Example 11 with CertificationRequestInfo
use of com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo in project xipki by xipki.
the class Ca2Manager method generateCertificate.
// method generateRootCa
X509Cert generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = toNonBlankLower(caName, "caName");
profileName = toNonBlankLower(profileName, "profileName");
notNull(encodedCsr, "encodedCsr");
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(APPNAME);
event.setName(NAME_perf);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = X509Util.parseCsr(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
if (!ca.verifyCsr(csr)) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
CertificateInfo certInfo;
try {
certInfo = ca.generateCert(certTemplateData, manager.byCaRequestor, RequestType.CA, null, MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
Also used :
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DataAccessException(org.xipki.datasource.DataAccessException)
CertificateException(java.security.cert.CertificateException)
OperationException(org.xipki.ca.api.OperationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CertificateInfo(org.xipki.ca.api.CertificateInfo)
AuditEvent(org.xipki.audit.AuditEvent)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
Example 12 with CertificationRequestInfo
use of com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequest method isSignatureValid.
/**
* Validate the signature on the PKCS10 certification request in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
* signature.
* @return true if the signature is valid, false otherwise.
* @throws PKCSException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws PKCSException {
CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo();
ContentVerifier verifier;
try {
verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm());
OutputStream sOut = verifier.getOutputStream();
sOut.write(requestInfo.getEncoded(ASN1Encoding.DER));
sOut.close();
} catch (Exception e) {
throw new PKCSException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(this.getSignature());
}
Also used :
CertificationRequestInfo(com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo)
ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
Example 13 with CertificationRequestInfo
use of com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequestBuilder method build.
/**
* Generate an PKCS#10 request based on the past in signer.
*
* @param signer the content signer to be used to generate the signature validating the
* certificate.
* @return a holder containing the resulting PKCS#10 certification request.
*/
public PKCS10CertificationRequest build(ContentSigner signer) {
CertificationRequestInfo info;
if (attributes.isEmpty()) {
if (leaveOffEmpty) {
info = new CertificationRequestInfo(subject, publicKeyInfo, null);
} else {
info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet());
}
} else {
ASN1EncodableVector v = new ASN1EncodableVector();
for (Iterator it = attributes.iterator(); it.hasNext(); ) {
v.add(Attribute.getInstance(it.next()));
}
info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet(v));
}
try {
OutputStream sOut = signer.getOutputStream();
sOut.write(info.getEncoded(ASN1Encoding.DER));
sOut.close();
return new PKCS10CertificationRequest(new CertificationRequest(info, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature())));
} catch (IOException e) {
throw new IllegalStateException("cannot produce certification request signature");
}
}
Also used :
CertificationRequestInfo(com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo)
OutputStream(java.io.OutputStream)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
IOException(java.io.IOException)
DERSet(com.github.zhenwei.core.asn1.DERSet)
CertificationRequest(com.github.zhenwei.core.asn1.pkcs.CertificationRequest)
Example 14 with CertificationRequestInfo
use of com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo in project LinLong-Java by zhenwei1108.
the class CertificationRequest method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(3);
v.add(certificationRequestInfo);
v.add(signatureAlgorithm);
v.add(signature);
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Aggregations
CertificationRequestInfo (org.bouncycastle.asn1.pkcs.CertificationRequestInfo)11
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
Extensions (org.bouncycastle.asn1.x509.Extensions)8
Date (java.util.Date)5
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)5
OperationException (org.xipki.ca.api.OperationException)5
BigInteger (java.math.BigInteger)4
ASN1Set (org.bouncycastle.asn1.ASN1Set)4
IOException (java.io.IOException)3
Attribute (org.bouncycastle.asn1.pkcs.Attribute)3
NameId (org.xipki.ca.api.NameId)3
X509CertificateInfo (org.xipki.ca.api.publisher.x509.X509CertificateInfo)3
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)2
CertificationRequestInfo (com.github.zhenwei.core.asn1.pkcs.CertificationRequestInfo)2
EOFException (java.io.EOFException)2
OutputStream (java.io.OutputStream)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
