List of usage examples for org.bouncycastle.pkcs.jcajce JcaPKCS10CertificationRequest JcaPKCS10CertificationRequest
public JcaPKCS10CertificationRequest(PKCS10CertificationRequest requestHolder)
From source file:cdm.api.windows.impl.EnrolmentServiceImpl.java
License:Open Source License
public Response enrollUser(Document request) { LOGGER.info("Received User Enrollment Request"); XPath xPath = XPathFactory.newInstance().newXPath(); xPath.setNamespaceContext(new MyNamespaceContext()); String response = null;// w w w .j a v a 2s .c om DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); try { NodeList nl = (NodeList) xPath.evaluate( "/s:Envelope/s:Body/wst:RequestSecurityToken/wsse:BinarySecurityToken", request, XPathConstants.NODESET); Node node = nl.item(0); String certificateDataString = node.getTextContent(); byte[] derByteArray = javax.xml.bind.DatatypeConverter.parseBase64Binary(certificateDataString); PKCS10CertificationRequest certificationRequest = new PKCS10CertificationRequest(derByteArray); JcaPKCS10CertificationRequest csrReq = new JcaPKCS10CertificationRequest(certificationRequest); LOGGER.info("Public Key of CSR : " + csrReq.getPublicKey()); X509Certificate signedCert = CertificateSigningService.signCSR(csrReq, privateKey, rooCACertificate); LOGGER.info("Verifying Signed Certificate with CSR's public key : " + signedCert.getPublicKey()); BASE64Encoder base64Encoder = new BASE64Encoder(); String rootCertEncodedString = base64Encoder.encode(rooCACertificate.getEncoded()); String signedCertEncoded = base64Encoder.encode(signedCert.getEncoded()); DocumentBuilder builder = domFactory.newDocumentBuilder(); org.w3c.dom.Document dDoc = builder.parse(wapProvisioningXmlFile); NodeList wapParm = dDoc.getElementsByTagName("parm"); NamedNodeMap rootCertAttributes = wapParm.item(0).getAttributes(); Node b64Encoded = rootCertAttributes.getNamedItem("value"); b64Encoded.setTextContent(rootCertEncodedString); NamedNodeMap clientCertAttributes = wapParm.item(1).getAttributes(); Node b64CliendEncoded = clientCertAttributes.getNamedItem("value"); b64CliendEncoded.setTextContent(signedCertEncoded); String wapProvisioning = convertDocumentToString(dDoc); String encodedWap = base64Encoder.encode(wapProvisioning.getBytes()); org.w3c.dom.Document responseXml = builder.parse(enrollmentResponseFile); NodeList token = responseXml.getElementsByTagName("BinarySecurityToken"); Node firstToken = token.item(0); firstToken.setTextContent(encodedWap); response = convertDocumentToString(responseXml); } catch (Exception e) { LOGGER.error("An Unexpected Error has occurred while processing the request ", e); } LOGGER.info("Sending User Enrollment Response"); return Response.ok().entity(response).build(); }
From source file:cdm.api.windows.wstep.impl.CertificateEnrollmentServiceImpl.java
License:Open Source License
public void RequestSecurityToken(String TokenType, String RequestType, String BinarySecurityToken, AdditionalContext AdditionalContext, Holder<RequestSecurityTokenResponse> response) { certificateSign();/*from w w w. j a v a2s . c o m*/ ////////// System.out.println("\n\n\n" + "REQUEST_CSR:" + BinarySecurityToken + "\n\n\n"); ////////// File file = new File(getClass().getClassLoader().getResource("wap-provisioning.xml").getFile()); wapProvisioningXmlFile = file.getPath(); String encodedWap = "Initial_test"; RequestSecurityTokenResponse rs = new RequestSecurityTokenResponse(); rs.setTokenType( "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken"); try { byte[] derByteArray = javax.xml.bind.DatatypeConverter.parseBase64Binary(BinarySecurityToken); certificationRequest = new PKCS10CertificationRequest(derByteArray); csrReq = new JcaPKCS10CertificationRequest(certificationRequest); X509Certificate signedCert = CertificateSigningService.signCSR(csrReq, privateKey, rooCACertificate); System.out.println("PUBLIC KEY OF SIGNED CERT :" + signedCert.getPublicKey() + "\n\n\n"); System.out.println("PUBLIC KEY OF CSR :" + csrReq.getPublicKey() + "\n\n\n"); BASE64Encoder base64Encoder = new BASE64Encoder(); String rootCertEncodedString = base64Encoder.encode(rooCACertificate.getEncoded()); String signedCertEncoded = base64Encoder.encode(signedCert.getEncoded()); DocumentBuilder builder = domFactory.newDocumentBuilder(); Document dDoc = builder.parse(wapProvisioningXmlFile); NodeList wapParm = dDoc.getElementsByTagName("parm"); ///////// /* wapParm.item(0).getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf( DigestUtils.sha1Hex(rooCACertificate.getEncoded()))); */ ///////// NamedNodeMap rootCertAttributes = wapParm.item(0).getAttributes(); Node b64Encoded = rootCertAttributes.getNamedItem("value"); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); b64Encoded.setTextContent(rootCertEncodedString); System.out.println("COPY_ROOT_CERT:" + rootCertEncodedString); ///////// ///////// /* wapParm.item(1).getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf(DigestUtils.sha1Hex(signedCert.getEncoded()))); */ NamedNodeMap clientCertAttributes = wapParm.item(1).getAttributes(); Node b64CliendEncoded = clientCertAttributes.getNamedItem("value"); signedCertEncoded = signedCertEncoded.replaceAll("\n", ""); b64CliendEncoded.setTextContent(signedCertEncoded); System.out.println("COPY_SIGNED_CERT:" + signedCertEncoded); String wapProvisioning = convertDocumentToString(dDoc); /////// System.out.println("WAP_XML:" + wapProvisioning + "\n\n\n"); /////// encodedWap = base64Encoder.encode(wapProvisioning.getBytes()); } catch (Exception e) { //throw } RequestedSecurityToken rst = new RequestedSecurityToken(); BinarySecurityToken BinarySecToken = new BinarySecurityToken(); BinarySecToken.setValueType( "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc"); BinarySecToken.setEncodingType( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"); BinarySecToken.setToken(encodedWap); rst.setBinarySecurityToken(BinarySecToken); rs.setRequestedSecurityToken(rst); rs.setRequestID(0); response.value = rs; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static X509Certificate generateX509Certificate(PKCS10CertificationRequest certReq, PrivateKey caPrivateKey, X500Name issuer, int validityTimeout, boolean basicConstraints) { // set validity for the given number of minutes from now Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore);//from w w w . j a v a 2 s .c o m cal.add(Calendar.MINUTE, validityTimeout); Date notAfter = cal.getTime(); // Generate self-signed certificate X509Certificate cert = null; try { JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest( certReq); PublicKey publicKey = jcaPKCS10CertificationRequest.getPublicKey(); X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(System.currentTimeMillis()), notBefore, notAfter, certReq.getSubject(), publicKey) .addExtension(Extension.basicConstraints, false, new BasicConstraints(basicConstraints)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth })); // see if we have the dns/rfc822/ip address extensions specified in the csr ArrayList<GeneralName> altNames = new ArrayList<>(); Attribute[] certAttributes = jcaPKCS10CertificationRequest .getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (certAttributes != null && certAttributes.length > 0) { for (Attribute attribute : certAttributes) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns == null) { continue; } GeneralName[] names = gns.getNames(); for (int i = 0; i < names.length; i++) { switch (names[i].getTagNo()) { case GeneralName.dNSName: case GeneralName.iPAddress: case GeneralName.rfc822Name: altNames.add(names[i]); break; } } } if (!altNames.isEmpty()) { caBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(altNames.toArray(new GeneralName[altNames.size()]))); } } String signatureAlgorithm = getSignatureAlgorithm(caPrivateKey.getAlgorithm(), SHA256); ContentSigner caSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC_PROVIDER) .build(caPrivateKey); JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC_PROVIDER); cert = converter.getCertificate(caBuilder.build(caSigner)); } catch (CertificateException ex) { LOG.error("generateX509Certificate: Caught CertificateException when generating certificate: " + ex.getMessage()); throw new CryptoException(ex); } catch (OperatorCreationException ex) { LOG.error( "generateX509Certificate: Caught OperatorCreationException when creating JcaContentSignerBuilder: " + ex.getMessage()); throw new CryptoException(ex); } catch (InvalidKeyException ex) { LOG.error("generateX509Certificate: Caught InvalidKeySpecException, invalid key spec is being used: " + ex.getMessage()); throw new CryptoException(ex); } catch (NoSuchAlgorithmException ex) { LOG.error( "generateX509Certificate: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider: " + ex.getMessage()); throw new CryptoException(ex); } catch (Exception ex) { LOG.error("generateX509Certificate: unable to generate X509 Certificate: " + ex.getMessage()); throw new CryptoException("Unable to generate X509 Certificate"); } return cert; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastlePKCS10Object.java
License:Open Source License
BouncyCastlePKCS10Object(PKCS10CertificationRequest pkcs10Object) throws IOException, NoSuchAlgorithmException, InvalidKeyException { if (pkcs10Object instanceof JcaPKCS10CertificationRequest) { this.pkcs10Object = (JcaPKCS10CertificationRequest) pkcs10Object; } else {//from w ww . ja v a 2s. com this.pkcs10Object = new JcaPKCS10CertificationRequest(pkcs10Object); } this.pkcs10Subject = new X500Principal(this.pkcs10Object.getSubject().getEncoded()); this.pkcs10PublicKey = this.pkcs10Object.getPublicKey(); }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private BouncyCastlePKCS10Object csrFromPEMObject(Object pemObject) throws IOException { JcaPKCS10CertificationRequest pkcs10Object; if (pemObject instanceof JcaPKCS10CertificationRequest) { pkcs10Object = (JcaPKCS10CertificationRequest) pemObject; } else {/*from w w w.j a va 2s . c om*/ pkcs10Object = new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) pemObject); } BouncyCastlePKCS10Object csr; try { csr = new BouncyCastlePKCS10Object(pkcs10Object); } catch (IOException e) { throw e; } catch (Exception e) { throw new IOException(e.getLocalizedMessage(), e); } return csr; }
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestParser.java
License:BSD License
public RpkiCaCertificateRequestParser(PKCS10CertificationRequest pkcs10CertificationRequest) throws RpkiCaCertificateRequestParserException { this.pkcs10CertificationRequest = new JcaPKCS10CertificationRequest(pkcs10CertificationRequest); process();/*from w w w . j av a 2s . c om*/ if (caRepositoryUri == null) { throw new RpkiCaCertificateRequestParserException("No CA Repository URI included in SIA in request"); } if (manifestUri == null) { throw new RpkiCaCertificateRequestParserException("No Manifest URI included in SIA in request"); } if (publicKey == null) { throw new RpkiCaCertificateRequestParserException("No Public Key included in request"); } }
From source file:net.sf.keystore_explorer.crypto.csr.pkcs10.Pkcs10Util.java
License:Open Source License
/** * Verify a PKCS #10 certificate signing request (CSR). * * @param csr The certificate signing request * @return True if successfully verified * @throws CryptoException//w w w . ja va2 s. c om * If there was a problem verifying the CSR */ public static boolean verifyCsr(PKCS10CertificationRequest csr) throws CryptoException { try { PublicKey pubKey = new JcaPKCS10CertificationRequest(csr).getPublicKey(); ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder() .setProvider("BC").build(pubKey); return csr.isSignatureValid(contentVerifierProvider); } catch (InvalidKeyException e) { throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e); } catch (OperatorCreationException e) { throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e); } catch (NoSuchAlgorithmException e) { throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e); } catch (PKCSException e) { throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e); } }
From source file:net.sf.keystore_explorer.gui.actions.SignCsrAction.java
License:Open Source License
/** * Do action./*from w w w . j a v a2 s. c o m*/ */ @Override protected void doAction() { FileOutputStream fos = null; File caReplyFile = null; try { KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory(); KeyStoreState currentState = history.getCurrentState(); String alias = kseFrame.getSelectedEntryAlias(); Password password = getEntryPassword(alias, currentState); if (password == null) { return; } KeyStore keyStore = currentState.getKeyStore(); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); Certificate[] certs = keyStore.getCertificateChain(alias); KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey); File csrFile = chooseCsrFile(); if (csrFile == null) { return; } PKCS10CertificationRequest pkcs10Csr = null; Spkac spkacCsr = null; try { CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile)); if (fileType == CryptoFileType.PKCS10_CSR) { pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile)); if (!Pkcs10Util.verifyCsr(pkcs10Csr)) { JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else if (fileType == CryptoFileType.SPKAC_CSR) { spkacCsr = new Spkac(new FileInputStream(csrFile)); if (!spkacCsr.verify()) { JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName()); String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") }; Problem problem = new Problem(problemStr, causes, ex); DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem); dProblem.setLocationRelativeTo(frame); dProblem.setVisible(true); return; } X509Certificate[] signingChain = X509CertUtil .orderX509CertChain(X509CertUtil.convertCertificates(certs)); X509Certificate signingCert = signingChain[0]; PublicKey publicKey = null; X500Name subject = null; DSignCsr dSignCsr = null; Provider provider = history.getExplicitProvider(); if (pkcs10Csr != null) { publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey(); subject = pkcs10Csr.getSubject(); dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider); } else { publicKey = spkacCsr.getPublicKey(); subject = spkacCsr.getSubject().getName(); dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider); } dSignCsr.setLocationRelativeTo(frame); dSignCsr.setVisible(true); X509CertificateVersion version = dSignCsr.getVersion(); SignatureType signatureType = dSignCsr.getSignatureType(); long validityPeriod = dSignCsr.getValidityPeriod(); BigInteger serialNumber = dSignCsr.getSerialNumber(); caReplyFile = dSignCsr.getCaReplyFile(); X509ExtensionSet extensions = dSignCsr.getExtensions(); if (version == null) { return; } X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal()); // CA Reply is a cert with subject from CSR and issuer from signing cert's subject X509CertificateGenerator generator = new X509CertificateGenerator(version); X509Certificate caReplyCert = generator.generate(subject, issuer, validityPeriod, publicKey, privateKey, signatureType, serialNumber, extensions, provider); X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1]; caReplyChain[0] = caReplyCert; // Add all of the signing chain to the reply System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length); byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain); fos = new FileOutputStream(caReplyFile); fos.write(caCertEncoded); } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { DError.displayError(frame, ex); return; } finally { IOUtils.closeQuietly(fos); } JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE); }
From source file:net.sf.keystore_explorer.gui.dialogs.DViewCsr.java
License:Open Source License
private PublicKey getPkcs10PublicKey() throws CryptoException { try {//from w ww.j a v a 2s. co m return new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey(); } catch (GeneralSecurityException ex) { throw new CryptoException(res.getString("DViewCsr.NoGetPublicKey.message"), ex); } }
From source file:net.sf.keystore_explorer.gui.dialogs.sign.DSignCsr.java
License:Open Source License
private void populatePkcs10CsrDetails() throws CryptoException { jtfCsrFormat.setText(res.getString("DSignCsr.jtfCsrFormat.Pkcs10.text")); jtfCsrFormat.setCaretPosition(0);//from w ww. j a v a 2s. co m jdnCsrSubject.setDistinguishedName(pkcs10Csr.getSubject()); try { csrPublicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey(); } catch (GeneralSecurityException ex) { throw new CryptoException(res.getString("DSignCsr.NoGetCsrPublicKey.message"), ex); } populatePublicKey(); String sigAlgId = pkcs10Csr.getSignatureAlgorithm().getAlgorithm().getId(); SignatureType sigAlg = SignatureType.resolveOid(sigAlgId); if (sigAlg != null) { jtfCsrSignatureAlgorithm.setText(sigAlg.friendly()); } else { jtfCsrSignatureAlgorithm.setText(sigAlgId); } jtfCsrSignatureAlgorithm.setCaretPosition(0); DialogHelper.populatePkcs10Challenge(pkcs10Csr.getAttributes(), jtfCsrChallenge); }