List of usage examples for org.bouncycastle.jce PKCS10CertificationRequest getPublicKey
public PublicKey getPublicKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 Certificate from CSR/*from ww w . j a v a 2s . co m*/ */ public static X509Certificate generateV3EndEntityCertFromCsr(PKCS10CertificationRequest csr, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String strSubjectDN, DERTaggedObject... certExtensions) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); PublicKey requestPublicKey = csr.getPublicKey(); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); log.info("generateV3EndEntityCertFromCsr - SubjectX500Principal(): " + caCert.getSubjectX500Principal()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(requestPublicKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(requestPublicKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));//Certificado final certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes(); if (attributes != null) { for (int i = 0; i != attributes.size(); i++) { if (attributes.getObjectAt(i) instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) attributes.getObjectAt(i); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } else { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } } } if (certExtensions != null) { for (DERTaggedObject taggedObject : certExtensions) { if (taggedObject != null) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } log.log(Level.FINE, "null taggedObject"); } } X509Certificate cert = certGen.generate(caKey, ContextVS.PROVIDER); cert.verify(caCert.getPublicKey()); return cert; }
From source file:tutorial.psesample.old.SwingUI.java
License:Open Source License
private void ownerSignCSRButtonActionPerformed(java.awt.event.ActionEvent evt) { // GEN-FIRST:event_ownerSignCSRButtonActionPerformed if (null == ownerCredential) { authenticationStatus.setText("Not authenticated -- cannot sign certificates."); return;/*from w w w .j a v a 2 s. co m*/ } PSEUtils.IssuerInfo issuer = null; X509Certificate[] issuerChain = null; issuerChain = ownerCredential.getCertificateChain(); PrivateKey issuerKey = null; try { issuerKey = ownerCredential.getPrivateKey(); } catch (IllegalStateException notLocal) { ; } if (null == issuerKey) { authenticationStatus.setText("Owner credential is not a local login credential."); return; } issuer = new PSEUtils.IssuerInfo(); issuer.cert = issuerChain[0]; issuer.subjectPkey = issuerKey; org.bouncycastle.jce.PKCS10CertificationRequest csr; try { JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showOpenDialog(this); XMLDocument csr_doc = null; if (returnVal == JFileChooser.APPROVE_OPTION) { FileReader csr_file = new FileReader(fc.getSelectedFile()); csr_doc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, csr_file); csr_file.close(); } else { authenticationStatus.setText("Certificate signing cancelled."); return; } net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest( csr_doc); csr = csr_msg.getCSR(); } catch (IOException failed) { authenticationStatus.setText("Failed to read certificate signing request: " + failed); return; } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.DATE, 10 * 365); Date until = cal.getTime(); // generate cert try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Principal(true, issuer.cert.getSubjectX500Principal().getName())); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(csr.getPublicKey()); // certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1withRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert // the cert X509Certificate newCert = certGen.generateX509Certificate(issuer.subjectPkey); net.jxta.impl.protocol.Certificate cert_msg = new net.jxta.impl.protocol.Certificate(); List<X509Certificate> newChain = new ArrayList<X509Certificate>(Arrays.asList(issuerChain)); newChain.add(0, newCert); cert_msg.setCertificates(newChain); XMLDocument asXML = (XMLDocument) cert_msg.getDocument(MimeMediaType.XMLUTF8); JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showSaveDialog(this); if (returnVal == JFileChooser.APPROVE_OPTION) { FileWriter csr_file = new FileWriter(fc.getSelectedFile()); asXML.sendToWriter(csr_file); csr_file.close(); authenticationStatus.setText("Signed admin certificate saved."); } else { authenticationStatus.setText("Save admin certificate cancelled."); } } catch (NoSuchAlgorithmException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (NoSuchProviderException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (InvalidKeyException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (SignatureException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (IOException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } }
From source file:tutorial.psesample.old.SwingUI.java
License:Open Source License
private void adminSignCSRButtonActionPerformed(java.awt.event.ActionEvent evt) { // GEN-FIRST:event_adminSignCSRButtonActionPerformed if (null == memberCredential) { authenticationStatus.setText("Not authenticated -- cannot sign certificates."); return;//from w w w. j a va2 s . c om } PSEUtils.IssuerInfo issuer = null; X509Certificate[] issuerChain = null; issuerChain = memberCredential.getCertificateChain(); PrivateKey issuerKey = null; try { issuerKey = memberCredential.getPrivateKey(); } catch (IllegalStateException notLocal) { ; } if (null == issuerKey) { authenticationStatus.setText("Credential is not a local login credential."); return; } issuer = new PSEUtils.IssuerInfo(); issuer.cert = issuerChain[0]; issuer.subjectPkey = issuerKey; org.bouncycastle.jce.PKCS10CertificationRequest csr; try { JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showOpenDialog(this); XMLDocument csr_doc = null; if (returnVal == JFileChooser.APPROVE_OPTION) { FileReader csr_file = new FileReader(fc.getSelectedFile()); csr_doc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, csr_file); csr_file.close(); } else { authenticationStatus.setText("Certificate Signing cancelled."); return; } net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest( csr_doc); csr = csr_msg.getCSR(); } catch (IOException failed) { authenticationStatus.setText("Failed to read certificate signing request: " + failed); return; } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.DATE, 10 * 365); Date until = cal.getTime(); // generate cert try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Principal(true, issuer.cert.getSubjectX500Principal().getName())); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(csr.getPublicKey()); // certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1withRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert // the cert X509Certificate newCert = certGen.generateX509Certificate(issuer.subjectPkey); net.jxta.impl.protocol.Certificate cert_msg = new net.jxta.impl.protocol.Certificate(); List<X509Certificate> newChain = new ArrayList<X509Certificate>(Arrays.asList(issuerChain)); newChain.add(0, newCert); cert_msg.setCertificates(newChain); XMLDocument asXML = (XMLDocument) cert_msg.getDocument(MimeMediaType.XMLUTF8); JFileChooser fc = new JFileChooser(); // In response to a button click: int returnVal = fc.showSaveDialog(this); if (returnVal == JFileChooser.APPROVE_OPTION) { FileWriter csr_file = new FileWriter(fc.getSelectedFile()); asXML.sendToWriter(csr_file); csr_file.close(); authenticationStatus.setText("Signed certificate saved."); } else { authenticationStatus.setText("Save certificate cancelled."); } } catch (NoSuchAlgorithmException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (NoSuchProviderException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (InvalidKeyException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (SignatureException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } catch (IOException failed) { authenticationStatus.setText("Certificate signing failed:" + failed.getMessage()); } }