Search in sources :

Example 16 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project athenz by yahoo.

the class Crypto method generateX509CSR.

public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
    // Create Distinguished Name
    X500Principal subject = new X500Principal(x500Principal);
    // Create ContentSigner
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
    ContentSigner signer = csBuilder.build(privateKey);
    // Create the CSR
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
    // /CLOVER:OFF
    if (sanArray != null) {
        // /CLOVER:ON
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        GeneralNames subjectAltNames = new GeneralNames(sanArray);
        extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
        p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    // write to openssl PEM format
    PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
    StringWriter strWriter;
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
        pemWriter.writeObject(pemObject);
    }
    return strWriter.toString();
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PemObject(org.bouncycastle.util.io.pem.PemObject) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Principal(javax.security.auth.x500.X500Principal) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 17 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project vespa by vespa-engine.

the class Pkcs10CsrBuilder method build.

public Pkcs10Csr build() {
    try {
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (basicConstraintsExtension != null) {
            extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
        return new Pkcs10Csr(requestBuilder.build(contentSigner));
    } catch (OperatorCreationException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 18 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project dcos-commons by mesosphere.

the class TLSArtifactsGenerator method generateCSR.

@SuppressWarnings("checkstyle:ThrowsCount")
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator) throws IOException, OperatorCreationException {
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
    PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    return PEMUtils.toPEM(csr);
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 19 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project certmgr by hdecarne.

the class PKCS10CertificateRequest method generateCSR.

/**
 * Generate a CSR object.
 *
 * @param dn The CSR's Distinguished Name (DN).
 * @param key The CSR's key pair
 * @param extensions The CRT's extension objects.
 * @param signatureAlgorithm The signature algorithm to use.
 * @return The generated CSR object.
 * @throws IOException if an error occurs during generation.
 */
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CSR generation ''{0}'' started...", dn);
    // Initialize CSR builder
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
    // Add custom extension objects
    ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
    for (X509ExtensionData extensionData : extensions) {
        extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
    }
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
    PKCS10CertificateRequest csr;
    try {
        // Sign CSR
        ContentSigner csrSigner;
        csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
        csr = fromPKCS10(csrBuilder.build(csrSigner));
    } catch (OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CSR generation ''{0}'' done", dn);
    return csr;
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertProviderException(de.carne.certmgr.certs.CertProviderException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 20 with ExtensionsGenerator

use of com.github.zhenwei.core.asn1.x509.ExtensionsGenerator in project jmulticard by ctt-gob-es.

the class CertUtils method doRemoveExtension.

static ExtensionsGenerator doRemoveExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid) {
    boolean isRemoved = false;
    Extensions exts = extGenerator.generate();
    extGenerator = new ExtensionsGenerator();
    for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
        ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
        if (extOid.equals(oid)) {
            isRemoved = true;
        } else {
            extGenerator.addExtension(exts.getExtension(extOid));
        }
    }
    if (!isRemoved) {
        throw new IllegalArgumentException("remove - extension (OID = " + oid + ") not found");
    }
    return extGenerator;
}
Also used : Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)23 JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)16 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)14 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)12 IOException (java.io.IOException)9 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)9 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7 Enumeration (java.util.Enumeration)6 X500Principal (javax.security.auth.x500.X500Principal)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)4 ExtensionsGenerator (com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 KeyPair (java.security.KeyPair)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 PrivateKey (java.security.PrivateKey)3 CertificateException (java.security.cert.CertificateException)3