List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void odfSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, readFile(odfSampleFile)); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void ooxmlSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, readFile(ooxmlSampleFile)); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void msauthTSSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .addExtension(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing GenericSignRequest signRequest = new GenericSignRequest(678, MSAUTHCODE_REQUEST_DATA.getBytes()); final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);// ww w . j av a 2s. c o m byte[] buf = res.getProcessedData(); CMSSignedData s = new CMSSignedData(Base64.decode(buf)); int verified = 0; Store certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder signerCert = (X509CertificateHolder) certIt.next(); if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signerCert))) { verified++; } } assertEquals("signer verified", 1, verified); }
From source file:org.signserver.server.cryptotokens.SoftCryptoToken.java
License:Open Source License
/** * Special method that generates a new key pair that is written to the worker configuration * before the request is generated. The new keys aren't activated until reload is issued. * /*from w w w. ja v a 2 s.c o m*/ */ @Override public ICertReqData genCertificateRequest(ISignerCertReqInfo info, final boolean explicitEccParameters, final boolean defaultKey) throws CryptoTokenOfflineException { Base64SignerCertReqData retval = null; try { KeyPair newKeys = KeyTools.genKeys(keySpec, keyAlg); ByteArrayOutputStream baos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(baos); byte[] pubKeyData = newKeys.getPublic().getEncoded(); byte[] prvKeyData = newKeys.getPrivate().getEncoded(); dos.writeInt(pubKeyData.length); dos.write(pubKeyData); dos.writeInt(prvKeyData.length); dos.write(prvKeyData); getWorkerSession().setWorkerProperty(workerId, PROPERTY_KEYDATA, new String(Base64.encode(baos.toByteArray()))); if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; PublicKey publicKey = newKeys.getPublic(); // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } // Generate request // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(getProvider(ICryptoToken.PROVIDERUSAGE_SIGN)).build(newKeys.getPrivate()); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } } catch (IOException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { LOG.error("Certificate request error: signer could not be initialized", e); } catch (NoSuchAlgorithmException e1) { LOG.error("Error generating new certificate request : " + e1.getMessage(), e1); } catch (NoSuchProviderException e1) { LOG.error("Error generating new certificate request : " + e1.getMessage(), e1); } catch (InvalidAlgorithmParameterException e1) { LOG.error("Error generating new certificate request : " + e1.getMessage(), e1); } catch (NamingException e1) { LOG.error("Error generating new certificate request : " + e1.getMessage(), e1); } return retval; }
From source file:org.signserver.server.dispatchers.FirstActiveDispatcherTest.java
License:Open Source License
private void addCertificate(PrivateKey issuerPrivateKey, int workerId, String workerName) throws CryptoTokenOfflineException, InvalidWorkerIdException, IOException, CertificateException, OperatorCreationException {// w ww. j a v a2 s . c o m Base64SignerCertReqData reqData = (Base64SignerCertReqData) workerSession.getCertificateRequest(workerId, new PKCS10CertReqInfo("SHA1withRSA", "CN=" + workerName, null), false); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()).build( new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(issuerPrivateKey)); workerSession.setWorkerProperty(workerId, "SIGNERCERTCHAIN", new String( CertTools.getPEMFromCerts(Arrays.asList(new JcaX509CertificateConverter().getCertificate(cert))))); workerSession.reloadConfiguration(workerId); }
From source file:org.signserver.server.log.SystemLoggingTest.java
License:Open Source License
/** * Tests that importing a certificate chain to a token is audit logged * including the complete chain.//from w w w .j a v a2 s .com * @throws Exception */ @Test public void test01LogCertChainInstalledToToken() throws Exception { LOG.info(">test01LogCertChainInstalledToToken"); final String tokenName = "TestCryptoTokenP12_001"; final String alias = "testkeyalias10"; try { setupCryptoToken(WORKERID_CRYPTOWORKER1, tokenName, "foo123"); workerSession.generateSignerKey(WORKERID_CRYPTOWORKER1, "RSA", "512", alias, null); PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=testkeyalias10,C=SE", null); ICertReqData req = workerSession.getCertificateRequest(WORKERID_CRYPTOWORKER1, certReqInfo, false); Base64SignerCertReqData reqData = (Base64SignerCertReqData) req; PKCS10CertificationRequest csr = new PKCS10CertificationRequest( Base64.decode(reqData.getBase64CertReq())); int linesBefore = readEntriesCount(auditLogFile); // Test with uploadSignerCertificateChain method (global scope) KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509Certificate issuerCert = new JcaX509CertificateConverter().getCertificate( new CertBuilder().setSelfSignKeyPair(issuerKeyPair).setSubject("CN=Issuer, C=SE").build()); final X509Certificate cert = new JcaX509CertificateConverter() .getCertificate(new X509v3CertificateBuilder(new X500Name("CN=Issuer, C=SE"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate()))); workerSession.importCertificateChain(WORKERID_CRYPTOWORKER1, Arrays.asList(cert.getEncoded(), issuerCert.getEncoded()), alias, null); List<String> lines = readEntries(auditLogFile, linesBefore, 2); LOG.info(lines); String line = getTheLineContaining(lines, "EVENT: CERTCHAININSTALLED"); assertNotNull("Contains event", line); assertTrue("Contains module", line.contains("MODULE: KEY_MANAGEMENT")); assertTrue("Contains worker id", line.contains("WORKER_ID: " + WORKERID_CRYPTOWORKER1)); assertTrue("Contains crypto token", line.contains("CRYPTOTOKEN: " + tokenName)); assertTrue("Contains key alias", line.contains("KEYALIAS: " + alias)); assertTrue("Contains certificate", line.contains(new String(org.cesecore.util.CertTools .getPemFromCertificateChain(Arrays.<Certificate>asList(cert, issuerCert))) .replace("\r\n", "\n"))); } finally { removeWorker(WORKERID_CRYPTOWORKER1); if (keystoreFile != null) { FileUtils.deleteQuietly(keystoreFile); } } }
From source file:org.signserver.test.utils.builders.CertBuilder.java
License:Open Source License
public CertBuilder setIssuer(String issuer) { this.issuer = new X500Name(issuer); return this; }
From source file:org.signserver.test.utils.builders.CertBuilder.java
License:Open Source License
public X500Name getSubject() { if (subject == null) { subject = new X500Name("CN=Anyone"); } return subject; }
From source file:org.signserver.test.utils.builders.CertBuilder.java
License:Open Source License
public CertBuilder setSubject(String subject) { this.subject = new X500Name(subject); return this; }
From source file:org.signserver.test.utils.builders.crl.CRLBuilder.java
License:Open Source License
public CRLBuilder setIssuer(String issuer) { this.issuer = new X500Name(issuer); return this; }