List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest getEncoded
public byte[] getEncoded() throws IOException
From source file:org.ejbca.core.protocol.ws.CommonEjbcaWS.java
License:Open Source License
protected void generatePkcs10() throws Exception { UserDataVOWS user1 = new UserDataVOWS(); user1.setUsername(CA1_WSTESTUSER1);//from w ww. j a v a2 s . c o m user1.setPassword(PASSWORD); user1.setClearPwd(true); user1.setSubjectDN(getDN(CA1_WSTESTUSER1)); user1.setCaName(CA1); user1.setStatus(UserDataVOWS.STATUS_NEW); user1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED); user1.setEndEntityProfileName(WS_EEPROF_EI); user1.setCertificateProfileName(WS_CERTPROF_EI); ejbcaraws.editUser(user1); final AuthenticationToken admin = new TestAlwaysAllowLocalAuthenticationToken( new UsernamePrincipal("SYSTEMTEST")); PKCS10CertificationRequest pkcs10 = getP10Request(); // Submit the request CertificateResponse certenv = ejbcaraws.pkcs10Request(CA1_WSTESTUSER1, PASSWORD, new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE); assertNotNull(certenv); X509Certificate cert = (X509Certificate) CertificateHelper.getCertificate(certenv.getData()); assertNotNull(cert); assertEquals(getDN(CA1_WSTESTUSER1), cert.getSubjectDN().toString()); byte[] ext = cert.getExtensionValue("1.2.3.4"); // Certificate profile did not allow extension override assertNull("no extension should exist", ext); // Allow extension override CertificateProfile profile = certificateProfileSession.getCertificateProfile(WS_CERTPROF_EI); profile.setAllowExtensionOverride(true); certificateProfileSession.changeCertificateProfile(admin, WS_CERTPROF_EI, profile); // Now our extension should be possible to get in there try { ejbcaraws.editUser(user1); pkcs10 = getP10Request(); certenv = ejbcaraws.pkcs10Request(CA1_WSTESTUSER1, PASSWORD, new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE); assertNotNull(certenv); cert = (X509Certificate) CertificateHelper.getCertificate(certenv.getData()); assertNotNull(cert); assertEquals(getDN(CA1_WSTESTUSER1), cert.getSubjectDN().toString()); ext = cert.getExtensionValue("1.2.3.4"); assertNotNull("there should be an extension", ext); ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(ext)); try { DEROctetString oct = (DEROctetString) (asn1InputStream.readObject()); assertEquals("Extension did not have the correct value", "foo123", (new String(oct.getOctets())).trim()); } finally { asn1InputStream.close(); } } finally { // restore profile.setAllowExtensionOverride(false); certificateProfileSession.changeCertificateProfile(admin, WS_CERTPROF_EI, profile); } }
From source file:org.ejbca.core.protocol.ws.CommonEjbcaWS.java
License:Open Source License
protected void genTokenCertificates(boolean onlyOnce) throws Exception { GlobalConfiguration gc = (GlobalConfiguration) globalConfigurationSession .getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID); boolean originalProfileSetting = gc.getEnableEndEntityProfileLimitations(); gc.setEnableEndEntityProfileLimitations(false); globalConfigurationSession.saveConfiguration(intAdmin, gc); if (certificateProfileSession.getCertificateProfileId(WSTESTPROFILE) != 0) { certificateProfileSession.removeCertificateProfile(intAdmin, WSTESTPROFILE); }// w w w . j a v a2s .c o m { final CertificateProfile profile = new CertificateProfile( CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); profile.setAllowValidityOverride(true); certificateProfileSession.addCertificateProfile(intAdmin, WSTESTPROFILE, profile); } // first a simple test UserDataVOWS tokenUser1 = new UserDataVOWS(); tokenUser1.setUsername("WSTESTTOKENUSER1"); tokenUser1.setPassword(PASSWORD); tokenUser1.setClearPwd(true); tokenUser1.setSubjectDN("CN=WSTESTTOKENUSER1"); tokenUser1.setCaName(getAdminCAName()); tokenUser1.setEmail(null); tokenUser1.setSubjectAltName(null); tokenUser1.setStatus(UserDataVOWS.STATUS_NEW); tokenUser1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED); tokenUser1.setEndEntityProfileName("EMPTY"); tokenUser1.setCertificateProfileName("ENDUSER"); KeyPair basickeys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); PKCS10CertificationRequest basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", CertTools.stringToBcX500Name("CN=NOUSED"), basickeys.getPublic(), new DERSet(), basickeys.getPrivate(), null); ArrayList<TokenCertificateRequestWS> requests = new ArrayList<TokenCertificateRequestWS>(); TokenCertificateRequestWS tokenCertReqWS = new TokenCertificateRequestWS(); tokenCertReqWS.setCAName(getAdminCAName()); tokenCertReqWS.setCertificateProfileName(WSTESTPROFILE); tokenCertReqWS.setValidityIdDays("1"); tokenCertReqWS.setPkcs10Data(basicpkcs10.getEncoded()); tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_PKCS10_REQUEST); requests.add(tokenCertReqWS); tokenCertReqWS = new TokenCertificateRequestWS(); tokenCertReqWS.setCAName(getAdminCAName()); tokenCertReqWS.setCertificateProfileName("ENDUSER"); tokenCertReqWS.setKeyalg("RSA"); tokenCertReqWS.setKeyspec("1024"); tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_KEYSTORE_REQUEST); requests.add(tokenCertReqWS); HardTokenDataWS hardTokenDataWS = setupHardTokenDataWS("12345678"); List<TokenCertificateResponseWS> responses = ejbcaraws.genTokenCertificates(tokenUser1, requests, hardTokenDataWS, true, false); assertTrue(responses.size() == 2); Iterator<TokenCertificateResponseWS> iter = responses.iterator(); TokenCertificateResponseWS next = iter.next(); assertTrue(next.getType() == HardTokenConstants.RESPONSETYPE_CERTIFICATE_RESPONSE); Certificate cert = next.getCertificate(); X509Certificate realcert = (X509Certificate) CertificateHelper.getCertificate(cert.getCertificateData()); assertNotNull(realcert); assertTrue(realcert.getNotAfter().toString(), realcert.getNotAfter().before(new Date(System.currentTimeMillis() + 2 * 24 * 3600 * 1000))); next = iter.next(); assertTrue(next.getType() == HardTokenConstants.RESPONSETYPE_KEYSTORE_RESPONSE); KeyStore keyStore = next.getKeyStore(); java.security.KeyStore realKeyStore = KeyStoreHelper.getKeyStore(keyStore.getKeystoreData(), HardTokenConstants.TOKENTYPE_PKCS12, PASSWORD); assertTrue(realKeyStore.containsAlias("WSTESTTOKENUSER1")); assertTrue(((X509Certificate) realKeyStore.getCertificate("WSTESTTOKENUSER1")).getNotAfter() .after(new Date(System.currentTimeMillis() + 48 * 24 * 3600 * 1000))); if (!onlyOnce) { try { responses = ejbcaraws.genTokenCertificates(tokenUser1, requests, hardTokenDataWS, false, false); assertTrue(false); } catch (HardTokenExistsException_Exception e) { } } certificateProfileSession.removeCertificateProfile(intAdmin, WSTESTPROFILE); gc.setEnableEndEntityProfileLimitations(originalProfileSetting); globalConfigurationSession.saveConfiguration(intAdmin, gc); }
From source file:org.ejbca.core.protocol.ws.CommonEjbcaWS.java
License:Open Source License
protected void generatePkcs10Request() throws Exception { // Change token to P12 UserMatch usermatch = new UserMatch(); usermatch.setMatchwith(UserMatch.MATCH_WITH_USERNAME); usermatch.setMatchtype(UserMatch.MATCH_TYPE_EQUALS); usermatch.setMatchvalue(CA1_WSTESTUSER1); List<UserDataVOWS> userdatas = ejbcaraws.findUser(usermatch); assertTrue(userdatas != null);// w ww . java2 s.co m assertTrue(userdatas.size() == 1); userdatas.get(0).setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED); userdatas.get(0).setStatus(UserDataVOWS.STATUS_NEW); userdatas.get(0).setPassword(PASSWORD); userdatas.get(0).setClearPwd(true); ejbcaraws.editUser(userdatas.get(0)); KeyPair keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); PKCS10CertificationRequest pkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX500Name("CN=NOUSED"), keys.getPublic(), new DERSet(), keys.getPrivate(), null); CertificateResponse certenv = ejbcaraws.pkcs10Request(CA1_WSTESTUSER1, PASSWORD, new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE); assertNotNull(certenv); assertTrue(certenv.getResponseType().equals(CertificateHelper.RESPONSETYPE_CERTIFICATE)); X509Certificate cert = (X509Certificate) CertificateHelper.getCertificate(certenv.getData()); assertNotNull(cert); assertTrue(cert.getSubjectDN().toString().equals(getDN(CA1_WSTESTUSER1))); ejbcaraws.editUser(userdatas.get(0)); certenv = ejbcaraws.pkcs10Request(CA1_WSTESTUSER1, PASSWORD, new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_PKCS7); assertTrue(certenv.getResponseType().equals(CertificateHelper.RESPONSETYPE_PKCS7)); CMSSignedData cmsSignedData = new CMSSignedData(CertificateHelper.getPKCS7(certenv.getData())); assertTrue(cmsSignedData != null); Store certStore = cmsSignedData.getCertificates(); assertTrue(certStore.getMatches(null).size() == 1); }
From source file:org.ejbca.core.protocol.ws.CommonEjbcaWS.java
License:Open Source License
protected void errorOnGeneratePkcs10() throws Exception { // Add a user for this test purpose. UserDataVOWS user1 = new UserDataVOWS(); user1.setUsername("WSTESTUSER30"); user1.setPassword("foo1234"); user1.setClearPwd(true);//from w w w . ja v a 2 s .c o m user1.setSubjectDN("CN=WSTESTUSER30"); user1.setEmail(null); user1.setSubjectAltName(null); user1.setStatus(UserDataVOWS.STATUS_NEW); user1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED); user1.setEndEntityProfileName("EMPTY"); user1.setCertificateProfileName("ENDUSER"); user1.setCaName(getAdminCAName()); ejbcaraws.editUser(user1); KeyPair keys = null; PKCS10CertificationRequest pkcs10 = null; ErrorCode errorCode = null; // ///// Check Error.LOGIN_ERROR /////// keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); pkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", CertTools.stringToBcX500Name("CN=WSTESTUSER30"), keys.getPublic(), new DERSet(), keys.getPrivate(), null); try { ejbcaraws.pkcs10Request("WSTESTUSER30", PASSWORD, new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE); } catch (EjbcaException_Exception e) { errorCode = e.getFaultInfo().getErrorCode(); } assertNotNull("error code should not be null", errorCode); assertEquals(errorCode.getInternalErrorCode(), org.cesecore.ErrorCode.LOGIN_ERROR.getInternalErrorCode()); errorCode = null; // ///// Check Error.USER_WRONG_STATUS /////// user1.setStatus(EndEntityConstants.STATUS_REVOKED); ejbcaraws.editUser(user1); keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); pkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", CertTools.stringToBcX500Name("CN=WSTESTUSER30"), keys.getPublic(), new DERSet(), keys.getPrivate(), null); try { ejbcaraws.pkcs10Request("WSTESTUSER30", "foo1234", new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE); } catch (EjbcaException_Exception e) { errorCode = e.getFaultInfo().getErrorCode(); } assertNotNull("error code should not be null", errorCode); assertEquals(errorCode.getInternalErrorCode(), org.cesecore.ErrorCode.USER_WRONG_STATUS.getInternalErrorCode()); }
From source file:org.ejbca.core.protocol.ws.EjbcaWSTest.java
License:Open Source License
/** * Creates a "hardtoken" with certficates. *//* w w w. ja va 2 s . c om*/ private void createHardToken(String username, String caName, String serialNumber) throws Exception { GlobalConfiguration gc = (GlobalConfiguration) globalConfigurationSession .getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID); boolean originalProfileSetting = gc.getEnableEndEntityProfileLimitations(); gc.setEnableEndEntityProfileLimitations(false); globalConfigurationSession.saveConfiguration(intAdmin, gc); if (certificateProfileSession.getCertificateProfileId(WS_TEST_CERTIFICATE_PROFILE_NAME) != 0) { certificateProfileSession.removeCertificateProfile(intAdmin, WS_TEST_CERTIFICATE_PROFILE_NAME); } CertificateProfile profile = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); profile.setAllowValidityOverride(true); certificateProfileSession.addCertificateProfile(intAdmin, WS_TEST_CERTIFICATE_PROFILE_NAME, profile); UserDataVOWS tokenUser1 = new UserDataVOWS(); tokenUser1.setUsername(username); tokenUser1.setPassword(PASSWORD); tokenUser1.setClearPwd(true); tokenUser1.setSubjectDN("CN=" + username); tokenUser1.setCaName(caName); tokenUser1.setEmail(null); tokenUser1.setSubjectAltName(null); tokenUser1.setStatus(UserDataVOWS.STATUS_NEW); tokenUser1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED); tokenUser1.setEndEntityProfileName("EMPTY"); tokenUser1.setCertificateProfileName("ENDUSER"); KeyPair basickeys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); PKCS10CertificationRequest basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", CertTools.stringToBcX500Name("CN=NOTUSED"), basickeys.getPublic(), new DERSet(), basickeys.getPrivate(), null); ArrayList<TokenCertificateRequestWS> requests = new ArrayList<TokenCertificateRequestWS>(); TokenCertificateRequestWS tokenCertReqWS = new TokenCertificateRequestWS(); tokenCertReqWS.setCAName(caName); tokenCertReqWS.setCertificateProfileName(WS_TEST_CERTIFICATE_PROFILE_NAME); tokenCertReqWS.setValidityIdDays("1"); tokenCertReqWS.setPkcs10Data(basicpkcs10.getEncoded()); tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_PKCS10_REQUEST); requests.add(tokenCertReqWS); tokenCertReqWS = new TokenCertificateRequestWS(); tokenCertReqWS.setCAName(caName); tokenCertReqWS.setCertificateProfileName("ENDUSER"); tokenCertReqWS.setKeyalg("RSA"); tokenCertReqWS.setKeyspec("1024"); tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_KEYSTORE_REQUEST); requests.add(tokenCertReqWS); HardTokenDataWS hardTokenDataWS = new HardTokenDataWS(); hardTokenDataWS.setLabel(HardTokenConstants.LABEL_PROJECTCARD); hardTokenDataWS.setTokenType(HardTokenConstants.TOKENTYPE_SWEDISHEID); hardTokenDataWS.setHardTokenSN(serialNumber); PinDataWS basicPinDataWS = new PinDataWS(); basicPinDataWS.setType(HardTokenConstants.PINTYPE_BASIC); basicPinDataWS.setInitialPIN("1234"); basicPinDataWS.setPUK("12345678"); PinDataWS signaturePinDataWS = new PinDataWS(); signaturePinDataWS.setType(HardTokenConstants.PINTYPE_SIGNATURE); signaturePinDataWS.setInitialPIN("5678"); signaturePinDataWS.setPUK("23456789"); hardTokenDataWS.getPinDatas().add(basicPinDataWS); hardTokenDataWS.getPinDatas().add(signaturePinDataWS); List<TokenCertificateResponseWS> responses = ejbcaraws.genTokenCertificates(tokenUser1, requests, hardTokenDataWS, true, false); assertTrue(responses.size() == 2); certificateProfileSession.removeCertificateProfile(intAdmin, WS_TEST_CERTIFICATE_PROFILE_NAME); gc.setEnableEndEntityProfileLimitations(originalProfileSetting); globalConfigurationSession.saveConfiguration(intAdmin, gc); }
From source file:org.ejbca.ui.web.pub.inspect.CertAndRequestDumpBean.java
License:Open Source License
/** Dumps contents, and updates "type" variable as side-effect. * /* w w w . j ava 2 s . c o m*/ * @return String containing raw text output or null of input is null, or error message if input invalid. */ public String getDump() { String ret = null; if (bytes == null) { return null; } final byte[] requestBytes = RequestMessageUtils.getDecodedBytes(bytes); ret = getCvcDump(false); if ((ret == null) && (requestBytes != null) && (requestBytes.length > 0)) { // Not a CVC request, perhaps a PKCS10 request try { final PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest(requestBytes); // ret = pkcs10.toString(); final ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(pkcs10.getEncoded())); final ASN1Primitive obj = ais.readObject(); ais.close(); ret = ASN1Dump.dumpAsString(obj); type = "PKCS#10"; } catch (IOException e1) { // ignore, move on to certificate decoding } catch (IllegalArgumentException e1) { // ignore, move on to certificate decoding } catch (ClassCastException e2) { // ignore, move on to certificate decoding } } else if (ret != null) { type = "CVC"; } if (ret == null) { // Not a CVC object or PKCS10 request message, perhaps a X.509 certificate? try { final Certificate cert = getCert(bytes); ret = CertTools.dumpCertificateAsString(cert); type = "X.509"; } catch (Exception e) { // Not a X.509 certificate either...try to simply decode asn.1 try { final ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(bytes)); final ASN1Primitive obj = ais.readObject(); ais.close(); if (obj != null) { ret = ASN1Dump.dumpAsString(obj); type = "ASN.1"; } } catch (IOException e1) { // Last stop, say what the error is ret = e1.getMessage(); } } } return ret; }
From source file:org.ejbca.util.keystore.KeyStoreContainerBase.java
License:Open Source License
@Override public void generateCertReq(String alias, String sDN, boolean explicitEccParameters) throws Exception { PublicKey publicKey = getCertificate(alias).getPublicKey(); final PrivateKey privateKey = getPrivateKey(alias); if (log.isDebugEnabled()) { log.debug("alias: " + alias + " SHA1 of public key: " + CertTools.getFingerprintAsString(publicKey.getEncoded())); }//from w ww . j av a 2s. co m String sigAlg = (String) AlgorithmTools.getSignatureAlgorithms(publicKey).iterator().next(); if (sigAlg == null) { sigAlg = "SHA1WithRSA"; } if (sigAlg.contains("ECDSA") && explicitEccParameters) { log.info("Using explicit parameter encoding for ECC key."); publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } else { log.info("Using named curve parameter encoding for ECC key."); } X500Name sDNName = sDN != null ? new X500Name(sDN) : new X500Name("CN=" + alias); final PKCS10CertificationRequest certReq = CertTools.genPKCS10CertificationRequest(sigAlg, sDNName, publicKey, new DERSet(), privateKey, this.keyStore.getProvider().getName()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(publicKey); if (!certReq.isSignatureValid(verifier)) { String msg = intres.getLocalizedMessage("token.errorcertreqverify", alias); throw new Exception(msg); } String filename = alias + ".pem"; final Writer writer = new FileWriter(filename); writer.write(CertTools.BEGIN_CERTIFICATE_REQUEST + "\n"); writer.write(new String(Base64.encode(certReq.getEncoded()))); writer.write("\n" + CertTools.END_CERTIFICATE_REQUEST + "\n"); writer.close(); log.info("Wrote csr to file: " + filename); }
From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitives.java
License:Open Source License
/** * certificationRequestToPEM - Convert a PKCS10CertificationRequest to PEM * format./*from w ww .j a va 2 s . c om*/ * * @param csr The Certificate to convert * @return An equivalent PEM format certificate. * @throws IOException */ public String certificationRequestToPEM(PKCS10CertificationRequest csr) throws IOException { PemObject pemCSR = new PemObject("CERTIFICATE REQUEST", csr.getEncoded()); StringWriter str = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(str); pemWriter.writeObject(pemCSR); pemWriter.close(); str.close(); return str.toString(); }
From source file:org.iotivity.cloud.accountserver.resources.account.credprov.cert.GenerateCSR.java
License:Open Source License
/** * @return// w ww.j a va 2 s. c o m * @throws Exception */ public static byte[] generatePKCS10(String commonName, boolean falseKey) throws Exception { ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE); KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_GENERATOR_ALGORITHM, CertificateConstants.SECURITY_PROVIDER); g.initialize(ecSpec, new SecureRandom()); KeyPair pair = g.generateKeyPair(); privateKey = pair.getPrivate(); publicKey = pair.getPublic(); pair = g.generateKeyPair(); privateKey1 = pair.getPrivate(); publicKey1 = pair.getPublic(); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal(commonName), publicKey); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM); ContentSigner signer; if (falseKey) { signer = csBuilder.build(privateKey1); } else { signer = csBuilder.build(privateKey); } PKCS10CertificationRequest csr = p10Builder.build(signer); return csr.getEncoded(); }
From source file:org.jscep.client.Client.java
License:Open Source License
/** * Sends a CSR to the SCEP server for enrolling in a PKI. * <p>/*from w w w. jav a 2 s . c o m*/ * This method enrols the provider <tt>CertificationRequest</tt> into the * PKI represented by the SCEP server. * * @param identity * the identity of the client. * @param key * the private key to sign the SCEP request. * @param csr * the CSR to enrol. * @param profile * the SCEP server profile. * @return the certificate store returned by the server. * @throws ClientException * if any client error occurs. * @throws TransactionException * if there is a problem with the SCEP transaction. * @see CertStoreInspector */ public EnrollmentResponse enrol(final X509Certificate identity, final PrivateKey key, final PKCS10CertificationRequest csr, final String profile) throws ClientException, TransactionException { LOGGER.debug("Enrolling certificate with CA"); if (isSelfSigned(identity)) { LOGGER.debug("Certificate is self-signed"); X500Name csrSubject = csr.getSubject(); X500Name idSubject = X500Utils.toX500Name(identity.getSubjectX500Principal()); if (!csrSubject.equals(idSubject)) { LOGGER.error( "The self-signed certificate MUST use the same subject name as in the PKCS#10 request."); } } // TRANSACTIONAL // Certificate enrollment final Transport transport = createTransport(profile); PkiMessageEncoder encoder = getEncoder(identity, key, profile); PkiMessageDecoder decoder = getDecoder(identity, key, profile); final EnrollmentTransaction trans = new EnrollmentTransaction(transport, encoder, decoder, csr); try { MessageDigest digest = getCaCapabilities(profile).getStrongestMessageDigest(); byte[] hash = digest.digest(csr.getEncoded()); LOGGER.debug("{} PKCS#10 Fingerprint: [{}]", digest.getAlgorithm(), new String(Hex.encodeHex(hash))); } catch (IOException e) { LOGGER.error("Error getting encoded CSR", e); } return send(trans); }