List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest getSubject
public X500Name getSubject()
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
/** * This method signs a certificate signing request (CSR) using the specified certificate * authority (CA). This is a convenience method that really should be part of the * <code>CertificateManagement</code> interface except that it depends on a Bouncy Castle * class in the signature. The java security framework does not have a similar class so it * has been left out of the interface./*from w w w .j ava 2 s .c o m*/ * * @param caPrivateKey The private key for the certificate authority. * @param caCertificate The certificate containing the public key for the certificate authority. * @param request The certificate signing request (CSR) to be signed. * @param serialNumber The serial number for the new certificate. * @param lifetime How long the certificate should be valid. * * @return The newly signed certificate. */ public X509Certificate signCertificateRequest(PrivateKey caPrivateKey, X509Certificate caCertificate, PKCS10CertificationRequest request, BigInteger serialNumber, long lifetime) { try { logger.entry(); logger.debug("Extract public key and subject from the CSR..."); PublicKey publicKey = new JcaPEMKeyConverter().getPublicKey(request.getSubjectPublicKeyInfo()); String subject = request.getSubject().toString(); logger.debug("Generate and sign the certificate..."); X509Certificate result = createCertificate(caPrivateKey, caCertificate, publicKey, subject, serialNumber, lifetime); logger.exit(); return result; } catch (PEMException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to sign a certificate.", e); throw logger.throwing(exception); } }
From source file:eu.betaas.taas.securitymanager.certificate.service.impl.GWStarCertificateExtService.java
License:Apache License
public ArrayOfCertificate issueGwCertificate(byte[] gwCertReq) { log.info("Start creating a certificate for new joining GW..."); // decode the gwCertReq back to PKCS10CertificationRequest PKCS10CertificationRequest certReq = null; try {/*from www . j a va 2 s . c o m*/ certReq = new PKCS10CertificationRequest(gwCertReq); } catch (IOException e) { log.error("Error decoding the PKCS10CertificationRequest: " + e.getMessage()); e.printStackTrace(); } // retrieve the public key of the requesting GW SubjectPublicKeyInfo subPubKeyInfo = certReq.getSubjectPublicKeyInfo(); ECPublicKeyParameters ecKeyParams = null; try { ecKeyParams = (ECPublicKeyParameters) PublicKeyFactory.createKey(subPubKeyInfo); } catch (IOException e) { log.error("Error creating ECPublicKeyParameters from SubjectPublicKeyInfo: " + e.getMessage()); e.printStackTrace(); } String ufn = null; // parsing the UFN from the PKCS10CertificationRequest object ASN1Encodable[] ext = certReq.toASN1Structure().getCertificationRequestInfo().getAttributes().toArray(); for (int i = 0; i < ext.length; i++) { Enumeration en1 = ((DERSequence) ext[i]).getObjects(); while (en1.hasMoreElements()) { Object den1 = en1.nextElement(); if (den1 instanceof DERSet) { Enumeration en2 = ((DERSet) den1).getObjects(); while (en2.hasMoreElements()) { Object den2 = en2.nextElement(); if (den2 instanceof DERSequence) { Enumeration en3 = ((DERSequence) den2).getObjects(); while (en3.hasMoreElements()) { Object den3 = en3.nextElement(); if (den3 instanceof DERSequence) { Enumeration en4 = ((DERSequence) den3).getObjects(); while (en4.hasMoreElements()) { Object den4 = en4.nextElement(); if (den4 instanceof DEROctetString) { byte[] octets = ((DEROctetString) den4).getOctets(); byte[] ocs = new byte[octets.length - 4]; for (int j = 0; j < ocs.length; j++) { ocs[j] = octets[j + 4]; } InputStream is = new ByteArrayInputStream(ocs); ufn = getStringFromInputStream(is); } } } } } } } } } ArrayOfCertificate certs = null; try { certs = GWCertificateUtilsBc.createGwCredentials(certReq.getSubject(), "intermediate", "end", ecKeyParams, ufn, certPath); } catch (Exception e) { log.error("Error generating Certificate for GW: " + e.getMessage()); e.printStackTrace(); } log.info("Certificate for new joining GW has been created..."); return certs; }
From source file:eu.optimis.ics.BrokerVPNCredentials.BrokerCA.java
License:Open Source License
public byte[] getSignedCertificateBytes(byte[] sentCSRBytes) { X509CertificateHolder certHolder = null; byte[] result = null; try {//from ww w . j a v a 2 s . com PKCS10CertificationRequest certRequest = new PKCS10CertificationRequest(sentCSRBytes); PEMReader r = new PEMReader(new FileReader(caPath + "ca.crt")); X509Certificate rootCert = (X509Certificate) r.readObject(); r.close(); X500Name subject = certRequest.getSubject(); MessageDigest m = MessageDigest.getInstance("MD5"); m.update(subject.toString().getBytes(), 0, subject.toString().length()); BigInteger serial = new BigInteger(m.digest()); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)); SubjectPublicKeyInfo publicKeyInfo = certRequest.getSubjectPublicKeyInfo(); X500Name issuer = new X500Name(rootCert.getSubjectDN().toString()); X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCert)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_ipsecEndSystem)); v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature)); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(loadCAPrivateKey(caPath)); certHolder = v3CertBuilder.build(sigGen); result = certHolder.getEncoded(); } catch (Exception e) { e.printStackTrace(); } return result; }
From source file:KerberosAPI.Certificate.java
public static X509Certificate createCertFromCSR(PKCS10CertificationRequest csr, KeyPair kp, X509Certificate xCert) {/*from w w w. j ava 2s . c o m*/ Security.addProvider(new BouncyCastleProvider()); //String subject = subj; //proprietaire de la cl signer KeyPair keyPair = kp; X509Certificate x509CertCSR = null; //System.out.print("Cration d'un Certificat partir d'une CSR : "); try { Security.addProvider(new BouncyCastleProvider()); BigInteger bigInt = new BigInteger(String.valueOf(System.currentTimeMillis())); Calendar cal = Calendar.getInstance(); Date notbefore = cal.getTime(); cal.add(Calendar.YEAR, 2); Date notafter = cal.getTime(); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter parameterCa = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); SubjectPublicKeyInfo keyInfo = csr.getSubjectPublicKeyInfo(); X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder( new X500Name(xCert.getSubjectDN().getName()), bigInt, notbefore, notafter, csr.getSubject(), keyInfo); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(parameterCa); myCertificateGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); myCertificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(xCert)); SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils() .createSubjectKeyIdentifier(keyInfo); myCertificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier); KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.digitalSignature); myCertificateGenerator.addExtension(Extension.keyUsage, true, keyUsage); X509CertificateHolder holder = myCertificateGenerator.build(sigGen); java.security.cert.Certificate certificate = java.security.cert.CertificateFactory.getInstance("X.509") .generateCertificate(new ByteArrayInputStream(holder.getEncoded())); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded()); x509CertCSR = (X509Certificate) cf.generateCertificate(bais); //cert = (X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(holder.getEncoded())); if (x509CertCSR != null) { //System.out.println("OK"); return x509CertCSR; } } catch (Exception e) { System.err.println("Echec de cration de certificat pour le client avec ce csr: " + e); } return null; }
From source file:net.etfbl.cryptodigitalcertificate.tool.CryptoDCTool.java
private X509v3CertificateBuilder setupCertificateData(X509Certificate cacert, PKCS10CertificationRequest request) throws CertIOException { X500Name issuer = new X500Name(cacert.getSubjectX500Principal().getName()); BigInteger serial = new BigInteger(32, new SecureRandom()); Date from = new Date(); Date to = new Date(System.currentTimeMillis() + (DEFAULT_NUMBER_OF_DAYS * 86400000L)); X509v3CertificateBuilder certgen = new X509v3CertificateBuilder(issuer, serial, from, to, request.getSubject(), request.getSubjectPublicKeyInfo()); ////w w w . j av a2s .c om // Setup the certificate extensions // // Basic Constraints certgen.addExtension(Extension.basicConstraints, false, new BasicConstraints(false)); // Authority Key Identifier SubjectPublicKeyInfo caSubjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(cacert.getPublicKey().getEncoded()); // Key Usage certgen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.nonRepudiation | KeyUsage.keyEncipherment)); return certgen; }
From source file:net.felsing.client_cert.utilities.CertificateFabric.java
License:Open Source License
public ReqData getReqSubject(String pkcs10string) { ReqData reqData = new ReqData(); reqData.subject = null;/*from w ww .j a va 2 s .c om*/ reqData.msg = "Ok"; reqData.status = 0; pkcs10string = pkcs10string.trim(); try { byte[] reqBytes; reqBytes = CertificateFabric.parseDERFromPEM(pkcs10string.getBytes(), Constants.csrBegin, Constants.csrEnd); PKCS10CertificationRequest pkcs10CertificationRequest = new PKCS10CertificationRequest(reqBytes); reqData.subject = pkcs10CertificationRequest.getSubject().toString().replaceAll("\\+", ","); getSubjectAlternativeNames(pkcs10CertificationRequest); reqData.subjectAlternativeNames = subjectAlternativeNames; return reqData; } catch (IOException e) { reqData.msg = e.getLocalizedMessage(); reqData.status = 1; logger.warn("getReqSubject IO fucked up: " + reqData.msg); return reqData; } catch (Exception e) { reqData.msg = e.getLocalizedMessage(); reqData.status = 1; logger.warn("general fuck up: " + reqData.msg); return reqData; } }
From source file:net.jmhertlein.mcanalytics.api.auth.SSLUtil.java
License:Open Source License
/** * Given a certificate signing request, produce a signed certificate. * * @param caKey//from w ww .ja v a2 s .c o m * @param caCert * @param r * @param makeAuthority * @return */ public static X509Certificate fulfillCertRequest(PrivateKey caKey, X509Certificate caCert, PKCS10CertificationRequest r, boolean makeAuthority) { X509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), // the order of O,OU,CN returned is very important BigInteger.probablePrime(128, new SecureRandom()), Date.from(Instant.now().minusSeconds(1)), Date.from(LocalDateTime.now().plusYears(3).toInstant(ZoneOffset.UTC)), r.getSubject(), getPublicKeyFromInfo(r.getSubjectPublicKeyInfo())); try { b.addExtension(Extension.basicConstraints, true, new BasicConstraints(makeAuthority)); } catch (CertIOException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); } try { ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider("BC").build(caKey); X509CertificateHolder build = b.build(signer); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(build); } catch (OperatorCreationException | CertificateException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); return null; } }
From source file:net.jmhertlein.mcanalytics.plugin.daemon.request.AuthenticationRequestHandler.java
License:Open Source License
private boolean signClientKey(JSONObject request, JSONObject response) { String username = request.getString("username"); PKCS10CertificationRequest csr; try {/*from w ww . ja v a 2 s . com*/ csr = new PKCS10CertificationRequest(Base64.decodeBase64(request.getString("csr"))); } catch (IOException ex) { return false; } Set<String> names = SSLUtil.getCNs(csr.getSubject()); if (names.size() == 1 && names.contains(username)) { X509Certificate clientCert = SSLUtil.fulfillCertRequest(serverKey, serverCert, csr, false); try { response.put("cert", Base64.encodeBase64String(clientCert.getEncoded())); response.put("ca", Base64.encodeBase64String(serverCert.getEncoded())); return true; } catch (CertificateEncodingException ex) { Logger.getLogger(AuthenticationRequestHandler.class.getName()).log(Level.SEVERE, null, ex); return false; } } else { return false; } }
From source file:net.sf.keystore_explorer.gui.actions.SignCsrAction.java
License:Open Source License
/** * Do action.// w w w. j ava 2 s . c o m */ @Override protected void doAction() { FileOutputStream fos = null; File caReplyFile = null; try { KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory(); KeyStoreState currentState = history.getCurrentState(); String alias = kseFrame.getSelectedEntryAlias(); Password password = getEntryPassword(alias, currentState); if (password == null) { return; } KeyStore keyStore = currentState.getKeyStore(); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); Certificate[] certs = keyStore.getCertificateChain(alias); KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey); File csrFile = chooseCsrFile(); if (csrFile == null) { return; } PKCS10CertificationRequest pkcs10Csr = null; Spkac spkacCsr = null; try { CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile)); if (fileType == CryptoFileType.PKCS10_CSR) { pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile)); if (!Pkcs10Util.verifyCsr(pkcs10Csr)) { JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else if (fileType == CryptoFileType.SPKAC_CSR) { spkacCsr = new Spkac(new FileInputStream(csrFile)); if (!spkacCsr.verify()) { JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName()); String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") }; Problem problem = new Problem(problemStr, causes, ex); DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem); dProblem.setLocationRelativeTo(frame); dProblem.setVisible(true); return; } X509Certificate[] signingChain = X509CertUtil .orderX509CertChain(X509CertUtil.convertCertificates(certs)); X509Certificate signingCert = signingChain[0]; PublicKey publicKey = null; X500Name subject = null; DSignCsr dSignCsr = null; Provider provider = history.getExplicitProvider(); if (pkcs10Csr != null) { publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey(); subject = pkcs10Csr.getSubject(); dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider); } else { publicKey = spkacCsr.getPublicKey(); subject = spkacCsr.getSubject().getName(); dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider); } dSignCsr.setLocationRelativeTo(frame); dSignCsr.setVisible(true); X509CertificateVersion version = dSignCsr.getVersion(); SignatureType signatureType = dSignCsr.getSignatureType(); long validityPeriod = dSignCsr.getValidityPeriod(); BigInteger serialNumber = dSignCsr.getSerialNumber(); caReplyFile = dSignCsr.getCaReplyFile(); X509ExtensionSet extensions = dSignCsr.getExtensions(); if (version == null) { return; } X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal()); // CA Reply is a cert with subject from CSR and issuer from signing cert's subject X509CertificateGenerator generator = new X509CertificateGenerator(version); X509Certificate caReplyCert = generator.generate(subject, issuer, validityPeriod, publicKey, privateKey, signatureType, serialNumber, extensions, provider); X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1]; caReplyChain[0] = caReplyCert; // Add all of the signing chain to the reply System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length); byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain); fos = new FileOutputStream(caReplyFile); fos.write(caCertEncoded); } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { DError.displayError(frame, ex); return; } finally { IOUtils.closeQuietly(fos); } JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE); }
From source file:net.solarnetwork.node.setup.test.PKITestUtils.java
License:Open Source License
public static X509Certificate sign(PKCS10CertificationRequest csr, X509Certificate issuer, PrivateKey issuerPrivateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException, java.security.cert.CertificateException { final BigInteger serial = getNextSerialNumber(); final Date notBefore = new Date(); final Date notAfter = new Date(System.currentTimeMillis() + 24L * 60L * 60L * 1000L); X500Name issuerName = JcaX500NameUtil.getSubject(issuer); X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, csr.getSubject(), csr.getSubjectPublicKeyInfo()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(issuerPrivateKey); X509CertificateHolder holder = myCertificateGenerator.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); return converter.getCertificate(holder); }