List of usage examples for org.bouncycastle.cert.crmf.jcajce JcaCertificateRequestMessageBuilder addControl
public CertificateRequestMessageBuilder addControl(Control control)
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Creates a certification request/*from www. j a v a 2 s .c o m*/ * * @param distinguishedName the distinguished name for the certificate * @param keyPair the key pair to certify, you have to remove the private key so the CA won't archive it * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ private byte[] createCertificateMessage(String distinguishedName, KeyPair keyPair, int requestType) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO); // Basic certificate requests certReqBuild.setSubject(new X500Name(distinguishedName)); // Add key pair if (keyPair != null) { byte[] bRSAKey = keyPair.getPublic().getEncoded(); certReqBuild.setPublicKey(new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bRSAKey))); if (keyPair.getPrivate() != null) { certReqBuild.addControl( new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), new X500Principal(distinguishedName)) .addRecipientGenerator( new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate()) .setProvider(pkiKeyStore.getProvider())) .build(new JceCMSContentEncryptorBuilder( new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC)) .setProvider(pkiKeyStore.getProvider()).build())); } } if (optionalValidity != null) { Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder"); field.setAccessible(true); CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild); certTemplateBuilder.setValidity(optionalValidity); } if (extensions != null) { for (Extension extension : extensions) certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure()); return createProtectedPKIMessage(new PKIBody(requestType, certReqMsgs)); }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Update a certification request with local key generation * * @param certificate to be updated//from w w w. ja v a2 s. c om * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ public byte[] createKeyUpdateMessageWithLocalKey(X509Certificate certificate, KeyPair keyPair) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO); X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(certificate); certReqBuild.setSubject(x509CertificateHolder.getSubject()); certReqBuild.setIssuer(x509CertificateHolder.getIssuer()); certReqBuild.setSerialNumber(x509CertificateHolder.getSerialNumber()); if (keyPair != null) { certReqBuild.setPublicKey(keyPair.getPublic()); if (keyPair.getPrivate() != null) { certReqBuild.addControl( new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), x509CertificateHolder.getIssuer()) .addRecipientGenerator( new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate()) .setProvider(pkiKeyStore.getProvider())) .build(new JceCMSContentEncryptorBuilder( new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC)) .setProvider(pkiKeyStore.getProvider()).build())); } } else certReqBuild.setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo()); if (extensions != null) { for (Extension extension : extensions) certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } else { if (x509CertificateHolder.getExtensions() != null) { for (ASN1ObjectIdentifier oid : x509CertificateHolder.getExtensions().getExtensionOIDs()) { certReqBuild.addExtension(oid, x509CertificateHolder.getExtensions().getExtension(oid).isCritical(), x509CertificateHolder.getExtensions().getExtensionParsedValue(oid)); } } } OptionalValidity tempOptionalValidity; if (optionalValidity != null) { tempOptionalValidity = optionalValidity; } else { tempOptionalValidity = new OptionalValidity(new Time(x509CertificateHolder.getNotBefore()), new Time(x509CertificateHolder.getNotAfter())); } Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder"); field.setAccessible(true); CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild); certTemplateBuilder.setValidity(tempOptionalValidity); CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure()); return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, certReqMsgs)); }