Example usage for org.bouncycastle.pkcs PKCS10CertificationRequest toASN1Structure

List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest toASN1Structure

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.pkcs.*
  5. PKCS10CertificationRequest
  6. toASN1Structure

Introduction

In this page you can find the example usage for org.bouncycastle.pkcs PKCS10CertificationRequest toASN1Structure.

Prototype

public CertificationRequest toASN1Structure()

Source Link

Document

Return the underlying ASN.1 structure for this request.

Usage

From source file:org.ejbca.ui.web.pub.CertRequestHttpTest.java

License:Open Source License

/** type 1 = ie (pkcs10)
 *  type 2 = csr (pkcs10req)/*from  w  ww.j a  v  a  2s .co  m*/
 */
private String sendCsrRequest(int type) throws NoSuchAlgorithmException, NoSuchProviderException,
        InvalidAlgorithmParameterException, IOException, InvalidKeyException, SignatureException,
        OperatorCreationException, MalformedURLException, ProtocolException, UnsupportedEncodingException {
    // Create a PKCS10 request
    KeyPair rsakeys = KeyTools.genKeys("512", "RSA");
    PKCS10CertificationRequest req = CertTools.genPKCS10CertificationRequest("SHA1WithRSA",
            CertTools.stringToBcX500Name("C=SE, O=AnaTom, CN=foo"), rsakeys.getPublic(), new DERSet(),
            rsakeys.getPrivate(), null);
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream dOut = new DEROutputStream(bOut);
    dOut.writeObject(req.toASN1Structure());
    dOut.close();
    final StringBuilder request = new StringBuilder();
    if (type == 2) {
        request.append("-----BEGIN CERTIFICATE REQUEST-----\n");
    }
    request.append(new String(Base64.encode(bOut.toByteArray())));
    if (type == 2) {
        request.append("\n-----END CERTIFICATE REQUEST-----\n");
    }
    String p10 = request.toString();
    // System.out.println(p10);

    // POST the OCSP request
    URL url = new URL(httpReqPath + '/' + resourceReq);
    HttpURLConnection con = (HttpURLConnection) url.openConnection();
    // we are going to do a POST
    con.setDoOutput(true);
    con.setRequestMethod("POST");

    // POST it
    con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    OutputStream os = con.getOutputStream();
    final StringBuilder buf = new StringBuilder("user=" + TEST_USERNAME + "&password=foo123&");
    switch (type) {
    case 1:
        buf.append("pkcs10=");
        break;
    case 2:
        buf.append("resulttype=1&pkcs10req=");
        break;
    default:
        break;
    }
    buf.append(URLEncoder.encode(p10, "UTF-8"));
    os.write(buf.toString().getBytes("UTF-8"));
    os.close();
    assertEquals("Response code", 200, con.getResponseCode());

    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    // This works for small requests, and PKCS7 responses are small
    InputStream in = con.getInputStream();
    int b = in.read();
    while (b != -1) {
        baos.write(b);
        b = in.read();
    }
    baos.flush();
    in.close();
    byte[] respBytes = baos.toByteArray();
    assertTrue(respBytes.length > 0);

    String resp = new String(respBytes);
    return resp;
}

From source file:org.ejbca.util.NonEjbTestTools.java

License:Open Source License

public static byte[] generatePKCS10Req(String dn, String password)
        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException,
        InvalidAlgorithmParameterException, IOException, OperatorCreationException {
    // Generate keys
    KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);

    // Create challenge password attribute for PKCS10
    // Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
    ////from w  w w  .j  a  v a  2 s  .  co m
    // Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
    //    type    ATTRIBUTE.&id({IOSet}),
    //    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
    // }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
    ASN1EncodableVector values = new ASN1EncodableVector();
    values.add(new DERUTF8String(password));
    vec.add(new DERSet(values));
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new DERSequence(vec));
    DERSet set = new DERSet(v);
    // Create PKCS#10 certificate request
    PKCS10CertificationRequest p10request = CertTools.genPKCS10CertificationRequest("SHA1WithRSA",
            CertTools.stringToBcX500Name(dn), keys.getPublic(), set, keys.getPrivate(), null);
    return p10request.toASN1Structure().getEncoded();
}

From source file:org.xipki.pki.scep.client.test.AbstractCaTest.java

License:Open Source License

@Test
public void test() throws Exception {
    CaIdentifier caId = new CaIdentifier("http://localhost:8080/scep/pkiclient.exe", null);
    CaCertValidator caCertValidator = new PreprovisionedCaCertValidator(
            X509Util.toX509Cert(scepServer.getCaCert()));
    ScepClient client = new ScepClient(caId, caCertValidator);
    client.setUseInsecureAlgorithms(useInsecureAlgorithms());

    client.refresh();/*from   w ww  .  ja  va2s . c  om*/

    CaCaps expCaCaps = getExpectedCaCaps();

    // CACaps
    CaCaps caCaps = client.getCaCaps();
    Assert.assertEquals("CACaps", expCaCaps, caCaps);

    // CA certificate
    Certificate expCaCert = scepServer.getCaCert();
    X509Certificate caCert = client.getAuthorityCertStore().getCaCert();
    if (!equals(expCaCert, caCert)) {
        Assert.fail("Configured and received CA certificate not the same");
    }

    boolean withRa = isWithRa();
    // RA
    if (withRa) {
        Certificate expRaCert = scepServer.getRaCert();
        X509Certificate raSigCert = client.getAuthorityCertStore().getSignatureCert();
        X509Certificate raEncCert = client.getAuthorityCertStore().getEncryptionCert();
        Assert.assertEquals("RA certificate", raSigCert, raEncCert);

        if (!equals(expRaCert, raSigCert)) {
            Assert.fail("Configured and received RA certificate not the same");
        }
    }

    // getNextCA
    if (isWithNextCa()) {
        AuthorityCertStore nextCa = client.scepNextCaCert();

        Certificate expNextCaCert = scepServer.getNextCaCert();
        X509Certificate nextCaCert = nextCa.getCaCert();
        if (!equals(expNextCaCert, nextCaCert)) {
            Assert.fail("Configured and received next CA certificate not the same");
        }

        if (withRa) {
            Certificate expNextRaCert = scepServer.getNextRaCert();
            X509Certificate nextRaSigCert = nextCa.getSignatureCert();
            X509Certificate nextRaEncCert = nextCa.getEncryptionCert();
            Assert.assertEquals("Next RA certificate", nextRaSigCert, nextRaEncCert);

            if (!equals(expNextRaCert, nextRaSigCert)) {
                Assert.fail("Configured and received next RA certificate not the same");
            }
        }
    }

    // enrol
    CertificationRequest csr;

    X509Certificate selfSignedCert;
    X509Certificate enroledCert;
    X500Name issuerName = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded());
    PrivateKey privKey;
    {
        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA");
        kpGen.initialize(2048);
        KeyPair keypair = kpGen.generateKeyPair();
        privKey = keypair.getPrivate();
        SubjectPublicKeyInfo subjectPublicKeyInfo = ScepUtil.createSubjectPublicKeyInfo(keypair.getPublic());
        X500Name subject = new X500Name("CN=EE1, OU=emulator, O=xipki.org, C=DE");

        // first try without secret
        PKCS10CertificationRequest p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject,
                null, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        EnrolmentResponse enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
        PkiStatus status = enrolResp.getPkcsRep().getPkiStatus();
        Assert.assertEquals("PkiStatus without secret", PkiStatus.FAILURE, status);

        // first try invalid secret
        p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, "invalid-" + secret, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
        status = enrolResp.getPkcsRep().getPkiStatus();
        Assert.assertEquals("PkiStatus with invalid secret", PkiStatus.FAILURE, status);

        p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, secret, null);
        csr = p10Req.toASN1Structure();

        selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
        enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);

        List<X509Certificate> certs = enrolResp.getCertificates();
        Assert.assertTrue("number of received certificates", certs.size() > 0);
        X509Certificate cert = certs.get(0);
        Assert.assertNotNull("enroled certificate", cert);
        enroledCert = cert;
    }

    // certPoll
    EnrolmentResponse enrolResp = client.scepCertPoll(privKey, selfSignedCert, csr, issuerName);

    List<X509Certificate> certs = enrolResp.getCertificates();
    Assert.assertTrue("number of received certificates", certs.size() > 0);
    X509Certificate cert = certs.get(0);
    Assert.assertNotNull("enrolled certificate", cert);

    // getCert
    certs = client.scepGetCert(privKey, selfSignedCert, issuerName, enroledCert.getSerialNumber());
    Assert.assertTrue("number of received certificates", certs.size() > 0);
    cert = certs.get(0);
    Assert.assertNotNull("received certificate", cert);

    // getCRL
    X509CRL crl = client.scepGetCrl(privKey, enroledCert, issuerName, enroledCert.getSerialNumber());
    Assert.assertNotNull("received CRL", crl);

    // getNextCA
    AuthorityCertStore nextCa = client.scepNextCaCert();
    Assert.assertNotNull("nextCa", nextCa);
}