List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest PKCS10CertificationRequest
public PKCS10CertificationRequest(byte[] encoded) throws IOException
From source file:org.signserver.server.log.SystemLoggingTest.java
License:Open Source License
/** * Tests that importing a certificate chain to a token is audit logged * including the complete chain./*from w ww. ja v a 2s . c om*/ * @throws Exception */ @Test public void test01LogCertChainInstalledToToken() throws Exception { LOG.info(">test01LogCertChainInstalledToToken"); final String tokenName = "TestCryptoTokenP12_001"; final String alias = "testkeyalias10"; try { setupCryptoToken(WORKERID_CRYPTOWORKER1, tokenName, "foo123"); workerSession.generateSignerKey(WORKERID_CRYPTOWORKER1, "RSA", "512", alias, null); PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=testkeyalias10,C=SE", null); ICertReqData req = workerSession.getCertificateRequest(WORKERID_CRYPTOWORKER1, certReqInfo, false); Base64SignerCertReqData reqData = (Base64SignerCertReqData) req; PKCS10CertificationRequest csr = new PKCS10CertificationRequest( Base64.decode(reqData.getBase64CertReq())); int linesBefore = readEntriesCount(auditLogFile); // Test with uploadSignerCertificateChain method (global scope) KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509Certificate issuerCert = new JcaX509CertificateConverter().getCertificate( new CertBuilder().setSelfSignKeyPair(issuerKeyPair).setSubject("CN=Issuer, C=SE").build()); final X509Certificate cert = new JcaX509CertificateConverter() .getCertificate(new X509v3CertificateBuilder(new X500Name("CN=Issuer, C=SE"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate()))); workerSession.importCertificateChain(WORKERID_CRYPTOWORKER1, Arrays.asList(cert.getEncoded(), issuerCert.getEncoded()), alias, null); List<String> lines = readEntries(auditLogFile, linesBefore, 2); LOG.info(lines); String line = getTheLineContaining(lines, "EVENT: CERTCHAININSTALLED"); assertNotNull("Contains event", line); assertTrue("Contains module", line.contains("MODULE: KEY_MANAGEMENT")); assertTrue("Contains worker id", line.contains("WORKER_ID: " + WORKERID_CRYPTOWORKER1)); assertTrue("Contains crypto token", line.contains("CRYPTOTOKEN: " + tokenName)); assertTrue("Contains key alias", line.contains("KEYALIAS: " + alias)); assertTrue("Contains certificate", line.contains(new String(org.cesecore.util.CertTools .getPemFromCertificateChain(Arrays.<Certificate>asList(cert, issuerCert))) .replace("\r\n", "\n"))); } finally { removeWorker(WORKERID_CRYPTOWORKER1); if (keystoreFile != null) { FileUtils.deleteQuietly(keystoreFile); } } }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
License:Open Source License
/** * This method is used to retrieve signed certificate from certificate signing request. * * @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request * security token. * @return Return signed certificate in X508Certificate type object. * @throws KeystoreException//from w w w . j a v a2 s . c o m */ public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); PKCS10CertificationRequest certificationRequest; KeyStoreReader keyStoreReader = new KeyStoreReader(); PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); try { certificationRequest = new PKCS10CertificationRequest(byteArrayBst); } catch (IOException e) { throw new KeystoreException("CSR cannot be recovered.", e); } return generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorNegativeTests.java
License:Open Source License
@Test(description = "This test case tests behaviour when a certificate IO error occurs", expectedExceptions = KeystoreException.class) public void negativeTestGenerateCertificateFromCSR() throws Exception { CertificateGenerator generator = new CertificateGenerator(); //Prepare mock objects X509v3CertificateBuilder mock = Mockito.mock(X509v3CertificateBuilder.class); Mockito.when(mock.addExtension(Matchers.any(ASN1ObjectIdentifier.class), Matchers.anyBoolean(), Matchers.any(ASN1Encodable.class))).thenThrow(new CertIOException("CERTIO")); PowerMockito.whenNew(X509v3CertificateBuilder.class).withAnyArguments().thenReturn(mock); //prepare input parameters CSRGenerator csrGeneration = new CSRGenerator(); KeyStoreReader keyStoreReader = new KeyStoreReader(); KeyPair keyPair = csrGeneration.generateKeyPair("RSA", 1024); byte[] csrData = csrGeneration.generateCSR("SHA256WithRSA", keyPair); PKCS10CertificationRequest certificationRequest; PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); certificationRequest = new PKCS10CertificationRequest(csrData); generator.generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorNegativeTests.java
License:Open Source License
@Test(description = "This test case tests behaviour when Certificate Operator creation error occurs", expectedExceptions = KeystoreException.class) public void negativeTestGenerateCertificateFromCSR2() throws Exception { CertificateGenerator generator = new CertificateGenerator(); //Prepare mock objects JcaContentSignerBuilder mock = Mockito.mock(JcaContentSignerBuilder.class); Mockito.when(mock.setProvider(Matchers.eq(CertificateManagementConstants.PROVIDER))).thenReturn(mock); Mockito.when(mock.build(Matchers.any(PrivateKey.class))) .thenThrow(new OperatorCreationException("OPERATOR")); PowerMockito.whenNew(JcaContentSignerBuilder.class).withAnyArguments().thenReturn(mock); //prepare input parameters CSRGenerator csrGeneration = new CSRGenerator(); KeyStoreReader keyStoreReader = new KeyStoreReader(); KeyPair keyPair = csrGeneration.generateKeyPair("RSA", 1024); byte[] csrData = csrGeneration.generateCSR("SHA256WithRSA", keyPair); PKCS10CertificationRequest certificationRequest; PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); certificationRequest = new PKCS10CertificationRequest(csrData); generator.generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorNegativeTests.java
License:Open Source License
@Test(description = "This test case tests the behaviour when certificate exception occurs when verifying", expectedExceptions = KeystoreException.class) public void negativeTestGenerateCertificateFromCSR3() throws Exception { CertificateGenerator generator = new CertificateGenerator(); //Prepare mock objects JcaX509CertificateConverter mock = Mockito.mock(JcaX509CertificateConverter.class); Mockito.when(mock.setProvider(Matchers.eq(CertificateManagementConstants.PROVIDER))).thenReturn(mock); Mockito.when(mock.getCertificate(Matchers.any(X509CertificateHolder.class))) .thenThrow(new CertificateException()); PowerMockito.whenNew(JcaX509CertificateConverter.class).withAnyArguments().thenReturn(mock); //prepare input parameters CSRGenerator csrGeneration = new CSRGenerator(); KeyStoreReader keyStoreReader = new KeyStoreReader(); KeyPair keyPair = csrGeneration.generateKeyPair("RSA", 1024); byte[] csrData = csrGeneration.generateCSR("SHA256WithRSA", keyPair); PKCS10CertificationRequest certificationRequest; PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); certificationRequest = new PKCS10CertificationRequest(csrData); generator.generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateManagementServiceImplTests.java
License:Open Source License
@Test(description = "This test case tests generation of a X509Certificate from a CSR") public void testGenerateCertificateFromCSR() throws KeystoreException, IOException { CSRGenerator csrGeneration = new CSRGenerator(); KeyStoreReader keyStoreReader = new KeyStoreReader(); // Generate key pair KeyPair keyPair = csrGeneration.generateKeyPair("RSA", 1024); byte[] csrData = csrGeneration.generateCSR("SHA256WithRSA", keyPair); PKCS10CertificationRequest certificationRequest; PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); certificationRequest = new PKCS10CertificationRequest(csrData); X509Certificate x509Certificate = managementService.generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); Assert.assertNotNull(x509Certificate); Assert.assertEquals(x509Certificate.getType(), CertificateManagementConstants.X_509); log.info("GenerateCertificateFromCSR Test Successful"); }
From source file:org.wso2.carbon.identity.certificateauthority.dao.CsrDAO.java
License:Open Source License
/** * constructs and returns a Csr array from a resultSet * * @param resultSet result set/* w w w . java 2 s . c o m*/ * @return array of CsrFiles */ private Csr[] getCsrArray(ResultSet resultSet) throws CaException, SQLException, IOException { ArrayList<Csr> csrList = new ArrayList<Csr>(); int count = 0; while (resultSet.next()) { String serialNo = resultSet.getString(Constants.SERIAL_NO_LABEL); String status = resultSet.getString(Constants.CSR_STATUS_LABEL); String commonName = resultSet.getString(Constants.CSR_COMMON_NAME_LABEL); String organization = resultSet.getString(Constants.CSR_ORGANIZATION_LABEL); Csr csrFile; String country = null; String department = null; String city = null; String state = null; Blob csrBlob = resultSet.getBlob(Constants.CSR_CONTENT_LABEL); Date requestedDate = resultSet.getTimestamp(Constants.CSR_REQUESTED_DATE); String username = resultSet.getString(Constants.CSR_REQUESTER_USERNAME_LABEL); int tenantID = resultSet.getInt(Constants.TENANT_ID_LABEL); String userStoreDomain = resultSet.getString(Constants.USER_STORE_DOMAIN_LABEL); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( csrBlob.getBytes(1, (int) csrBlob.length())); HashMap decodedContent = CsrUtils.getSubjectInfo(csr); if (decodedContent.containsKey("C")) { country = decodedContent.get("C").toString(); } if (decodedContent.containsKey("L")) { city = decodedContent.get("L").toString(); } if (decodedContent.containsKey("OU")) { department = decodedContent.get("OU").toString(); } if (decodedContent.containsKey("ST")) { state = decodedContent.get("ST").toString(); } csrFile = new Csr(commonName, department, organization, city, state, country, csr, serialNo, status, username, tenantID, userStoreDomain, requestedDate); csrList.add(csrFile); } Csr[] csrs = new Csr[csrList.size()]; csrs = csrList.toArray(csrs); return csrs; }
From source file:org.wso2.carbon.mdm.mobileservices.windows.services.wstep.impl.CertificateEnrollmentServiceImpl.java
License:Open Source License
/** * This method prepares the wap-provisioning file by including relevant certificates etc * @param binarySecurityToken - CSR from device * @param certPropertyList - property list for signed certificate * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file as a String * @throws CertificateGenerationException * @throws org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WAPProvisioningException *///from ww w. jav a 2 s . c om public String prepareWapProvisioningXML(String binarySecurityToken, List<java.io.Serializable> certPropertyList, String wapProvisioningFilePath, String headerBst) throws CertificateGenerationException, WAPProvisioningException { byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); byte[] byteArrayHeaderBST = DatatypeConverter.parseBase64Binary(headerBst); String decodedBST = new String(byteArrayHeaderBST); PKCS10CertificationRequest certificationRequest; try { certificationRequest = new PKCS10CertificationRequest(byteArrayBst); } catch (IOException e) { String msg = "CSR cannot be recovered."; log.error(msg, e); throw new CertificateGenerationException(msg, e); } JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest); X509Certificate signedCertificate = CertificateSigningService.signCSR(csr, privateKey, rootCACertificate, certPropertyList); Base64 base64Encoder = new Base64(); String rootCertEncodedString; try { rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded()); } catch (CertificateEncodingException e) { String msg = "CA certificate cannot be encoded."; log.error(msg, e); throw new CertificateGenerationException(msg, e); } String signedCertEncodedString; try { signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); } catch (CertificateEncodingException e) { String msg = "Singed certificate cannot be encoded."; log.error(msg, e); throw new CertificateGenerationException(msg, e); } DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder builder; String wapProvisioningString; try { builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(Constants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. caCertificatePosition.getParentNode().getAttributes().getNamedItem(Constants.CertificateEnrolment.TYPE) .setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(Constants.CertificateEnrolment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (log.isDebugEnabled()) { log.debug("Root certificate: " + rootCertEncodedString); } Node signedCertificatePosition = wapParm.item(SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(Constants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(Constants.CertificateEnrolment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (log.isDebugEnabled()) { log.debug("Signed certificate: " + signedCertEncodedString); } // Adding user name auth token to wap-provisioning xml Node userNameAuthPosition = wapParm.item(APPAUTH_USERNAME_POSITION); NamedNodeMap appSrvAttributes = userNameAuthPosition.getAttributes(); Node aAUTHNAMENode = appSrvAttributes.getNamedItem(Constants.CertificateEnrolment.VALUE); CacheEntry cacheentry = (CacheEntry) DeviceUtil.getCacheEntry(decodedBST); String username = cacheentry.getUsername(); aAUTHNAMENode.setTextContent(cacheentry.getUsername()); DeviceUtil.removeToken(decodedBST); String password = DeviceUtil.generateRandomToken(); Node passwordAuthPosition = wapParm.item(APPAUTH_PASSWORD_POSITION); NamedNodeMap appSrvPasswordAttribute = passwordAuthPosition.getAttributes(); Node aAUTHPasswordNode = appSrvPasswordAttribute.getNamedItem(Constants.CertificateEnrolment.VALUE); aAUTHPasswordNode.setTextContent(password); String rstr = new SyncmlCredinitials().generateRST(username, password); DeviceUtil.persistChallengeToken(rstr, "", username); // Adding device polling time////////////////////////////////////////////////// // String pollingFrequency = null; // TenantConfiguration configuration = WindowsAPIUtils.getTenantConfiguration(); // List<ConfigurationEntry>config = configuration.getConfiguration(); // for (int x = 0; x < config.size(); x++) { // ConfigurationEntry configvalue = config.get(x); // if (configvalue.getName().equals("notifierFrequency")) { // pollingFrequency = configvalue.getValue().toString(); // } // } // Node numberOfFirstRetries = wapParm.item(POLLING_FREQUENCY_POSITION); // NamedNodeMap pollingAttributes = numberOfFirstRetries.getAttributes(); // Node pollvalue = pollingAttributes.getNamedItem(Constants.CertificateEnrolment.VALUE); // pollvalue.setTextContent(pollingFrequency); //////////////////////////////////////////////////////////////////////////////// if (log.isDebugEnabled()) { log.debug("Username: " + username + "Password: " + rstr); } wapProvisioningString = convertDocumentToString(document); //Generic exception is caught here as there is no need of taking different actions for //different exceptions. } catch (Exception e) { String msg = "Problem occurred with wap-provisioning.xml file."; log.error(msg, e); throw new WAPProvisioningException(msg, e); } return base64Encoder.encodeAsString(wapProvisioningString.getBytes()); }
From source file:org.wso2.carbon.mdm.mobileservices.windowspc.services.wstep.impl.CertificateEnrollmentServiceImpl.java
License:Open Source License
/** * This method prepares the wap-provisioning file by including relevant certificates etc * * @param binarySecurityToken - CSR from device * @param certPropertyList - property list for signed certificate * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file * @throws CertificateGenerationException * @throws XMLFileOperationException/*from www.j a va 2s .c o m*/ */ public String prepareWapProvisioningXML(String binarySecurityToken, List certPropertyList, String wapProvisioningFilePath) throws CertificateGenerationException, XMLFileOperationException { byte[] DERByteArray = javax.xml.bind.DatatypeConverter.parseBase64Binary(binarySecurityToken); PKCS10CertificationRequest certificationRequest; try { certificationRequest = new PKCS10CertificationRequest(DERByteArray); } catch (IOException e) { throw new CertificateGenerationException("CSR cannot be recovered.", e); } JcaPKCS10CertificationRequest CSRRequest = new JcaPKCS10CertificationRequest(certificationRequest); X509Certificate signedCertificate = CertificateSigningService.signCSR(CSRRequest, privateKey, rootCACertificate, certPropertyList); BASE64Encoder base64Encoder = new BASE64Encoder(); String rootCertEncodedString; try { rootCertEncodedString = base64Encoder.encode(rootCACertificate.getEncoded()); } catch (CertificateEncodingException e) { throw new CertificateGenerationException("CA certificate cannot be encoded.", e); } String signedCertEncodedString; try { signedCertEncodedString = base64Encoder.encode(signedCertificate.getEncoded()); } catch (CertificateEncodingException e) { throw new CertificateGenerationException("Singed certificate cannot be encoded.", e); } DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder builder; String wapProvisioningString; try { builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(Constants.CertificateEnrollment.PARM); Node CACertificatePosition = wapParm.item(CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. CACertificatePosition.getParentNode().getAttributes().getNamedItem(Constants.CertificateEnrollment.TYPE) .setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = CACertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(Constants.CertificateEnrollment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (logger.isDebugEnabled()) { logger.debug("Root certificate:" + rootCertEncodedString); } Node signedCertificatePosition = wapParm.item(SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(Constants.CertificateEnrollment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(Constants.CertificateEnrollment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (logger.isDebugEnabled()) { logger.debug("Signed certificate:" + signedCertEncodedString); } wapProvisioningString = convertDocumentToString(document); //Generic exception is caught here as there is no need of taking different actions for // different exceptions. } catch (Exception e) { throw new XMLFileOperationException("Problem occurred with wap-provisioning.xml file.", e); } String encodedWap = base64Encoder.encode(wapProvisioningString.getBytes()); return encodedWap; }
From source file:org.xipki.commons.security.SecurityFactoryImpl.java
License:Open Source License
@Override public boolean verifyPopo(final CertificationRequest csr, final AlgorithmValidator algoValidator) { return verifyPopo(new PKCS10CertificationRequest(csr), algoValidator); }