List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequestBuilder PKCS10CertificationRequestBuilder
public PKCS10CertificationRequestBuilder(X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
From source file:com.adaptris.security.certificate.CertRequestHandler.java
License:Apache License
/** * Create a certificate Request.//from w ww . j ava 2 s .c o m */ private static CertificationRequest createCertRequest(Certificate c, PrivateKey key) throws Exception { X509Certificate x509 = (X509Certificate) c; x509.getSigAlgName(); X500Name entityName = new X500Name(x509.getSubjectDN().getName()); KeyPair entityPair = KeyPairGenerator.getInstance("RSA").genKeyPair(); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(x509.getPublicKey().getEncoded()); // Generate the certificate signing request PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(entityName, publicKeyInfo); // // SCEP servers usually require a challenge password // csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(new String( // "password".toCharArray()))); JcaContentSignerBuilder builder = new JcaContentSignerBuilder(x509.getSigAlgName()); PKCS10CertificationRequest csr = csrBuilder.build(builder.build(entityPair.getPrivate())); // CertificateRequest certRequest = new CertificateRequest( // x509.getPublicKey(), (Name) x509.getSubjectDN()); // // certRequest.sign(x509.getSignatureAlgorithm(), key); return csr.toASN1Structure(); }
From source file:eu.optimis.ics.BrokerVPNCredentials.PeerCredManager.java
License:Open Source License
public PKCS10CertificationRequest genCertificationRequest(KeyPair peerKP) { X500Name name = new X500Name("CN=" + peerName + ", OU=ARSES, O=ARSES, L=Madrid, C=ES"); SubjectPublicKeyInfo publicKeyInfo = null; PKCS10CertificationRequest certRequest = null; ContentSigner sigGen = null;/*from w w w. j a va2 s.c o m*/ try { publicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) ASN1ObjectIdentifier.fromByteArray(peerKP.getPublic().getEncoded())); } catch (IOException e1) { e1.printStackTrace(); } PKCS10CertificationRequestBuilder pb = new PKCS10CertificationRequestBuilder(name, publicKeyInfo); try { sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(peerKP.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); } certRequest = pb.build(sigGen); return certRequest; }
From source file:KerberosAPI.CSRManager.java
public static PKCS10CertificationRequest generateCSR(String name, KeyPair kp) { Security.addProvider(new BouncyCastleProvider()); PKCS10CertificationRequestBuilder csrBuilder = null; ContentSigner contentSign = null;//from ww w.j ava2 s. c o m try { KeyPair keyPair = kp; X500Name subject = new X500Name("cn=" + name); SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); csrBuilder = new PKCS10CertificationRequestBuilder(subject, keyInfo); contentSign = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(keyPair.getPrivate()); return csrBuilder.build(contentSign); } catch (Exception e) { System.out.println("Echec de gnration du CSR : " + e); } return null; }
From source file:mitm.common.security.ca.handlers.comodo.ApplyCustomClientCertTest.java
License:Open Source License
@Test public void testApply() throws Exception { KeyPair keyPair = generateKeyPair(); X500PrincipalBuilder principalBuilder = new X500PrincipalBuilder(); principalBuilder.setCommonName("Martijn Brinkers"); principalBuilder.setOrganisation("Djigzo"); principalBuilder.setEmail("martijn@djigzo.com"); PKCS10CertificationRequestBuilder requestBuilder = new PKCS10CertificationRequestBuilder( X500PrincipalUtils.toX500Name(principalBuilder.buildPrincipal()), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); PKCS10CertificationRequest pkcs10 = requestBuilder .build(getContentSigner("SHA1WithRSA", keyPair.getPrivate())); String csr = MiscStringUtils.toAsciiString(Base64.encodeBase64(pkcs10.getEncoded())); ComodoConnectionSettings connectionSettings = new ComodoConnectionSettingsImpl(60000, null); ApplyCustomClientCert requestor = new ApplyCustomClientCert(connectionSettings); requestor.setAP("CHANGE"); requestor.setDays(365);/*from w ww . j av a 2s . c o m*/ requestor.setPkcs10(csr); //requestor.setCACertificateID(1); assertFalse(requestor.apply()); assertTrue(requestor.isError()); assertEquals(CustomClientStatusCode.ARGUMENT_IS_INVALID, requestor.getErrorCode()); assertEquals("The value of the 'ap' argument is invalid!", requestor.getErrorMessage()); }
From source file:mitm.common.security.ca.handlers.comodo.ComodoCertificateRequestHandler.java
License:Open Source License
private void handleWaitingForRequest(CertificateRequest request, DataWrapper data) throws HierarchicalPropertiesException, CAException { logger.debug("handling state: " + data.getState()); try {/*ww w . j a v a 2 s . co m*/ ComodoSettings settings = settingsProvider.getSettings(); assertEnabled(settings); KeyPair keyPair = request.getKeyPair(encryptor); if (keyPair == null) { keyPair = generateKeyPair(request.getKeyLength()); } /* * We must store the generated keypair. */ request.setKeyPair(keyPair, encryptor); PKCS10CertificationRequestBuilder requestBuilder = new PKCS10CertificationRequestBuilder( X500PrincipalUtils.toX500Name(request.getSubject()), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); PKCS10CertificationRequest pkcs10 = requestBuilder .build(getContentSigner("SHA1WithRSA", keyPair.getPrivate())); String base64PKCS10 = MiscStringUtils.toAsciiString(Base64.encodeBase64(pkcs10.getEncoded())); ApplyCustomClientCert applier = new ApplyCustomClientCert(connectionSettings); applier.setAP(settings.getAP()); applier.setCACertificateID(settings.getCACertificateID()); applier.setDays(request.getValidity()); applier.setPkcs10(base64PKCS10); boolean success = applier.apply(); if (success) { logger.info("Certificate request for user " + request.getEmail() + " was sent. Order number: " + applier.getOrderNumber()); data.setOrderNumber(applier.getOrderNumber()); data.setState(settings.isAutoAuthorize() ? ComodoRequestState.WAITING_FOR_AUTHORIZATION : ComodoRequestState.WAITING_FOR_RETRIEVAL); request.setInfo("Order number: " + applier.getOrderNumber()); } else { String errorMessage = "Error requesting certificate. Message: " + applier.getErrorMessage(); logger.warn(errorMessage); request.setLastMessage(MiscStringUtils.restrictLength(errorMessage, 1024)); } } catch (OperatorCreationException e) { throw new CAException("Error requesting a certificate", e); } catch (NoSuchAlgorithmException e) { throw new CAException("Error requesting a certificate", e); } catch (NoSuchProviderException e) { throw new CAException("Error requesting a certificate", e); } catch (KeyEncoderException e) { throw new CAException("Error encrypting the key pair", e); } catch (CustomClientCertException e) { throw new CAException("Error requesting a certificate", e); } catch (IOException e) { throw new CAException("Error requesting a certificate", e); } }
From source file:mitm.common.security.ca.handlers.ejbca.EJBCACertificateRequestHandler.java
License:Open Source License
@Override public KeyAndCertificate handleRequest(CertificateRequest request) throws CAException { KeyAndCertificate keyAndCertificate = null; try {//from w w w . j a v a 2s .co m UserDataVOWS userData = new UserDataVOWS(); userData.setEmail(request.getEmail()); userData.setUsername(request.getEmail()); userData.setPassword(requestHandlerSettings.getDefaultUserPassword()); userData.setSubjectDN(subjectDNToString(request.getSubject())); userData.setSubjectAltName("rfc822Name=" + request.getEmail()); userData.setEndEntityProfileName(requestHandlerSettings.getEndEntityProfileName()); userData.setCaName(requestHandlerSettings.getCAName()); userData.setCertificateProfileName(requestHandlerSettings.getCertificateProfileName()); userData.setStatus(EJBCAConst.STATUS_NEW); userData.setTokenType(EJBCAConst.TOKEN_TYPE_USERGENERATED); if (logger.isDebugEnabled()) { StrBuilder sb = new StrBuilder(); sb.append("UserDataVOWS: ").append("[Email: ").append(userData.getEmail()) .append(", DefaultUserPassword: ").append(userData.getPassword() != null ? "***" : "") .append(", SubjectDN: ").append(userData.getSubjectDN()).append(", SubjectAltName: ") .append(userData.getSubjectAltName()).append(", EndEntityProfileName: ") .append(userData.getEndEntityProfileName()).append(", CaName: ") .append(userData.getCaName()).append(", CertificateProfileName: ") .append(userData.getCertificateProfileName()).append("]"); logger.debug(sb.toString()); } KeyPair keyPair = generateKeyPair(request.getKeyLength()); PKCS10CertificationRequestBuilder requestBuilder = new PKCS10CertificationRequestBuilder( X500PrincipalUtils.toX500Name(request.getSubject()), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); PKCS10CertificationRequest pkcs10 = requestBuilder .build(getContentSigner("SHA1WithRSA", keyPair.getPrivate())); String base64PKCS10 = Base64Utils.encode(pkcs10.getEncoded()); CertificateResponse certificateResponse; /* * Since were not sure whether the WS proxy is thread safe, we will synchronize on this */ synchronized (this) { certificateResponse = getEjbcaWS().certificateRequest(userData, base64PKCS10, EJBCAConst.CERT_REQ_TYPE_PKCS10, null, EJBCAConst.RESPONSETYPE_CERTIFICATE); } if (certificateResponse != null && certificateResponse.getData() != null) { /* * The result is a base64 encoded certificate */ Collection<X509Certificate> certificates = CertificateUtils.readX509Certificates( new ByteArrayInputStream(Base64.decode(certificateResponse.getData()))); if (CollectionUtils.isNotEmpty(certificates)) { X509Certificate generatedCertificate = null; for (X509Certificate certificate : certificates) { if (certificate != null) { /* * Use the first one (EJBCA probably will always return just one certificate) */ generatedCertificate = certificate; break; } } if (generatedCertificate != null) { keyAndCertificate = new KeyAndCertificateImpl(keyPair.getPrivate(), generatedCertificate); } else { logger.warn("No certificates found"); } } else { logger.warn("No certificates found"); } } else { logger.warn("certificateResponse is empty"); } return keyAndCertificate; } catch (NoSuchAlgorithmException e) { throw new CAException("Error requesting a certificate", e); } catch (NoSuchProviderException e) { throw new CAException("Error requesting a certificate", e); } catch (CADoesntExistsException_Exception e) { throw new CAException("CA doesn't exist.", e); } catch (UserDoesntFullfillEndEntityProfile_Exception e) { throw new CAException("User doesn't fullfill end entity profile.", e); } catch (EjbcaException_Exception e) { throw new CAException("EJBCA exception.", e); } catch (AuthorizationDeniedException_Exception e) { throw new CAException("Authorization denied.", e); } catch (WaitingForApprovalException_Exception e) { throw new CAException("Waiting for approval.", e); } catch (ApprovalException_Exception e) { throw new CAException("Approval exception.", e); } catch (NotFoundException_Exception e) { throw new CAException("Not found exception.", e); } catch (CertificateException e) { throw new CAException("Certificate exception.", e); } catch (Base64DecodingException e) { throw new CAException("Error Base64 decoding.", e); } catch (OperatorCreationException e) { throw new CAException("Error creating a PKCS#10 request.", e); } catch (IOException e) { throw new CAException("Error requesting a certificate", e); } }
From source file:mitm.common.security.ca.handlers.ejbca.ws.EjbcaWSClient.java
License:Open Source License
public static void main(String args[]) throws Exception { BasicConfigurator.configure();//from w ww . j a v a 2 s. c o m JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); factory.setServiceClass(EjbcaWS.class); factory.setAddress("https://192.168.178.113:8443/ejbca/ejbcaws/ejbcaws"); factory.setServiceName(SERVICE_NAME); EjbcaWS client = (EjbcaWS) factory.create(); Client proxy = ClientProxy.getClient(client); HTTPConduit conduit = (HTTPConduit) proxy.getConduit(); TLSClientParameters tlsClientParameters = new TLSClientParameters(); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream("/home/martijn/temp/superadmin.p12"); String password = "ejbca"; keyStore.load(keyInput, password.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, password.toCharArray()); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); tlsClientParameters.setDisableCNCheck(true); tlsClientParameters.setKeyManagers(keyManagers); X509TrustManager trustAll = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(new KeyStoreLoader().loadKeyStore(new File("/home/martijn/temp/truststore.jks"), "changeit".toCharArray())); tlsClientParameters.setTrustManagers(new TrustManager[] { trustAll }); //tlsClientParameters.setTrustManagers(trustManagerFactory.getTrustManagers()); conduit.setTlsClientParameters(tlsClientParameters); System.out.println(client.getEjbcaVersion()); UserDataVOWS userData = new UserDataVOWS(); userData.setEmail("test@example.com"); userData.setUsername("test@example.com"); //userData.setPassword("test@example.com"); userData.setSubjectDN("CN=test@example.com"); userData.setSubjectAltName("rfc822Name=test@example.com"); userData.setEndEntityProfileName("test"); userData.setCaName("AdminCA1"); userData.setCertificateProfileName("ENDUSER"); userData.setStatus(EJBCAConst.STATUS_NEW); userData.setTokenType(EJBCAConst.TOKEN_TYPE_USERGENERATED); try { //client.editUser(userData); SecurityFactory securityFactory = SecurityFactoryFactory.getSecurityFactory(); SecureRandom randomSource = securityFactory.createSecureRandom(); KeyPairGenerator keyPairGenerator = securityFactory.createKeyPairGenerator("RSA"); keyPairGenerator.initialize(2048, randomSource); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X500PrincipalBuilder builder = new X500PrincipalBuilder(); builder.setCommonName("john doe"); builder.setEmail("test@example.com"); PKCS10CertificationRequestBuilder requestBuilder = new PKCS10CertificationRequestBuilder( X500PrincipalUtils.toX500Name(builder.buildPrincipal()), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); PKCS10CertificationRequest pkcs10 = requestBuilder .build(getContentSigner("SHA1WithRSA", keyPair.getPrivate())); String base64PKCS10 = Base64Utils.encode(pkcs10.getEncoded()); CertificateResponse certificateResponse = client.certificateRequest(userData, base64PKCS10, EJBCAConst.CERT_REQ_TYPE_PKCS10, null, EJBCAConst.RESPONSETYPE_CERTIFICATE); if (certificateResponse != null && certificateResponse.getData() != null) { /* * The result is a base64 encoded certificate */ Collection<X509Certificate> certificates = CertificateUtils.readX509Certificates( new ByteArrayInputStream(Base64.decode(certificateResponse.getData()))); if (CollectionUtils.isNotEmpty(certificates)) { for (X509Certificate certificate : certificates) { System.out.println(certificate); } } else { System.out.println("No certificates found"); } } else { System.out.println("certificateResponse is empty"); } } catch (Exception e) { e.printStackTrace(); } }
From source file:net.solarnetwork.node.setup.test.DefaultSetupServiceTest.java
License:Open Source License
@Test public void handleRenewCertificateInstruction() throws Exception { SetupIdentityInfo info = new SetupIdentityInfo(1L, TEST_CONF_VALUE, "localhost", 80, false, TEST_PW_VALUE); expect(setupIdentityDao.getSetupIdentityInfo()).andReturn(info).atLeastOnce(); replayAll();// w w w. j ava2s .c o m keystoreService.saveCACertificate(CA_CERT); keystoreService.generateNodeSelfSignedCertificate(TEST_DN); String csr = keystoreService.generateNodePKCS10CertificateRequestString(); X509Certificate originalCert; PemReader pemReader = new PemReader(new StringReader(csr)); try { PemObject pem = pemReader.readPemObject(); PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent()); originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate()); String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert }); keystoreService.saveNodeSignedCertificate(signedPem); log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem); assertThat("Generated CSR", csr, notNullValue()); } finally { pemReader.close(); } // now let's renew! KeyStore keyStore = loadKeyStore(); PrivateKey nodeKey = (PrivateKey) keyStore.getKey("node", TEST_PW_VALUE.toCharArray()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(nodeKey); PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder( JcaX500NameUtil.getSubject(originalCert), SubjectPublicKeyInfo.getInstance(originalCert.getPublicKey().getEncoded())); X509Certificate renewedCert = PKITestUtils.sign(builder.build(signer), CA_CERT, CA_KEY_PAIR.getPrivate()); String renewedSignedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { renewedCert }); BasicInstruction instr = new BasicInstruction(DefaultSetupService.INSTRUCTION_TOPIC_RENEW_CERTIFICATE, new Date(), "123", "456", new BasicInstructionStatus(456L, InstructionState.Received, new Date())); for (int i = 0; i < renewedSignedPem.length(); i += 256) { int end = i + (i + 256 < renewedSignedPem.length() ? 256 : renewedSignedPem.length() - i); instr.addParameter(DefaultSetupService.INSTRUCTION_PARAM_CERTIFICATE, renewedSignedPem.substring(i, end)); } InstructionState state = service.processInstruction(instr); assertThat("Instruction state", state, equalTo(InstructionState.Completed)); X509Certificate nodeCert = keystoreService.getNodeCertificate(); assertThat("Node cert is now renewed cert", nodeCert, equalTo(renewedCert)); }
From source file:net.solarnetwork.pki.bc.BCCertificateService.java
License:Open Source License
@Override public String generatePKCS10CertificateRequestString(X509Certificate cert, PrivateKey privateKey) throws CertificateException { X509CertificateHolder holder;//w w w. j av a 2 s. c o m try { holder = new JcaX509CertificateHolder(cert); } catch (CertificateEncodingException e) { throw new CertificateException("Error creating CSR", e); } PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(holder.getSubject(), holder.getSubjectPublicKeyInfo()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer; try { signer = signerBuilder.build(privateKey); } catch (OperatorCreationException e) { throw new CertificateException("Error signing certificate request", e); } PKCS10CertificationRequest csr = builder.build(signer); StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); try { pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", csr.getEncoded())); } catch (IOException e) { throw new CertificateException("Error signing certificate", e); } finally { try { pemWriter.flush(); pemWriter.close(); writer.close(); } catch (IOException e) { // ignore this } } return writer.toString(); }
From source file:org.apache.airavata.gfac.bes.utils.MyProxyLogon.java
License:Apache License
private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception { X500Name subject = new X500Name(dn); PublicKey pubKey = kp.getPublic(); PrivateKey privKey = kp.getPrivate(); AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam); PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo); AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA); BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1)); AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded()); ContentSigner signer = signerBuilder.build(pkParam); return builder.build(signer); }