List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest getSubject
public X500Name getSubject()
From source file:org.opendaylight.snbi.southplugin.CertificateMgmt.java
License:Open Source License
public static X509Certificate[] buildChain(String provider, KeyPair pair) throws Exception { X509Certificate rootCert = CertificateMgmt.getSavedCertificate(CertManagerConstants.BC, CertManagerConstants.SELF_SIGNED_CERT_FILE); KeyPair rootPair = KeyPairMgmt.getKeyPairFromStore(CertManagerConstants.KEY_STORE_ALIAS, CertManagerConstants.KEY_STORE_CERT_ALIAS, CertManagerConstants.STORE_TYPE.JKS); KeyPair keyPair = KeyPairMgmt.generateKeyPair(CertManagerConstants.ALGORITHM.RSA); PKCS10CertificationRequest request = generateCSRRequest("Node", pair); Calendar now = Calendar.getInstance(); Date notBefore = now.getTime(); now.add(Calendar.YEAR, 3);/*w w w . j av a 2 s.c o m*/ Date notAfter = now.getTime(); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(request.getSubject(), serial, notBefore, notAfter, request.getSubject(), rootCert.getPublicKey()); ContentSigner sigGen = new JcaContentSignerBuilder( CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()).setProvider(provider) .build(rootPair.getPrivate()); X509Certificate issuedCert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(certGen.build(sigGen)); return new X509Certificate[] { issuedCert, rootCert }; }
From source file:org.opendaylight.snbi.southplugin.SNBICAInterfaces.java
License:Open Source License
public X509Certificate generateX509Certificate(PKCS10CertificationRequest request, ContentSigner signer) { X509Certificate rootCert = CertificateMgmt.getSavedCertificate(CertManagerConstants.BC, CertManagerConstants.SELF_SIGNED_CERT_FILE); KeyPair rootPair = KeyPairMgmt.getKeyPairFromStore(CertManagerConstants.KEY_STORE_ALIAS, CertManagerConstants.KEY_STORE_CERT_ALIAS, CertManagerConstants.STORE_TYPE.JKS); // X500Name x500Name = request.getSubject(); // RDN cn = x500Name.getRDNs(BCStyle.SN)[0]; // AttributeTypeAndValue[] values = cn.getTypesAndValues(); //BigInteger serial = BigInteger.valueOf(new Long(values[0].getValue().toString()).longValue()); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); Calendar now = Calendar.getInstance(); now.add(Calendar.YEAR, -1);//from www. ja v a 2 s . c om Date notBefore = now.getTime(); now.add(Calendar.YEAR, 4); Date notAfter = now.getTime(); org.bouncycastle.asn1.x500.X500Name issuername = JcaX500NameUtil.getSubject(rootCert); JcaPKCS10CertificationRequest jpkcsreq = new JcaPKCS10CertificationRequest(request); X509v3CertificateBuilder certGen; try { certGen = new JcaX509v3CertificateBuilder(issuername, serial, notBefore, notAfter, request.getSubject(), jpkcsreq.getPublicKey()); } catch (InvalidKeyException | NoSuchAlgorithmException e1) { e1.printStackTrace(); return null; } if (signer == null) { try { signer = new JcaContentSignerBuilder(CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()) .setProvider(CertManagerConstants.BC).build(rootPair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } } try { X509Certificate issuedCert = new JcaX509CertificateConverter().setProvider(CertManagerConstants.BC) .getCertificate(certGen.build(signer)); return issuedCert; } catch (CertificateException e) { e.printStackTrace(); return null; } }
From source file:org.shredzone.acme4j.util.CSRBuilderTest.java
License:Apache License
/** * Checks if the CSR contains the right parameters. * <p>/* ww w .j a va 2s. c o m*/ * This is not supposed to be a Bouncy Castle test. If the * {@link PKCS10CertificationRequest} contains the right parameters, we assume that * Bouncy Castle encodes it properly. */ @SuppressWarnings("unchecked") private void csrTest(PKCS10CertificationRequest csr) { X500Name name = csr.getSubject(); assertThat(name.getRDNs(BCStyle.CN), arrayContaining(new RDNMatcher("abc.de"))); assertThat(name.getRDNs(BCStyle.C), arrayContaining(new RDNMatcher("XX"))); assertThat(name.getRDNs(BCStyle.L), arrayContaining(new RDNMatcher("Testville"))); assertThat(name.getRDNs(BCStyle.O), arrayContaining(new RDNMatcher("Testing Co"))); assertThat(name.getRDNs(BCStyle.OU), arrayContaining(new RDNMatcher("Testunit"))); assertThat(name.getRDNs(BCStyle.ST), arrayContaining(new RDNMatcher("ABC"))); Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); assertThat(attr.length, is(1)); ASN1Encodable[] extensions = attr[0].getAttrValues().toArray(); assertThat(extensions.length, is(1)); GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName); assertThat(names.getNames(), arrayContaining(new GeneralNameMatcher("abc.de"), new GeneralNameMatcher("fg.hi"), new GeneralNameMatcher("jklm.no"), new GeneralNameMatcher("pqr.st"), new GeneralNameMatcher("uv.wx"), new GeneralNameMatcher("y.z"))); }
From source file:org.signserver.server.cryptotokens.CryptoTokenTestBase.java
License:Open Source License
protected void importCertificateChainHelper(final String existingKey) throws NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, CertificateException, CryptoTokenOfflineException, IllegalArgumentException, CertificateEncodingException, OperationUnsupportedException, InvalidWorkerIdException, SignServerException { final String additionalAlias = "additionalKey"; try {//from ww w. ja va 2 s. co m final ISignerCertReqInfo req = new PKCS10CertReqInfo("SHA1WithRSA", "CN=imported", null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, existingKey); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest( Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(cert.getEncoded())), existingKey); List<Certificate> chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); Certificate foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); generateKey("RSA", "1024", additionalAlias); // Isse additional certificate reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, additionalAlias); csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder newCert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer2"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(newCert.getEncoded())), additionalAlias); // check that previously imported cert chain is un-affected chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); // Test that it is not allowed to import a certificate for // an other key try { final List<Certificate> chainForExistingKey = chain; final String aliasForAnOtherKey = additionalAlias; importCertificateChain(chainForExistingKey, aliasForAnOtherKey); fail("Should have thrown exception about the key not matching"); } catch (CryptoTokenOfflineException expected) { assertTrue("ex: " + expected.getMessage(), expected.getMessage().contains("does not match")); } } finally { try { destroyKey(additionalAlias); } catch (KeyStoreException ex) { LOG.error("Failed to remove additional key"); } } }
From source file:org.signserver.server.cryptotokens.KeystoreCryptoTokenTestBase.java
License:Open Source License
protected void cmsSigner(final int workerId, final boolean expectActive) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); if (expectActive) { // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); }/*from w w w . j a v a2 s .c om*/ // Test signing signGenericDocument(workerId, "Sample data".getBytes()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void pdfSignerTest() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_PDF, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_PDF, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_PDF, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_PDF, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_PDF); // Test active List<String> errors = workerSession.getStatus(WORKER_PDF).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(WORKER_PDF, readFile(pdfSampleFile)); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void tsSigner() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_TSA, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_TSA, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .addExtension(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_TSA, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_TSA, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_TSA); // Test active List<String> errors = workerSession.getStatus(WORKER_TSA).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(567, requestBytes); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER_TSA, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);//from w ww . ja va 2 s . c om final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("Token granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertNotNull("Got timestamp token", timeStampResponse.getTimeStampToken()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void mrtdsodSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder issuerCert = new JcaX509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=TestP11 Issuer"), issuerKeyPair.getPublic()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded(), issuerCert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing HashMap<Integer, byte[]> dgs = new HashMap<Integer, byte[]>(); dgs.put(1, "Yy==".getBytes()); dgs.put(2, "Yy==".getBytes()); dgs.put(3, "Yy==".getBytes()); final SODSignRequest signRequest = new SODSignRequest(233, dgs); final SODSignResponse res = (SODSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);//from w w w . j a va 2s. co m }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void cmsSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, "Sample data".getBytes()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void xmlSigner(final int workerId) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(workerId, "<sampledata/>".getBytes()); // Test removing the DEFAULTKEY property, should result in a CryptoTokenOfflineException workerSession.removeWorkerProperty(workerId, "DEFAULTKEY"); workerSession.reloadConfiguration(workerId); try {/*w ww. ja v a 2 s.c o m*/ signGenericDocument(workerId, "<sampledata/>".getBytes()); fail("Should throw a CryptoTokenOfflineException"); } catch (CryptoTokenOfflineException e) { // expected } }