Search in sources :

Example 66 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CertificateRequest method generateECDSAKeyPair.

@VisibleForTesting
KeyPair generateECDSAKeyPair(EllipticCurve keyCurve) throws VCertException {
    try {
        KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
        ECGenParameterSpec spec = new ECGenParameterSpec(keyCurve.bcName());
        g.initialize(spec);
        return g.generateKeyPair();
    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
        throw new VCertException("No security provider found for KeyFactory.EC", e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new VCertException(format("No algorithmn provider for curve %s", keyCurve.bcName()), e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) VCertException(com.venafi.vcert.sdk.VCertException) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 67 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CertificateRequest method generateCSR.

public void generateCSR() throws VCertException {
    try {
        List<GeneralName> sans = new ArrayList<>();
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject.toX500Principal(), keyPair.getPublic());
        JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm.standardName());
        ContentSigner signer = signerBuilder.build(keyPair.getPrivate());
        for (String san : dnsNames) {
            sans.add(new GeneralName(GeneralName.dNSName, san));
        }
        for (InetAddress san : ipAddresses) {
            sans.add(new GeneralName(GeneralName.iPAddress, new DEROctetString(san.getAddress())));
        }
        for (String san : emailAddresses) {
            sans.add(new GeneralName(GeneralName.rfc822Name, san));
        }
        if (!sans.isEmpty()) {
            GeneralNames names = new GeneralNames(sans.toArray(new GeneralName[] {}));
            ExtensionsGenerator extGen = new ExtensionsGenerator();
            extGen.addExtension(Extension.subjectAlternativeName, false, names);
            requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        }
        PKCS10CertificationRequest certificationRequest = requestBuilder.build(signer);
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        outputStream.write("-----BEGIN CERTIFICATE REQUEST-----".getBytes());
        outputStream.write(System.lineSeparator().getBytes());
        outputStream.write(Base64.getMimeEncoder().encode(certificationRequest.getEncoded()));
        outputStream.write(System.lineSeparator().getBytes());
        outputStream.write("-----END CERTIFICATE REQUEST-----".getBytes());
        csr = outputStream.toByteArray();
    } catch (Exception e) {
        throw new VCertException("Unable to generate CSR", e);
    }
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) DEROctetString(org.bouncycastle.asn1.DEROctetString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DEROctetString(org.bouncycastle.asn1.DEROctetString) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) VCertException(com.venafi.vcert.sdk.VCertException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) InetAddress(java.net.InetAddress)

Example 68 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CertificateRequest method generateRSAKeyPair.

@VisibleForTesting
KeyPair generateRSAKeyPair(Integer keyLength) throws VCertException {
    try {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(keyLength);
        return keyPairGenerator.generateKeyPair();
    } catch (NoSuchAlgorithmException e) {
        throw new VCertException("No security provider found for KeyFactory.RSA", e);
    } catch (NoSuchProviderException e) {
        throw new VCertException(format("No algorithm provider for RSA with key length %s", Integer.toString(keyLength)), e);
    }
}
Also used : VCertException(com.venafi.vcert.sdk.VCertException) KeyPairGenerator(java.security.KeyPairGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

VCertException (com.venafi.vcert.sdk.VCertException)68 PolicySpecification (com.venafi.vcert.sdk.policy.domain.PolicySpecification)49 DisplayName (org.junit.jupiter.api.DisplayName)48 Test (org.junit.jupiter.api.Test)48 IOException (java.io.IOException)34 CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)26 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)25 MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)25 FeignException (feign.FeignException)25 FailedToRevokeTokenException (com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException)23 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)23 StringReader (java.io.StringReader)7 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)5 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 CsrOriginOption (com.venafi.vcert.sdk.certificate.CsrOriginOption)4 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)4 ImportResponse (com.venafi.vcert.sdk.certificate.ImportResponse)4 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)4 RevocationRequest (com.venafi.vcert.sdk.certificate.RevocationRequest)4