List of usage examples for org.bouncycastle.pkcs.jcajce JcaPKCS10CertificationRequestBuilder build
public PKCS10CertificationRequest build(ContentSigner signer)
From source file:edu.vt.alerts.android.library.tasks.RegistrationTask.java
License:Apache License
private PKCS10CertificationRequest generateCSR(KeyPair keyPair) throws Exception { JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name("CN=edu.vt.alerts.mobile.android"), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(CSR_SIGNER_ALGORITHM).setProvider(CSR_SIGNER_PROVIDER) .build(keyPair.getPrivate()); return builder.build(signer); }
From source file:ee.ria.xroad.signer.protocol.handler.GenerateCertRequestRequestHandler.java
License:Open Source License
@Override protected Object handle(GenerateCertRequest message) throws Exception { TokenAndKey tokenAndKey = TokenManager.findTokenAndKey(message.getKeyId()); if (!TokenManager.isKeyAvailable(tokenAndKey.getKeyId())) { throw keyNotAvailable(tokenAndKey.getKeyId()); }/*from w w w. j a v a 2 s. c o m*/ if (message.getKeyUsage() == KeyUsageInfo.AUTHENTICATION && !SoftwareTokenType.ID.equals(tokenAndKey.getTokenId())) { throw CodedException.tr(X_WRONG_CERT_USAGE, "auth_cert_under_softtoken", "Authentication certificate requests can only be created under software tokens"); } if (tokenAndKey.getKey().getPublicKey() == null) { throw new CodedException(X_INTERNAL_ERROR, "Key '%s' has no public key", message.getKeyId()); } PublicKey publicKey = readPublicKey(tokenAndKey.getKey().getPublicKey()); JcaPKCS10CertificationRequestBuilder certRequestBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(message.getSubjectName()), publicKey); ContentSigner signer = new TokenContentSigner(tokenAndKey); PKCS10CertificationRequest generatedRequest = certRequestBuilder.build(signer); String certReqId = TokenManager.addCertRequest(tokenAndKey.getKeyId(), message.getMemberId(), message.getSubjectName(), message.getKeyUsage()); return new GenerateCertRequestResponse(certReqId, convert(generatedRequest, message.getFormat()), message.getFormat()); }
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestBuilder.java
License:BSD License
public PKCS10CertificationRequest build(KeyPair keyPair) { try {//ww w .j a v a 2 s .c o m Extensions extensions = createExtensions(); ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(signatureProvider) .build(keyPair.getPrivate()); JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); return builder.build(signer); } catch (Exception e) { throw new RpkiCaCertificateRequestBuilderException(e); } }
From source file:net.sf.keystore_explorer.crypto.csr.pkcs10.Pkcs10Util.java
License:Open Source License
/** * Create a PKCS #10 certificate signing request (CSR) using the supplied * certificate, private key and signature algorithm. * * @param cert//from ww w .ja va 2s.c o m * The certificate * @param privateKey * The private key * @param signatureType * Signature * @param challenge * Challenge, optional, pass null if not required * @param unstructuredName * An optional company name, pass null if not required * @param useExtensions * Use extensions from cert for extensionRequest attribute? * @throws CryptoException * If there was a problem generating the CSR * @return The CSR */ public static PKCS10CertificationRequest generateCsr(X509Certificate cert, PrivateKey privateKey, SignatureType signatureType, String challenge, String unstructuredName, boolean useExtensions, Provider provider) throws CryptoException { try { JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( cert.getSubjectX500Principal(), cert.getPublicKey()); // add challenge attribute if (challenge != null) { // PKCS#9 2.0: SHOULD use UTF8String encoding csrBuilder.addAttribute(pkcs_9_at_challengePassword, new DERUTF8String(challenge)); } if (unstructuredName != null) { csrBuilder.addAttribute(pkcs_9_at_unstructuredName, new DERUTF8String(unstructuredName)); } if (useExtensions) { // add extensionRequest attribute with all extensions from the certificate Certificate certificate = Certificate.getInstance(cert.getEncoded()); Extensions extensions = certificate.getTBSCertificate().getExtensions(); if (extensions != null) { csrBuilder.addAttribute(pkcs_9_at_extensionRequest, extensions.toASN1Primitive()); } } // fall back to bouncy castle provider if given provider does not support the requested algorithm if (provider != null && provider.getService("Signature", signatureType.jce()) == null) { provider = new BouncyCastleProvider(); } ContentSigner contentSigner = null; if (provider == null) { contentSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey); } else { contentSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider) .build(privateKey); } PKCS10CertificationRequest csr = csrBuilder.build(contentSigner); if (!verifyCsr(csr)) { throw new CryptoException(res.getString("NoVerifyGenPkcs10Csr.exception.message")); } return csr; } catch (CertificateEncodingException e) { throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e); } catch (OperatorCreationException e) { throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e); } }
From source file:net.sf.keystore_explorer.gui.dialogs.DViewCsr.java
License:Open Source License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); javax.swing.UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel"); java.awt.EventQueue.invokeLater(new Runnable() { @Override//from www .j a v a 2 s . c om public void run() { try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); KeyPair keyPair = keyGen.genKeyPair(); JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=test"), keyPair.getPublic()); PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA") .setProvider("BC").build(keyPair.getPrivate())); DViewCsr dialog = new DViewCsr(new javax.swing.JFrame(), "Title", csr); dialog.addWindowListener(new java.awt.event.WindowAdapter() { @Override public void windowClosing(java.awt.event.WindowEvent e) { System.exit(0); } }); dialog.setVisible(true); } catch (Exception e) { e.printStackTrace(); } } }); }
From source file:net.sf.keystore_explorer.gui.dialogs.sign.DSignCsr.java
License:Open Source License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); javax.swing.UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel"); java.awt.EventQueue.invokeLater(new Runnable() { @Override/* w w w . j a va 2 s . co m*/ public void run() { try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024); KeyPair keyPair = keyGen.genKeyPair(); JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=test"), keyPair.getPublic()); PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA") .setProvider("BC").build(keyPair.getPrivate())); DSignCsr dialog = new DSignCsr(new javax.swing.JFrame(), csr, new File(System.getProperty("user.dir"), "test.csr"), keyPair.getPrivate(), KeyPairType.RSA, null, new BouncyCastleProvider()); dialog.addWindowListener(new java.awt.event.WindowAdapter() { @Override public void windowClosing(java.awt.event.WindowEvent e) { System.exit(0); } }); dialog.setVisible(true); } catch (Exception e) { e.printStackTrace(); } } }); }
From source file:net.sf.portecle.crypto.X509CertUtil.java
License:Open Source License
/** * Create a PKCS #10 certification request (CSR) using the supplied certificate and private key. * //from w ww .j a v a 2 s.com * @param cert The certificate * @param privateKey The private key * @throws CryptoException If there was a problem generating the CSR * @return The CSR */ public static PKCS10CertificationRequest generatePKCS10CSR(X509Certificate cert, PrivateKey privateKey) throws CryptoException { X500Name subject = new X500Name(cert.getSubjectDN().toString()); JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(subject, cert.getPublicKey()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(cert.getSigAlgName()); try { ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(cert); PKCS10CertificationRequest csr = csrBuilder.build(signerBuilder.build(privateKey)); if (!csr.isSignatureValid(prov)) { throw new CryptoException(RB.getString("NoVerifyGenCsr.exception.message")); } return csr; } catch (OperatorCreationException | PKCSException ex) { throw new CryptoException(RB.getString("NoGenerateCsr.exception.message"), ex); } }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static JcaPKCS10CertificationRequest generateCertificationRequest(String requestedDn, String domainAlternativeNames, KeyPair keyPair, String signingAlgorithm) throws OperatorCreationException { JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(requestedDn), keyPair.getPublic()); // add Subject Alternative Name(s) try {//ww w . j av a 2s. co m jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createDomainAlternativeNamesExtensions(domainAlternativeNames, requestedDn)); } catch (IOException e) { throw new OperatorCreationException( "Error while adding " + domainAlternativeNames + " as Subject Alternative Name.", e); } JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signingAlgorithm); return new JcaPKCS10CertificationRequest( jcaPKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()))); }
From source file:org.elasticsearch.xpack.core.ssl.CertGenUtils.java
License:Open Source License
/** * Generates a certificate signing request * * @param keyPair the key pair that will be associated by the certificate generated from the certificate signing request * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN) * @param sanList the subject alternative names that should be added to the certificate as an X509v3 extension. May be * {@code null}/*from w w w . ja v a 2 s .c o m*/ * @return a certificate signing request */ static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal principal, GeneralNames sanList) throws IOException, OperatorCreationException { Objects.requireNonNull(keyPair, "Key-Pair must not be null"); Objects.requireNonNull(keyPair.getPublic(), "Public-Key must not be null"); Objects.requireNonNull(principal, "Principal must not be null"); JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic()); if (sanList != null) { ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, sanList); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); } return builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(CertGenUtils.BC_PROV) .build(keyPair.getPrivate())); }
From source file:org.kse.gui.dialogs.DViewPem.java
License:Open Source License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); java.awt.EventQueue.invokeLater(new Runnable() { @Override// ww w . jav a2 s .c o m public void run() { try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); KeyPair keyPair = keyGen.genKeyPair(); JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=test"), keyPair.getPublic()); PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA") .setProvider("BC").build(keyPair.getPrivate())); DViewPem dialog = new DViewPem(new javax.swing.JFrame(), "Title", csr); dialog.addWindowListener(new java.awt.event.WindowAdapter() { @Override public void windowClosing(java.awt.event.WindowEvent e) { System.exit(0); } }); dialog.setVisible(true); } catch (Exception e) { e.printStackTrace(); } } }); }