RelationalOperator.EQ, CryptoTokenHelper.TokenEntryFields.alias.name(), existingKey)), true); LinkedList<String> aliases = new LinkedList<String>(); for (TokenEntry entry : searchResults.getEntries()) { aliases.add(entry.getAlias()); } assertArrayEquals(new String[] { existingKey }, aliases.toArray()); TokenEntry entry = searchResults.getEntries().iterator().next(); Certificate[] parsedChain = entry.getParsedChain(); assertEquals("right subject", new JcaX509CertificateConverter().getCertificate(subjectCert1).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[0]).getSubjectX500Principal().getName()); assertEquals("right issuer", new JcaX509CertificateConverter().getCertificate(issuerCert).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[1]).getSubjectX500Principal().getName()); // Import certificate chain 2 importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(subjectCert2.getEncoded()), CertTools.getCertfromByteArray(issuerCert.getEncoded())), existingKey); // Find the entry searchResults = searchTokenEntries(0, Integer.MAX_VALUE, QueryCriteria.create() .add(new Term(RelationalOperator.EQ, CryptoTokenHelper.TokenEntryFields.alias.name(), existingKey)), true); entry = searchResults.getEntries().iterator().next(); parsedChain = entry.getParsedChain(); assertEquals("right subject", new JcaX509CertificateConverter().getCertificate(subjectCert2).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[0]).getSubjectX500Principal().getName()); assertEquals("right issuer", new JcaX509CertificateConverter().getCertificate(issuerCert).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[1]).getSubjectX500Principal().getName()); }
From source file:org.signserver.server.cryptotokens.KeystoreCryptoTokenTestBase.java
License:Open Source License
protected void cmsSigner(final int workerId, final boolean expectActive) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); if (expectActive) { // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); }//from www . j a v a 2s . c om // Test signing signGenericDocument(workerId, "Sample data".getBytes()); }
From source file:org.signserver.server.cryptotokens.OldPKCS11CryptoToken.java
License:Open Source License
@Override public ICertReqData genCertificateRequest(ISignerCertReqInfo info, final boolean explicitEccParameters, boolean defaultKey) throws CryptoTokenOfflineException { LOG.debug(">genCertificateRequest PKCS11CryptoToken"); Base64SignerCertReqData retval = null; if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; final String alias; if (defaultKey) { alias = properties.getProperty("defaultKey"); } else {//from w ww . j a va 2 s. c o m alias = properties.getProperty("nextCertSignKey"); } if (LOG.isDebugEnabled()) { LOG.debug("defaultKey: " + defaultKey); LOG.debug("alias: " + alias); LOG.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm()); LOG.debug("subjectDN: " + reqInfo.getSubjectDN()); LOG.debug("explicitEccParameters: " + explicitEccParameters); } try { final KeyStore keyStore = getKeyStore(authenticationCode); final PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, authenticationCode); final Certificate cert = keyStore.getCertificate(alias); if (cert == null) { throw new CryptoTokenOfflineException( "Certificate request error: No key with the configured alias"); } PublicKey publicKey = cert.getPublicKey(); // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } if (LOG.isDebugEnabled()) { LOG.debug("Public key SHA1: " + CryptoTokenHelper.createKeyHash(cert.getPublicKey())); LOG.debug("Public key SHA256: " + KeyUsageCounterHash.create(cert.getPublicKey())); } // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(getProvider(ICryptoToken.PROVIDERUSAGE_SIGN)).build(privateKey); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } catch (IOException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { LOG.error("Certificate request error: signer could not be initialized", e); } catch (UnrecoverableKeyException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (KeyStoreException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (NoSuchProviderException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } } LOG.debug("<genCertificateRequest PKCS11CryptoToken"); return retval; }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void pdfSignerTest() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_PDF, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_PDF, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_PDF, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_PDF, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_PDF); // Test active List<String> errors = workerSession.getStatus(WORKER_PDF).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(WORKER_PDF, readFile(pdfSampleFile)); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void tsSigner() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_TSA, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_TSA, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .addExtension(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_TSA, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_TSA, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_TSA); // Test active List<String> errors = workerSession.getStatus(WORKER_TSA).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(567, requestBytes); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER_TSA, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);//from w ww. j a v a 2s . co m final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("Token granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertNotNull("Got timestamp token", timeStampResponse.getTimeStampToken()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void mrtdsodSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder issuerCert = new JcaX509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=TestP11 Issuer"), issuerKeyPair.getPublic()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded(), issuerCert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing HashMap<Integer, byte[]> dgs = new HashMap<Integer, byte[]>(); dgs.put(1, "Yy==".getBytes()); dgs.put(2, "Yy==".getBytes()); dgs.put(3, "Yy==".getBytes()); final SODSignRequest signRequest = new SODSignRequest(233, dgs); final SODSignResponse res = (SODSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);/*ww w .j a v a 2s .c o m*/ }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void cmsSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, "Sample data".getBytes()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void xmlSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, "<sampledata/>".getBytes()); // Test removing the DEFAULTKEY property, should result in a CryptoTokenOfflineException workerSession.removeWorkerProperty(workerId, "DEFAULTKEY"); workerSession.reloadConfiguration(workerId); try {// w w w .j a v a 2s . c o m signGenericDocument(workerId, "<sampledata/>".getBytes()); fail("Should throw a CryptoTokenOfflineException"); } catch (CryptoTokenOfflineException e) { // expected } }