List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest toASN1Structure
public CertificationRequest toASN1Structure()
From source file:com.adaptris.security.certificate.CertRequestHandler.java
License:Apache License
/** * Create a certificate Request./*from www. j a v a 2 s. c o m*/ */ private static CertificationRequest createCertRequest(Certificate c, PrivateKey key) throws Exception { X509Certificate x509 = (X509Certificate) c; x509.getSigAlgName(); X500Name entityName = new X500Name(x509.getSubjectDN().getName()); KeyPair entityPair = KeyPairGenerator.getInstance("RSA").genKeyPair(); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(x509.getPublicKey().getEncoded()); // Generate the certificate signing request PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(entityName, publicKeyInfo); // // SCEP servers usually require a challenge password // csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(new String( // "password".toCharArray()))); JcaContentSignerBuilder builder = new JcaContentSignerBuilder(x509.getSigAlgName()); PKCS10CertificationRequest csr = csrBuilder.build(builder.build(entityPair.getPrivate())); // CertificateRequest certRequest = new CertificateRequest( // x509.getPublicKey(), (Name) x509.getSubjectDN()); // // certRequest.sign(x509.getSignatureAlgorithm(), key); return csr.toASN1Structure(); }
From source file:eu.betaas.taas.securitymanager.certificate.service.impl.GWStarCertificateExtService.java
License:Apache License
public ArrayOfCertificate issueGwCertificate(byte[] gwCertReq) { log.info("Start creating a certificate for new joining GW..."); // decode the gwCertReq back to PKCS10CertificationRequest PKCS10CertificationRequest certReq = null; try {//w ww. j a v a 2 s . c o m certReq = new PKCS10CertificationRequest(gwCertReq); } catch (IOException e) { log.error("Error decoding the PKCS10CertificationRequest: " + e.getMessage()); e.printStackTrace(); } // retrieve the public key of the requesting GW SubjectPublicKeyInfo subPubKeyInfo = certReq.getSubjectPublicKeyInfo(); ECPublicKeyParameters ecKeyParams = null; try { ecKeyParams = (ECPublicKeyParameters) PublicKeyFactory.createKey(subPubKeyInfo); } catch (IOException e) { log.error("Error creating ECPublicKeyParameters from SubjectPublicKeyInfo: " + e.getMessage()); e.printStackTrace(); } String ufn = null; // parsing the UFN from the PKCS10CertificationRequest object ASN1Encodable[] ext = certReq.toASN1Structure().getCertificationRequestInfo().getAttributes().toArray(); for (int i = 0; i < ext.length; i++) { Enumeration en1 = ((DERSequence) ext[i]).getObjects(); while (en1.hasMoreElements()) { Object den1 = en1.nextElement(); if (den1 instanceof DERSet) { Enumeration en2 = ((DERSet) den1).getObjects(); while (en2.hasMoreElements()) { Object den2 = en2.nextElement(); if (den2 instanceof DERSequence) { Enumeration en3 = ((DERSequence) den2).getObjects(); while (en3.hasMoreElements()) { Object den3 = en3.nextElement(); if (den3 instanceof DERSequence) { Enumeration en4 = ((DERSequence) den3).getObjects(); while (en4.hasMoreElements()) { Object den4 = en4.nextElement(); if (den4 instanceof DEROctetString) { byte[] octets = ((DEROctetString) den4).getOctets(); byte[] ocs = new byte[octets.length - 4]; for (int j = 0; j < ocs.length; j++) { ocs[j] = octets[j + 4]; } InputStream is = new ByteArrayInputStream(ocs); ufn = getStringFromInputStream(is); } } } } } } } } } ArrayOfCertificate certs = null; try { certs = GWCertificateUtilsBc.createGwCredentials(certReq.getSubject(), "intermediate", "end", ecKeyParams, ufn, certPath); } catch (Exception e) { log.error("Error generating Certificate for GW: " + e.getMessage()); e.printStackTrace(); } log.info("Certificate for new joining GW has been created..."); return certs; }
From source file:net.sf.keystore_explorer.crypto.csr.pkcs10.Pkcs10Util.java
License:Open Source License
/** * DER encode a CSR and PEM the encoding. * * @return The PEM'd encoding// w ww . j ava 2 s . c o m * @param csr * The CSR * @throws CryptoException * If a problem occurs getting the PEM encoded CSR */ public static String getCsrEncodedDerPem(PKCS10CertificationRequest csr) throws CryptoException { try { // Base 64 encoding of CSR ByteArrayOutputStream baos = new ByteArrayOutputStream(); DEROutputStream deros = new DEROutputStream(baos); deros.writeObject(csr.toASN1Structure().toASN1Primitive()); String tmp = new String(Base64.encode(baos.toByteArray())); // Header String csrStr = BEGIN_CSR_FORM_1 + "\n"; // Limit line lengths between header and footer for (int i = 0; i < tmp.length(); i += MAX_PRINTABLE_ENC_LINE_LENGTH) { int lineLength; if ((i + MAX_PRINTABLE_ENC_LINE_LENGTH) > tmp.length()) { lineLength = (tmp.length() - i); } else { lineLength = MAX_PRINTABLE_ENC_LINE_LENGTH; } csrStr += tmp.substring(i, (i + lineLength)) + "\n"; } // Footer csrStr += END_CSR_FORM_1 + "\n"; return csrStr; } catch (IOException ex) { throw new CryptoException(res.getString("NoPemPkcs10Csr.exception.message"), ex); } }
From source file:org.cesecore.certificates.certificate.CertificateCreateSessionTest.java
License:Open Source License
@Test public void testPKCS10Request() throws Exception { String fp1 = null;//from www . j a v a 2 s. c o m try { final String dn = "C=SE,O=PrimeKey,CN=pkcs10requesttest"; final EndEntityInformation user = new EndEntityInformation("pkcs10requesttest", dn, testx509ca.getCAId(), null, "foo@anatom.se", new EndEntityType(EndEntityTypes.ENDUSER), 0, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, EndEntityConstants.TOKEN_USERGEN, 0, null); user.setStatus(EndEntityConstants.STATUS_NEW); final KeyPair keyPair = KeyTools.genKeys("512", "RSA"); final X500Name x509dn = new X500Name(dn); PKCS10CertificationRequest basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", x509dn, keyPair.getPublic(), null, keyPair.getPrivate(), null); ContentVerifierProvider cvp = CertTools.genContentVerifierProvider(keyPair.getPublic()); assertTrue("Request must verify (POP)", basicpkcs10.isSignatureValid(cvp)); PKCS10RequestMessage req = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); assertTrue("Request must verify (POP)", req.verify()); X509ResponseMessage resp = (X509ResponseMessage) certificateCreateSession.createCertificate( roleMgmgToken, user, req, X509ResponseMessage.class, signSession.fetchCertGenParams()); assertNotNull("Creating a cert should have worked", resp); X509Certificate cert = (X509Certificate) resp.getCertificate(); fp1 = CertTools.getFingerprintAsString(cert); // Create a request with invalid PoP final KeyPair keyPair2 = KeyTools.genKeys("512", "RSA"); PKCS10CertificationRequest invalidpoppkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", x509dn, keyPair.getPublic(), null, keyPair2.getPrivate(), null); req = new PKCS10RequestMessage(invalidpoppkcs10.toASN1Structure().getEncoded()); try { resp = (X509ResponseMessage) certificateCreateSession.createCertificate(roleMgmgToken, user, req, X509ResponseMessage.class, signSession.fetchCertGenParams()); fail("Creating a cert from a request with invalid PoP (proof of possession) should not work"); } catch (SignRequestSignatureException e) { // NOPMD: this is what we want } // Try with a PKCS#10 request with a asn.1 corrupt public key entry req = new PKCS10RequestMessage(invalidp10); try { resp = (X509ResponseMessage) certificateCreateSession.createCertificate(roleMgmgToken, user, req, X509ResponseMessage.class, signSession.fetchCertGenParams()); fail("Creating a cert from a request with invalid PoP (proof of possession) should not work"); } catch (IllegalKeyException e) { // NOPMD: this is what we want } catch (SignRequestSignatureException e) { } // NOPMD: or this depending on BC version etc } finally { internalCertStoreSession.removeCertificate(fp1); } }
From source file:org.cesecore.certificates.certificate.request.RequestMessageTest.java
License:Open Source License
@Test public void test01Pkcs10RequestMessage() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException { PKCS10CertificationRequest basicpkcs10 = createP10("CN=Test,OU=foo"); PKCS10RequestMessage msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); String username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,OU=foo", msg.getRequestDN()); assertEquals("dNSName=foo1.bar.com", msg.getRequestAltNames()); // Same message by try decoding byte array msg = new PKCS10RequestMessage(basicpkcs10.getEncoded()); username = msg.getUsername();/*from www . j a v a 2 s . c o m*/ assertEquals("Test", username); assertEquals("CN=Test,OU=foo", msg.getRequestDN()); assertEquals("foo123", msg.getPassword()); // Check public key PublicKey pk = msg.getRequestPublicKey(); KeyTools.testKey(keyPair.getPrivate(), pk, "BC"); PKCS10RequestMessage msgempty = new PKCS10RequestMessage(); assertNull(msgempty.getRequestPublicKey()); // Verify POP assertTrue(msg.verify()); assertTrue(msg.verify(pk)); try { KeyPair otherkeys = KeyTools.genKeys("512", "RSA"); assertFalse(msg.verify(otherkeys.getPublic())); } catch (InvalidAlgorithmParameterException e) { assertTrue("Should not throw", false); } // Try different DNs and DN oids X500Name dn = new X500Name("C=SE, O=Foo, CN=Test Testsson"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("C=SE,O=Foo,CN=Test Testsson", msg.getRequestDN()); assertEquals(null, msg.getRequestAltNames()); assertEquals(null, msg.getPassword()); dn = new X500Name("C=SE, O=Foo, CN=Test Testsson"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA256WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("C=SE,O=Foo,CN=Test Testsson", msg.getRequestDN()); assertEquals(null, msg.getRequestAltNames()); assertEquals(null, msg.getPassword()); // oid for unstructuredName, will be handles specially by EJBCA dn = new X500Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test + 1.2.840.113549.1.9.2=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.2=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test,unstructuredName=AttrValue1 AttrValue2", msg.getRequestDN()); // Completely unknown oid dn = new X500Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test + 1.2.840.113549.1.9.3=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1", msg.getRequestDN()); dn = new X500Name("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); assertEquals("CN=Test+1.2.840.113549.1.9.3=AttrValue1 AttrValue2", msg.getRequestDN()); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1 AttrValue2+CN=Test+O=abc"); basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); dn = new X500Name("1.2.840.113549.1.9.3=AttrValue1\\+\\= AttrValue2+CN=Test+O=abc"); // very strange, but should still be valid basicpkcs10 = CertTools.genPKCS10CertificationRequest("SHA1WithRSA", dn, keyPair.getPublic(), new DERSet(), keyPair.getPrivate(), null); msg = new PKCS10RequestMessage(basicpkcs10.toASN1Structure().getEncoded()); username = msg.getUsername(); assertEquals("Test", username); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithDsaTest.java
License:Open Source License
/** * tests bouncy PKCS10/*ww w . ja v a 2s . co m*/ * * @throws Exception * if en error occurs... */ @Test public void testBCPKCS10DSAWithDSACA() throws Exception { log.trace(">test26TestBCPKCS10DSAWithDSACA()"); endEntityManagementSession.setUserStatus(internalAdmin, DSA_USERNAME, EndEntityConstants.STATUS_NEW); log.debug("Reset status of 'foodsa' to NEW"); KeyPair dsakeys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_DSA); // Create certificate request PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("SHA1WithDSA", CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=foodsa"), dsakeys.getPublic(), new DERSet(), dsakeys.getPrivate(), null); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(req.toASN1Structure()); dOut.close(); PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(dsakeys.getPublic()); boolean verify = req2.isSignatureValid(verifier); log.debug("Verify returned " + verify); assertTrue(verify); log.debug("CertificationRequest generated successfully."); byte[] bcp10 = bOut.toByteArray(); PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10); p10.setUsername(DSA_USERNAME); p10.setPassword("foo123"); ResponseMessage resp = signSession.createCertificate(internalAdmin, p10, X509ResponseMessage.class, null); Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); assertNotNull("Failed to create certificate", cert); log.debug("Cert=" + cert.toString()); PublicKey pk = cert.getPublicKey(); if (pk instanceof DSAPublicKey) { DSAPublicKey dsapk = (DSAPublicKey) pk; assertEquals(dsapk.getAlgorithm(), "DSA"); } else { assertTrue("Public key is not DSA", false); } X509Certificate dsacacert = (X509Certificate) caSession.getCAInfo(internalAdmin, TEST_DSA_CA_NAME) .getCertificateChain().toArray()[0]; try { cert.verify(dsacacert.getPublicKey()); } catch (Exception e) { assertTrue("Verify failed: " + e.getMessage(), false); } log.trace("<test26TestBCPKCS10DSAWithDSACA()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithECGOST3410Test.java
License:Open Source License
/** * tests bouncy PKCS10/* www . jav a 2s. c o m*/ */ @Test public void testBCPKCS10ECGOST3410WithECGOST3410CA() throws Exception { assumeTrue(AlgorithmTools.isGost3410Enabled()); log.trace(">test15TestBCPKCS10ECGOST3410WithECGOST3410CA()"); userAdminSession.setUserStatus(internalAdmin, ECGOST3410_USERNAME, EndEntityConstants.STATUS_NEW); log.debug("Reset status of '" + ECGOST3410_USERNAME + "' to NEW"); // Create certificate request PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("GOST3411withECGOST3410", CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=" + ECGOST3410_USERNAME), gostkeys.getPublic(), new DERSet(), gostkeys.getPrivate(), null); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(req.toASN1Structure()); dOut.close(); PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(gostkeys.getPublic()); boolean verify = req2.isSignatureValid(verifier); log.debug("Verify returned " + verify); assertTrue(verify); log.debug("CertificationRequest generated successfully."); byte[] bcp10 = bOut.toByteArray(); PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10); p10.setUsername(ECGOST3410_USERNAME); p10.setPassword("foo123"); ResponseMessage resp = signSession.createCertificate(internalAdmin, p10, X509ResponseMessage.class, null); Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); assertNotNull("Failed to create certificate", cert); log.debug("Cert=" + cert.toString()); PublicKey pk = cert.getPublicKey(); checkECKey(pk); try { X509Certificate ecdsacacert = (X509Certificate) caSession .getCAInfo(internalAdmin, TEST_ECGOST3410_CA_NAME).getCertificateChain().toArray()[0]; cert.verify(ecdsacacert.getPublicKey()); } catch (Exception e) { assertTrue("Verify failed: " + e.getMessage(), false); } log.trace("<test15TestBCPKCS10ECGOST3410WithECGOST3410CA()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithEllipticCurveDsaTest.java
License:Open Source License
/** * tests bouncy PKCS10//w w w . j av a2 s. com * */ @Test public void testBCPKCS10ECDSAWithRSACA() throws Exception { log.trace(">test13TestBCPKCS10ECDSAWithRSACA()"); endEntityManagementSession.setUserStatus(internalAdmin, RSA_USERNAME, EndEntityConstants.STATUS_NEW); log.debug("Reset status of 'foo' to NEW"); // Create certificate request PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("SHA256WithECDSA", CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=foo"), ecdsakeys.getPublic(), new DERSet(), ecdsakeys.getPrivate(), null); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(req.toASN1Structure()); dOut.close(); PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(ecdsakeys.getPublic()); boolean verify = req2.isSignatureValid(verifier); log.debug("Verify returned " + verify); assertTrue(verify); log.debug("CertificationRequest generated successfully."); byte[] bcp10 = bOut.toByteArray(); PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10); p10.setUsername(RSA_USERNAME); p10.setPassword("foo123"); ResponseMessage resp = signSession.createCertificate(internalAdmin, p10, X509ResponseMessage.class, null); Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); assertNotNull("Failed to create certificate", cert); log.debug("Cert=" + cert.toString()); PublicKey pk = cert.getPublicKey(); checkECKey(pk); try { X509Certificate rsacacert = (X509Certificate) caSession.getCAInfo(internalAdmin, getTestCAName()) .getCertificateChain().toArray()[0]; cert.verify(rsacacert.getPublicKey()); } catch (Exception e) { assertTrue("Verify failed: " + e.getMessage(), false); } log.trace("<test13TestBCPKCS10ECDSAWithRSACA()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithEllipticCurveDsaTest.java
License:Open Source License
/** * tests bouncy PKCS10//from w ww . j a v a2s . c om */ @Test public void testBCPKCS10ECDSAWithECDSACA() throws Exception { log.trace(">test15TestBCPKCS10ECDSAWithECDSACA()"); endEntityManagementSession.setUserStatus(internalAdmin, ECDSA_USERNAME, EndEntityConstants.STATUS_NEW); log.debug("Reset status of 'foo' to NEW"); // Create certificate request PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("SHA256WithECDSA", CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=" + ECDSA_USERNAME), ecdsakeys.getPublic(), new DERSet(), ecdsakeys.getPrivate(), null); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(req.toASN1Structure()); dOut.close(); PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(ecdsakeys.getPublic()); boolean verify = req2.isSignatureValid(verifier); log.debug("Verify returned " + verify); assertTrue(verify); log.debug("CertificationRequest generated successfully."); byte[] bcp10 = bOut.toByteArray(); PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10); p10.setUsername(ECDSA_USERNAME); p10.setPassword("foo123"); ResponseMessage resp = signSession.createCertificate(internalAdmin, p10, X509ResponseMessage.class, null); Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); assertNotNull("Failed to create certificate", cert); log.debug("Cert=" + cert.toString()); PublicKey pk = cert.getPublicKey(); checkECKey(pk); try { X509Certificate ecdsacacert = (X509Certificate) caSession.getCAInfo(internalAdmin, TEST_ECDSA_CA_NAME) .getCertificateChain().toArray()[0]; cert.verify(ecdsacacert.getPublicKey()); } catch (Exception e) { assertTrue("Verify failed: " + e.getMessage(), false); } log.trace("<test15TestBCPKCS10ECDSAWithECDSACA()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithEllipticCurveDsaTest.java
License:Open Source License
@Test public void testBCPKCS10ECDSAWithECDSAImplicitlyCACA() throws Exception { log.trace(">test17TestBCPKCS10ECDSAWithECDSAImplicitlyCACA()"); final String ecDsaImplicitCaUserName = "fooecdsaimpca"; CAInfo infoecdsaimplicitlyca = caSession.getCAInfo(internalAdmin, TEST_ECDSA_IMPLICIT_CA_NAME); int ecdsaimplicitlycacaid = infoecdsaimplicitlyca.getCAId(); createEndEntity(ecDsaImplicitCaUserName, SecConst.EMPTY_ENDENTITYPROFILE, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, ecdsaimplicitlycacaid); try {/*from w ww . ja v a 2 s. c o m*/ endEntityManagementSession.setUserStatus(internalAdmin, ecDsaImplicitCaUserName, EndEntityConstants.STATUS_NEW); log.debug("Reset status of 'foo' to NEW"); // Create certificate request PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("SHA256WithECDSA", CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=" + ecDsaImplicitCaUserName), ecdsakeys.getPublic(), new DERSet(), ecdsakeys.getPrivate(), null); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(req.toASN1Structure()); dOut.close(); PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(ecdsakeys.getPublic()); boolean verify = req2.isSignatureValid(verifier); log.debug("Verify returned " + verify); assertTrue(verify); log.debug("CertificationRequest generated successfully."); byte[] bcp10 = bOut.toByteArray(); PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10); p10.setUsername(ecDsaImplicitCaUserName); p10.setPassword("foo123"); ResponseMessage resp = signSession.createCertificate(internalAdmin, p10, X509ResponseMessage.class, null); Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage()); assertNotNull("Failed to create certificate", cert); log.debug("Cert=" + cert.toString()); X509Certificate ecdsaimplicitlycacacert = (X509Certificate) caSession .getCAInfo(internalAdmin, TEST_ECDSA_IMPLICIT_CA_NAME).getCertificateChain().toArray()[0]; try { cert.verify(ecdsaimplicitlycacacert.getPublicKey()); } catch (Exception e) { assertTrue("Verify failed: " + e.getMessage(), false); } } finally { endEntityManagementSession.deleteUser(internalAdmin, ecDsaImplicitCaUserName); } log.trace("<test17TestBCPKCS10ECDSAWithECDSAImplicitlyCACA()"); }