List of usage examples for org.bouncycastle.jce PKCS10CertificationRequest getCertificationRequestInfo
public CertificationRequestInfo getCertificationRequestInfo()
From source file:org.opcfoundation.ua.utils.CertificateUtils.java
License:Open Source License
/** * generates new certificate chain and returns it.. * first certificate in the returned chain is the issued certificate and the second one is CA certificate * //from ww w. jav a2s . co m * @return certificates * @throws Exception */ public static X509Certificate[] createCertificateChain() throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // create the keys KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024, new SecureRandom()); KeyPair pair = keyGen.generateKeyPair(); X509Certificate rootCert = generateRootCertificate(pair); //Create certificate request PKCS10CertificationRequest request = createCertificateRequest(); // validate the certification request if (!request.verify("BC")) { System.out.println("request failed to verify!"); System.exit(1); } // create the certificate using the information in the request X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(rootCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject()); certGen.setPublicKey(request.getPublicKey("BC")); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); X509Certificate issuedCert = certGen.generate(pair.getPrivate()); X509Certificate[] chain = { issuedCert, rootCert }; //Write certificates to file so we are able to retrieve the also te private key /* URL certURL = CertificateUtils.class.getResource( "createdCerts.pem" ); URLConnection connection = certURL.openConnection(); InputStream is = connection.getInputStream(); CertificateFactory servercf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) servercf.generateCertificate(is); PEMWriter testWriter = new PEMWriter(new OutputStreamWriter(System.out)); testWriter.writeObject(cert);*/ return chain; }
From source file:org.qipki.ca.domain.ca.CAMixin.java
License:Open Source License
@Override public X509Certificate sign(X509Profile x509profile, PKCS10CertificationRequest pkcs10) { LOGGER.debug(//from w w w . ja v a 2 s .com "Handling a PKCS#10 Certificate Signing Request using X509Profile " + x509profile.name().get()); try { ensureX509ProfileIsAllowed(x509profile); List<X509ExtensionHolder> extensions = x509ExtReader.extractRequestedExtensions(pkcs10); ensureNoIllegalRequestedExtensions(extensions); // Adding extensions commons to all profiles SubjectKeyIdentifier subjectKeyID = x509ExtBuilder.buildSubjectKeyIdentifier(pkcs10.getPublicKey()); extensions.add(new X509ExtensionHolder(X509Extensions.SubjectKeyIdentifier, false, subjectKeyID)); AuthorityKeyIdentifier authKeyID = x509ExtBuilder .buildAuthorityKeyIdentifier(certificate().getPublicKey()); extensions.add(new X509ExtensionHolder(X509Extensions.AuthorityKeyIdentifier, false, authKeyID)); // Applying X509Profile on issued X509Certificate if (x509profile.basicConstraints().get().subjectIsCA().get()) { BasicConstraints bc = x509ExtBuilder .buildCABasicConstraints(x509profile.basicConstraints().get().pathLengthConstraint().get()); extensions.add(new X509ExtensionHolder(X509Extensions.BasicConstraints, x509profile.basicConstraints().get().critical().get(), bc)); } else { BasicConstraints bc = x509ExtBuilder.buildNonCABasicConstraints(); extensions.add(new X509ExtensionHolder(X509Extensions.BasicConstraints, x509profile.basicConstraints().get().critical().get(), bc)); } KeyUsage keyUsages = x509ExtBuilder.buildKeyUsages(x509profile.keyUsages().get().keyUsages().get()); extensions.add(new X509ExtensionHolder(X509Extensions.KeyUsage, x509profile.keyUsages().get().critical().get(), keyUsages)); ExtendedKeyUsage extendedKeyUsage = x509ExtBuilder .buildExtendedKeyUsage(x509profile.extendedKeyUsages().get().extendedKeyUsages().get()); extensions.add(new X509ExtensionHolder(X509Extensions.ExtendedKeyUsage, x509profile.extendedKeyUsages().get().critical().get(), extendedKeyUsage)); NetscapeCertType netscapeCertType = x509ExtBuilder .buildNetscapeCertTypes(x509profile.netscapeCertTypes().get().netscapeCertTypes().get()); extensions.add(new X509ExtensionHolder(MiscObjectIdentifiers.netscapeCertType, x509profile.netscapeCertTypes().get().critical().get(), netscapeCertType)); String[] crlDistPoints = gatherCRLDistributionPoints(); if (crlDistPoints.length > 0) { CRLDistPoint crlDistPointsExt = x509ExtBuilder .buildCRLDistributionPoints(certificate().getSubjectX500Principal(), crlDistPoints); extensions.add( new X509ExtensionHolder(X509Extensions.CRLDistributionPoints, false, crlDistPointsExt)); } DistinguishedName issuerDN = new DistinguishedName(certificate().getSubjectX500Principal()); DistinguishedName subjectDN = new DistinguishedName(pkcs10.getCertificationRequestInfo().getSubject()); X509Certificate certificate = x509Generator.generateX509Certificate(privateKey(), issuerDN, BigInteger.probablePrime(120, new SecureRandom()), subjectDN, pkcs10.getPublicKey(), Duration.standardDays(x509profile.validityDays().get()), extensions); return certificate; } catch (GeneralSecurityException ex) { LOGGER.error(ex.getMessage(), ex); throw new QiPkiFailure("Unable to enroll PKCS#10", ex); } }
From source file:org.qipki.crypto.x509.X509ExtensionsReaderImpl.java
License:Open Source License
@Override public List<X509ExtensionHolder> extractRequestedExtensions(PKCS10CertificationRequest pkcs10) { final List<X509ExtensionHolder> extractedExtensions = new ArrayList<X509ExtensionHolder>(); final CertificationRequestInfo certificationRequestInfo = pkcs10.getCertificationRequestInfo(); final ASN1Set attributesAsn1Set = certificationRequestInfo.getAttributes(); if (attributesAsn1Set == null) { return extractedExtensions; }/*from ww w . j a v a 2 s . c o m*/ // The `Extension Request` attribute is contained within an ASN.1 Set, // usually as the first element. X509Extensions requestedExtensions = null; for (int i = 0; i < attributesAsn1Set.size(); ++i) { // There should be only only one attribute in the set. (that is, only // the `Extension Request`, but loop through to find it properly) final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i); if (derEncodable instanceof DERSequence) { final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i)); if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The `Extension Request` attribute is present. final ASN1Set attributeValues = attribute.getAttrValues(); // The X509Extensions are contained as a value of the ASN.1 Set. // WARN Assuming that it is the first value of the set. if (attributeValues.size() >= 1) { DEREncodable extensionsDEREncodable = attributeValues.getObjectAt(0); ASN1Sequence extensionsASN1Sequence = (ASN1Sequence) extensionsDEREncodable; requestedExtensions = new X509Extensions(extensionsASN1Sequence); // No need to search any more. break; } } } } if (requestedExtensions != null) { Enumeration<?> e = requestedExtensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension extension = requestedExtensions.getExtension(oid); extractedExtensions.add(new X509ExtensionHolder(oid, extension.isCritical(), X509Extension.convertValueToObject(extension))); } } return extractedExtensions; }
From source file:org.signserver.module.xmlsigner.AnySignerTest.java
License:Open Source License
@Test public void test01GenerateKey() throws Exception { final char[] authCode = "foo123".toCharArray(); final String newKeyAlias = "newkey0001"; final String actualNewAlias = workerSession.generateSignerKey(WORKERID, "RSA", "2048", newKeyAlias, authCode);// ww w . ja va2s .co m assertEquals("alias", newKeyAlias, actualNewAlias); final Collection<KeyTestResult> results = workerSession.testKey(WORKERID, newKeyAlias, authCode); final KeyTestResult result = results.iterator().next(); assertEquals("alias in result", newKeyAlias, result.getAlias()); assertTrue("test result", result.isSuccess()); final KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(new FileInputStream(keystoreFile), authCode); final PublicKey pubKey = keyStore.getCertificate(newKeyAlias).getPublicKey(); final byte[] pubKeyBytes = pubKey.getEncoded(); final String expectedKeyHash = createKeyHash(pubKeyBytes); final String actualKeyHash = result.getPublicKeyHash(); assertEquals("key hash", expectedKeyHash, actualKeyHash); // Set new key as NEXTCERTSIGNKEY workerSession.setWorkerProperty(WORKERID, "NEXTCERTSIGNKEY", newKeyAlias); workerSession.reloadConfiguration(WORKERID); // Generate CSR final PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=test01GenerateKey,C=SE", null); Base64SignerCertReqData data = (Base64SignerCertReqData) workerSession.getCertificateRequest(WORKERID, certReqInfo, false, false); byte[] reqBytes = data.getBase64CertReq(); final PKCS10CertificationRequest req = new PKCS10CertificationRequest(Base64.decode(reqBytes)); final PublicKey actualPubKey = req.getPublicKey(); assertEquals("key in request", pubKey, actualPubKey); // Test that the DN is in the correct order String actualDN = req.getCertificationRequestInfo().getSubject().toString(); assertTrue("dn: " + actualDN, actualDN.startsWith("CN=test01GenerateKey") && actualDN.endsWith("C=SE")); }
From source file:org.signserver.server.cryptotokens.SoftCryptoTokenTest.java
License:Open Source License
@Test public void test01BasicTests() throws Exception { StaticWorkerStatus stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_OFFLINE); PKCS10CertReqInfo crInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=TEST1", null); ICertReqData reqData = workerSession.getCertificateRequest(88, crInfo, false); assertNotNull(reqData);//from w ww .j a v a 2s . c o m assertTrue(reqData instanceof Base64SignerCertReqData); PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest( Base64.decode(((Base64SignerCertReqData) reqData).getBase64CertReq())); assertTrue(pkcs10.getPublicKey() != null); KeyPair dummyCAKeys = KeyTools.genKeys("2048", "RSA"); X509Certificate cert = CertTools.genSelfCert(pkcs10.getCertificationRequestInfo().getSubject().toString(), 10, null, dummyCAKeys.getPrivate(), pkcs10.getPublicKey(), "SHA1WithRSA", false); workerSession.uploadSignerCertificate(88, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(88); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getActiveSignerConfig().getProperty("KEYDATA") != null); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_ACTIVE); int reqid = 12; ArrayList<byte[]> signrequests = new ArrayList<byte[]>(); byte[] signreq1 = "Hello World".getBytes(); byte[] signreq2 = "Hello World2".getBytes(); signrequests.add(signreq1); signrequests.add(signreq2); MRTDSignResponse res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); assertTrue(res != null); assertTrue(reqid == res.getRequestID()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert); Cipher c = Cipher.getInstance("RSA", "BC"); c.init(Cipher.DECRYPT_MODE, signercert); byte[] signres1 = c.doFinal((byte[]) ((ArrayList<?>) res.getProcessedData()).get(0)); if (!arrayEquals(signreq1, signres1)) { assertTrue("First MRTD doesn't match with request", false); } byte[] signres2 = c.doFinal((byte[]) ((ArrayList<?>) res.getProcessedData()).get(1)); if (!arrayEquals(signreq2, signres2)) { assertTrue("Second MRTD doesn't match with request", false); } assertTrue(signercert.getPublicKey().equals(pkcs10.getPublicKey())); reqData = workerSession.getCertificateRequest(88, crInfo, false); assertNotNull(reqData); assertTrue(reqData instanceof Base64SignerCertReqData); PKCS10CertificationRequest pkcs10_2 = new PKCS10CertificationRequest( Base64.decode(((Base64SignerCertReqData) reqData).getBase64CertReq())); assertTrue(pkcs10_2.getPublicKey() != null); assertFalse(pkcs10_2.getPublicKey().equals(pkcs10.getPublicKey())); workerSession.deactivateSigner(88); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_OFFLINE); try { res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); assertTrue(false); } catch (CryptoTokenOfflineException e) { } workerSession.activateSigner(88, "anypwd"); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_ACTIVE); res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); }
From source file:org.votingsystem.model.currency.Currency.java
License:Open Source License
public Currency(PKCS10CertificationRequest csr) throws ExceptionVS, IOException { this.csr = csr; CertificationRequestInfo info = csr.getCertificationRequestInfo(); Enumeration csrAttributes = info.getAttributes().getObjects(); CurrencyCertExtensionDto certExtensionDto = null; while (csrAttributes.hasMoreElements()) { DERTaggedObject attribute = (DERTaggedObject) csrAttributes.nextElement(); switch (attribute.getTagNo()) { case ContextVS.CURRENCY_TAG: String certAttributeJSONStr = ((DERUTF8String) attribute.getObject()).getString(); certExtensionDto = JSON.getMapper().readValue(certAttributeJSONStr, CurrencyCertExtensionDto.class); break; }/* ww w . jav a 2 s . co m*/ } initCertData(certExtensionDto, info.getSubject().toString()); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 Certificate from CSR// w w w. j ava2 s . com */ public static X509Certificate signCSR(PKCS10CertificationRequest csr, String organizationalUnit, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, DERTaggedObject... certExtensions) throws Exception { String strSubjectDN = csr.getCertificationRequestInfo().getSubject().toString(); if (!csr.verify() || strSubjectDN == null) throw new Exception("ERROR VERIFYING CSR"); if (organizationalUnit != null) strSubjectDN = organizationalUnit + "," + strSubjectDN; X509Certificate issuedCert = generateV3EndEntityCertFromCsr(csr, caKey, caCert, dateBegin, dateFinish, strSubjectDN, certExtensions); return issuedCert; }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 Certificate from CSR/*from w w w . java2 s . co m*/ */ public static X509Certificate generateV3EndEntityCertFromCsr(PKCS10CertificationRequest csr, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String strSubjectDN, DERTaggedObject... certExtensions) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); PublicKey requestPublicKey = csr.getPublicKey(); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); log.info("generateV3EndEntityCertFromCsr - SubjectX500Principal(): " + caCert.getSubjectX500Principal()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(requestPublicKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(requestPublicKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));//Certificado final certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes(); if (attributes != null) { for (int i = 0; i != attributes.size(); i++) { if (attributes.getObjectAt(i) instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) attributes.getObjectAt(i); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } else { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } } } if (certExtensions != null) { for (DERTaggedObject taggedObject : certExtensions) { if (taggedObject != null) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } log.log(Level.FINE, "null taggedObject"); } } X509Certificate cert = certGen.generate(caKey, ContextVS.PROVIDER); cert.verify(caCert.getPublicKey()); return cert; }
From source file:tutorial.psesample.old.SwingUI.java
License:Open Source License
private void ownerSignCSRButtonActionPerformed(java.awt.event.ActionEvent evt) { // GEN-FIRST:event_ownerSignCSRButtonActionPerformed if (null == ownerCredential) { authenticationStatus.setText("Not authenticated -- cannot sign certificates."); return;// ww w.jav a 2 s.c om } PSEUtils.IssuerInfo issuer = null; X509Certificate[] issuerChain = null; issuerChain = ownerCredential.getCertificateChain(); PrivateKey issuerKey = null; try { issuerKey = ownerCredential.getPrivateKey(); } catch (IllegalStateException notLocal) { ; } if (null == issuerKey) { authenticationStatus.setText("Owner credential is not a local login credential."); return; } issuer = new PSEUtils.IssuerInfo(); issuer.cert = issuerChain[0]; issuer.subjectPkey = issuerKey; org.bouncycastle.jce.PKCS10CertificationRequest csr; try { JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showOpenDialog(this); XMLDocument csr_doc = null; if (returnVal == JFileChooser.APPROVE_OPTION) { FileReader csr_file = new FileReader(fc.getSelectedFile()); csr_doc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, csr_file); csr_file.close(); } else { authenticationStatus.setText("Certificate signing cancelled."); return; } net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest( csr_doc); csr = csr_msg.getCSR(); } catch (IOException failed) { authenticationStatus.setText("Failed to read certificate signing request: " + failed); return; } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.DATE, 10 * 365); Date until = cal.getTime(); // generate cert try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Principal(true, issuer.cert.getSubjectX500Principal().getName())); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(csr.getPublicKey()); // certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1withRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert // the cert X509Certificate newCert = certGen.generateX509Certificate(issuer.subjectPkey); net.jxta.impl.protocol.Certificate cert_msg = new net.jxta.impl.protocol.Certificate(); List<X509Certificate> newChain = new ArrayList<X509Certificate>(Arrays.asList(issuerChain)); newChain.add(0, newCert); cert_msg.setCertificates(newChain); XMLDocument asXML = (XMLDocument) cert_msg.getDocument(MimeMediaType.XMLUTF8); JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showSaveDialog(this); if (returnVal == JFileChooser.APPROVE_OPTION) { FileWriter csr_file = new FileWriter(fc.getSelectedFile()); asXML.sendToWriter(csr_file); csr_file.close(); authenticationStatus.setText("Signed admin certificate saved."); } else { authenticationStatus.setText("Save admin certificate cancelled."); } } catch (NoSuchAlgorithmException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (NoSuchProviderException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (InvalidKeyException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (SignatureException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (IOException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } }
From source file:tutorial.psesample.old.SwingUI.java
License:Open Source License
private void adminSignCSRButtonActionPerformed(java.awt.event.ActionEvent evt) { // GEN-FIRST:event_adminSignCSRButtonActionPerformed if (null == memberCredential) { authenticationStatus.setText("Not authenticated -- cannot sign certificates."); return;// ww w.j av a 2 s.com } PSEUtils.IssuerInfo issuer = null; X509Certificate[] issuerChain = null; issuerChain = memberCredential.getCertificateChain(); PrivateKey issuerKey = null; try { issuerKey = memberCredential.getPrivateKey(); } catch (IllegalStateException notLocal) { ; } if (null == issuerKey) { authenticationStatus.setText("Credential is not a local login credential."); return; } issuer = new PSEUtils.IssuerInfo(); issuer.cert = issuerChain[0]; issuer.subjectPkey = issuerKey; org.bouncycastle.jce.PKCS10CertificationRequest csr; try { JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showOpenDialog(this); XMLDocument csr_doc = null; if (returnVal == JFileChooser.APPROVE_OPTION) { FileReader csr_file = new FileReader(fc.getSelectedFile()); csr_doc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, csr_file); csr_file.close(); } else { authenticationStatus.setText("Certificate Signing cancelled."); return; } net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest( csr_doc); csr = csr_msg.getCSR(); } catch (IOException failed) { authenticationStatus.setText("Failed to read certificate signing request: " + failed); return; } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.DATE, 10 * 365); Date until = cal.getTime(); // generate cert try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Principal(true, issuer.cert.getSubjectX500Principal().getName())); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(csr.getPublicKey()); // certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1withRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert // the cert X509Certificate newCert = certGen.generateX509Certificate(issuer.subjectPkey); net.jxta.impl.protocol.Certificate cert_msg = new net.jxta.impl.protocol.Certificate(); List<X509Certificate> newChain = new ArrayList<X509Certificate>(Arrays.asList(issuerChain)); newChain.add(0, newCert); cert_msg.setCertificates(newChain); XMLDocument asXML = (XMLDocument) cert_msg.getDocument(MimeMediaType.XMLUTF8); JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showSaveDialog(this); if (returnVal == JFileChooser.APPROVE_OPTION) { FileWriter csr_file = new FileWriter(fc.getSelectedFile()); asXML.sendToWriter(csr_file); csr_file.close(); authenticationStatus.setText("Signed certificate saved."); } else { authenticationStatus.setText("Save certificate cancelled."); } } catch (NoSuchAlgorithmException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (NoSuchProviderException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (InvalidKeyException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (SignatureException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (IOException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } }