List of usage examples for org.bouncycastle.pkcs.jcajce JcaPKCS10CertificationRequestBuilder addAttribute
public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue)
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestBuilder.java
License:BSD License
public PKCS10CertificationRequest build(KeyPair keyPair) { try {/*from www .j a v a2 s . co m*/ Extensions extensions = createExtensions(); ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(signatureProvider) .build(keyPair.getPrivate()); JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); return builder.build(signer); } catch (Exception e) { throw new RpkiCaCertificateRequestBuilderException(e); } }
From source file:net.sf.keystore_explorer.crypto.csr.pkcs10.Pkcs10Util.java
License:Open Source License
/** * Create a PKCS #10 certificate signing request (CSR) using the supplied * certificate, private key and signature algorithm. * * @param cert//from w w w. java 2s. co m * The certificate * @param privateKey * The private key * @param signatureType * Signature * @param challenge * Challenge, optional, pass null if not required * @param unstructuredName * An optional company name, pass null if not required * @param useExtensions * Use extensions from cert for extensionRequest attribute? * @throws CryptoException * If there was a problem generating the CSR * @return The CSR */ public static PKCS10CertificationRequest generateCsr(X509Certificate cert, PrivateKey privateKey, SignatureType signatureType, String challenge, String unstructuredName, boolean useExtensions, Provider provider) throws CryptoException { try { JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( cert.getSubjectX500Principal(), cert.getPublicKey()); // add challenge attribute if (challenge != null) { // PKCS#9 2.0: SHOULD use UTF8String encoding csrBuilder.addAttribute(pkcs_9_at_challengePassword, new DERUTF8String(challenge)); } if (unstructuredName != null) { csrBuilder.addAttribute(pkcs_9_at_unstructuredName, new DERUTF8String(unstructuredName)); } if (useExtensions) { // add extensionRequest attribute with all extensions from the certificate Certificate certificate = Certificate.getInstance(cert.getEncoded()); Extensions extensions = certificate.getTBSCertificate().getExtensions(); if (extensions != null) { csrBuilder.addAttribute(pkcs_9_at_extensionRequest, extensions.toASN1Primitive()); } } // fall back to bouncy castle provider if given provider does not support the requested algorithm if (provider != null && provider.getService("Signature", signatureType.jce()) == null) { provider = new BouncyCastleProvider(); } ContentSigner contentSigner = null; if (provider == null) { contentSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey); } else { contentSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider) .build(privateKey); } PKCS10CertificationRequest csr = csrBuilder.build(contentSigner); if (!verifyCsr(csr)) { throw new CryptoException(res.getString("NoVerifyGenPkcs10Csr.exception.message")); } return csr; } catch (CertificateEncodingException e) { throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e); } catch (OperatorCreationException e) { throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e); } }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static JcaPKCS10CertificationRequest generateCertificationRequest(String requestedDn, String domainAlternativeNames, KeyPair keyPair, String signingAlgorithm) throws OperatorCreationException { JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(requestedDn), keyPair.getPublic()); // add Subject Alternative Name(s) try {/* w w w . j a va2 s . c om*/ jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createDomainAlternativeNamesExtensions(domainAlternativeNames, requestedDn)); } catch (IOException e) { throw new OperatorCreationException( "Error while adding " + domainAlternativeNames + " as Subject Alternative Name.", e); } JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signingAlgorithm); return new JcaPKCS10CertificationRequest( jcaPKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()))); }
From source file:org.elasticsearch.xpack.core.ssl.CertGenUtils.java
License:Open Source License
/** * Generates a certificate signing request * * @param keyPair the key pair that will be associated by the certificate generated from the certificate signing request * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN) * @param sanList the subject alternative names that should be added to the certificate as an X509v3 extension. May be * {@code null}/*from w ww . ja v a2s . com*/ * @return a certificate signing request */ static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal principal, GeneralNames sanList) throws IOException, OperatorCreationException { Objects.requireNonNull(keyPair, "Key-Pair must not be null"); Objects.requireNonNull(keyPair.getPublic(), "Public-Key must not be null"); Objects.requireNonNull(principal, "Principal must not be null"); JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic()); if (sanList != null) { ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, sanList); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); } return builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(CertGenUtils.BC_PROV) .build(keyPair.getPrivate())); }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
protected PKCS10CertificationRequest generateCertificateRequest() throws IOException, OperatorCreationException, NoSuchAlgorithmException { PublicKey publicKey = loadPublicKey(); PrivateKey privateKey = loadPrivateKey(); final X500Name name = createSubjectNameBuilder(); JcaPKCS10CertificationRequestBuilder certReqBuilder = new JcaPKCS10CertificationRequestBuilder(name, publicKey);/*from ww w . ja v a 2 s . co m*/ List<Extension> extensionList = createExtensions(publicKey, null); Extensions extensions = new Extensions(extensionList.toArray(new Extension[extensionList.size()])); certReqBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); final String signatureAlgorithm = getProperty(PROPERTY_CSR_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer = csBuilder.build(privateKey); return certReqBuilder.build(signer); }