Example usage for org.bouncycastle.pkcs PKCS10CertificationRequest getSubjectPublicKeyInfo

List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest getSubjectPublicKeyInfo

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.pkcs.*
  5. PKCS10CertificationRequest
  6. getSubjectPublicKeyInfo

Introduction

In this page you can find the example usage for org.bouncycastle.pkcs PKCS10CertificationRequest getSubjectPublicKeyInfo.

Prototype

public SubjectPublicKeyInfo getSubjectPublicKeyInfo()

Source Link

Document

Return the SubjectPublicKeyInfo describing the public key this request is carrying.

Usage

From source file:org.xipki.commons.security.SecurityFactoryImpl.java

License:Open Source License

@Override
public boolean verifyPopo(final PKCS10CertificationRequest csr, final AlgorithmValidator algoValidator) {
    if (algoValidator != null) {
        AlgorithmIdentifier algId = csr.getSignatureAlgorithm();
        if (!algoValidator.isAlgorithmPermitted(algId)) {
            String algoName;/*from w w w.  j  a v a  2s  .com*/
            try {
                algoName = AlgorithmUtil.getSignatureAlgoName(algId);
            } catch (NoSuchAlgorithmException ex) {
                algoName = algId.getAlgorithm().getId();
            }

            LOG.error("POPO signature algorithm {} not permitted", algoName);
            return false;
        }
    }

    try {
        SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo();
        PublicKey pk = KeyUtil.generatePublicKey(pkInfo);
        ContentVerifierProvider cvp = getContentVerifierProvider(pk);
        return csr.isSignatureValid(cvp);
    } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) {
        LogUtil.error(LOG, ex, "could not validate POPO of CSR");
        return false;
    }
}

From source file:org.xipki.pki.scep.serveremulator.CaEmulator.java

License:Open Source License

private boolean verifyPopo(final CertificationRequest csr) {
    ParamUtil.requireNonNull("csr", csr);
    try {//from  w w  w .  jav a2  s  .  co  m
        PKCS10CertificationRequest p10Req = new PKCS10CertificationRequest(csr);
        SubjectPublicKeyInfo pkInfo = p10Req.getSubjectPublicKeyInfo();
        PublicKey pk = KeyUtil.generatePublicKey(pkInfo);

        ContentVerifierProvider cvp = getContentVerifierProvider(pk);
        return p10Req.isSignatureValid(cvp);
    } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) {
        LogUtil.error(LOG, ex, "could not validate POPO of CSR");
        return false;
    }
}

From source file:org.xipki.security.SignerUtil.java

License:Open Source License

public static boolean verifyPOP(final PKCS10CertificationRequest p10Request) {
    try {// www  .  j a  v a  2  s . c  o  m
        SubjectPublicKeyInfo pkInfo = p10Request.getSubjectPublicKeyInfo();
        PublicKey pk = KeyUtil.generatePublicKey(pkInfo);

        ContentVerifierProvider cvp = KeyUtil.getContentVerifierProvider(pk);
        return p10Request.isSignatureValid(cvp);
    } catch (OperatorCreationException | InvalidKeyException | PKCSException | NoSuchAlgorithmException
            | InvalidKeySpecException e) {
        return false;
    }
}

From source file:Utils.CSRbuilder.java

public static X509Certificate createCertOfCSR(PKCS10CertificationRequest csr, KeyPair caKeys,
        X509Certificate caCert) {
    X509Certificate cert = null;//from  ww w  . ja v a  2  s. c o  m
    try {
        BigInteger bigInt = new BigInteger(String.valueOf(System.currentTimeMillis()));
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
        AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
        AsymmetricKeyParameter parameterCa = PrivateKeyFactory.createKey(caKeys.getPrivate().getEncoded());
        SubjectPublicKeyInfo keyInfo = csr.getSubjectPublicKeyInfo();
        Calendar cal = Calendar.getInstance();
        Date notbefore = cal.getTime();
        cal.add(Calendar.YEAR, 2); // Define the validity of 2 years
        Date notafter = cal.getTime();
        X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(
                new X500Name(caCert.getSubjectDN().getName()), bigInt, notbefore, notafter, csr.getSubject(),
                keyInfo);
        ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(parameterCa);
        myCertificateGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        myCertificateGenerator.addExtension(X509Extension.authorityKeyIdentifier, false,
                new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(caCert));
        SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils()
                .createSubjectKeyIdentifier(keyInfo);
        myCertificateGenerator.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
        KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation
                | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.digitalSignature);
        myCertificateGenerator.addExtension(X509Extension.keyUsage, true, keyUsage);
        X509CertificateHolder holder = myCertificateGenerator.build(sigGen);
        cert = (X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509", "BC")
                .generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
    } catch (Exception ex) {
        System.err.println("Probeleme de creartion de certificat pour le client a partir du csr: " + ex);
    }
    return cert;

}