List of usage examples for org.bouncycastle.cert.crmf ProofOfPossessionSigningKeyBuilder build
public POPOSigningKey build(ContentSigner signer)
From source file:org.xipki.ca.client.shell.EnrollCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); ConcurrentContentSigner signer = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); X509CertificateHolder ssCert = signer.getCertificateAsBCObject(); X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject); certTemplateBuilder.setSubject(x500Subject); certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo()); if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); }// w w w . j ava 2s . c o m // SubjectAltNames List<Extension> extensions = new LinkedList<>(); if (isNotEmpty(subjectAltNames)) { extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false)); needExtensionTypes.add(Extension.subjectAlternativeName.getId()); } // SubjectInfoAccess if (isNotEmpty(subjectInfoAccesses)) { extensions.add(P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false)); needExtensionTypes.add(Extension.subjectInfoAccess.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { Set<ASN1ObjectIdentifier> oids = new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages)); ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence( SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes), SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } if (isNotEmpty(extensions)) { Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0])); certTemplateBuilder.setExtensions(asn1Extensions); } CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null); ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq); ContentSigner contentSigner = signer.borrowContentSigner(); POPOSigningKey popoSk; try { popoSk = popoBuilder.build(contentSigner); } finally { signer.returnContentSigner(contentSigner); } ProofOfPossession popo = new ProofOfPossession(popoSk); EnrollCertRequestEntryType reqEntry = new EnrollCertRequestEntryType("id-1", profile, certReq, popo); request.addRequestEntry(reqEntry); RequestResponseDebug debug = getRequestResponseDebug(); EnrollCertResult result; try { result = caClient.requestCerts(request, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert == null) { throw new CmdFailure("no certificate received from the server"); } File certFile = new File(outputFile); saveVerbose("saved certificate to file", certFile, cert.getEncoded()); return null; }
From source file:org.xipki.ca.qa.shell.NegEnrollCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); ConcurrentContentSigner signer = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); X509CertificateHolder ssCert = signer.getCertificateAsBCObject(); X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject); certTemplateBuilder.setSubject(x500Subject); certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo()); CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null); ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq); ContentSigner contentSigner = signer.borrowContentSigner(); POPOSigningKey popoSk;/*from w w w .j a v a 2 s . c o m*/ try { popoSk = popoBuilder.build(contentSigner); } finally { signer.returnContentSigner(contentSigner); } ProofOfPossession popo = new ProofOfPossession(popoSk); EnrollCertRequestEntryType reqEntry = new EnrollCertRequestEntryType("id-1", profile, certReq, popo); request.addRequestEntry(reqEntry); EnrollCertResult result; RequestResponseDebug debug = getRequestResponseDebug(); try { result = caClient.requestCerts(request, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert != null) { throw new CmdFailure("no certificate is excepted, but received one"); } return null; }
From source file:org.xipki.commons.security.DefaultConcurrentContentSigner.java
License:Open Source License
@Override public POPOSigningKey build(final ProofOfPossessionSigningKeyBuilder builder) throws NoIdleSignerException { ContentSigner contentSigner = borrowContentSigner(); try {/*from ww w .j av a 2s .co m*/ return builder.build(contentSigner); } finally { returnContentSigner(contentSigner); } }