Example 11 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project keystore-explorer by kaikramer.
the class DViewPem method main.
// for quick testing
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
java.awt.EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
KeyPair keyPair = keyGen.genKeyPair();
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("cn=test"), keyPair.getPublic());
PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(keyPair.getPrivate()));
DViewPem dialog = new DViewPem(new javax.swing.JFrame(), "Title", csr);
dialog.addWindowListener(new java.awt.event.WindowAdapter() {
@Override
public void windowClosing(java.awt.event.WindowEvent e) {
System.exit(0);
}
});
dialog.setVisible(true);
} catch (Exception e) {
e.printStackTrace();
}
}
});
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
WindowAdapter(java.awt.event.WindowAdapter)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
CryptoException(org.kse.crypto.CryptoException)
FileNotFoundException(java.io.FileNotFoundException)
JFrame(javax.swing.JFrame)
WindowEvent(java.awt.event.WindowEvent)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 12 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project jruby-openssl by jruby.
the class PKCS10Request method resetSignedRequest.
private void resetSignedRequest() {
if (signedRequest == null)
return;
CertificationRequest req = signedRequest.toASN1Structure();
CertificationRequestInfo reqInfo = new CertificationRequestInfo(subject, publicKeyInfo, req.getCertificationRequestInfo().getAttributes());
ASN1Sequence seq = (ASN1Sequence) req.toASN1Primitive();
req = new CertificationRequest(reqInfo, (AlgorithmIdentifier) seq.getObjectAt(1), (DERBitString) seq.getObjectAt(2));
// valid = true;
signedRequest = new PKCS10CertificationRequest(req);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERBitString(org.bouncycastle.asn1.DERBitString)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 13 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project jruby-openssl by jruby.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509CertificateHolder) {
type = "CERTIFICATE";
encoding = ((X509CertificateHolder) o).getEncoded();
} else if (o instanceof X509CRLHolder) {
type = "X509 CRL";
encoding = ((X509CRLHolder) o).getEncoded();
} else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo info = (PrivateKeyInfo) o;
ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(BigInteger.ZERO));
v.add(new ASN1Integer(p.getP()));
v.add(new ASN1Integer(p.getQ()));
v.add(new ASN1Integer(p.getG()));
BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new ASN1Integer(y));
v.add(new ASN1Integer(x));
encoding = new DERSequence(v).getEncoded();
} else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (o instanceof SubjectPublicKeyInfo) {
type = "PUBLIC KEY";
encoding = ((SubjectPublicKeyInfo) o).getEncoded();
} else if (o instanceof X509AttributeCertificateHolder) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificateHolder) o).getEncoded();
} else if (o instanceof PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else //
if (// 1.47 compatibility
o instanceof java.security.cert.X509Certificate) {
type = "CERTIFICATE";
try {
encoding = ((java.security.cert.X509Certificate) o).getEncoded();
} catch (CertificateEncodingException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (// 1.47 compatibility
o instanceof java.security.cert.X509CRL) {
type = "X509 CRL";
try {
encoding = ((java.security.cert.X509CRL) o).getEncoded();
} catch (CRLException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (// 1.47 compatibility
o instanceof java.security.KeyPair) {
return createPemObject(((java.security.KeyPair) o).getPrivate());
} else if (// 1.47 compatibility
o instanceof java.security.PrivateKey) {
PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Primitive.fromByteArray(((java.security.Key) o).getEncoded()));
if (o instanceof java.security.interfaces.RSAPrivateKey) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (o instanceof java.security.interfaces.DSAPrivateKey) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(p.getP()));
v.add(new DERInteger(p.getQ()));
v.add(new DERInteger(p.getG()));
BigInteger x = ((java.security.interfaces.DSAPrivateKey) o).getX();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new DERInteger(y));
v.add(new DERInteger(x));
encoding = new DERSequence(v).getEncoded();
} else if (((java.security.PrivateKey) o).getAlgorithm().equals("ECDSA")) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (// 1.47 compatibility
o instanceof java.security.PublicKey) {
type = "PUBLIC KEY";
encoding = ((java.security.PublicKey) o).getEncoded();
} else if (// 1.47 compatibility
o instanceof X509AttributeCertificate) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificate) o).getEncoded();
} else //
//
//
{
throw new PemGenerationException("unknown object passed - can't encode.");
}
if (// NEW STUFF (NOT IN OLD)
encryptor != null) {
String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
// Note: For backward compatibility
if (dekAlgName.equals("DESEDE")) {
dekAlgName = "DES-EDE3-CBC";
}
byte[] iv = encryptor.getIV();
byte[] encData = encryptor.encrypt(encoding);
List<PemHeader> headers = new ArrayList<PemHeader>(2);
headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
return new PemObject(type, headers, encData);
}
return new PemObject(type, encoding);
}
Also used :
ArrayList(java.util.ArrayList)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DERInteger(org.bouncycastle.asn1.DERInteger)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
DERSequence(org.bouncycastle.asn1.DERSequence)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
CRLException(java.security.cert.CRLException)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
PemObject(org.bouncycastle.util.io.pem.PemObject)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PemHeader(org.bouncycastle.util.io.pem.PemHeader)
Example 14 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project certmgr by hdecarne.
the class PEMCertReaderWriter method readObjectsString.
/**
* Read all available certificate objects from a PEM encoded {@link Reader} resource.
*
* @param in The reader resource to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if the input is not recognized.
* @throws IOException if an I/O error occurs while reading.
*/
@Nullable
public static CertObjectStore readObjectsString(IOResource<Reader> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PEM objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (PEMParser parser = new PEMParser(in.io())) {
Object pemObject;
try {
pemObject = parser.readObject();
} catch (IOException e) {
LOG.info(e, "No PEM objects recognized in: ''{0}''", in);
pemObject = null;
}
while (pemObject != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
LOG.info("Decoding PEM object of type {0}", pemObject.getClass().getName());
if (pemObject instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) pemObject));
} else if (pemObject instanceof PEMKeyPair) {
certObjects.addKey(convertKey((PEMKeyPair) pemObject));
} else if (pemObject instanceof PEMEncryptedKeyPair) {
certObjects.addKey(convertKey((PEMEncryptedKeyPair) pemObject, in.resource(), password));
} else if (pemObject instanceof PKCS10CertificationRequest) {
certObjects.addCSR(convertCSR((PKCS10CertificationRequest) pemObject));
} else if (pemObject instanceof X509CRLHolder) {
certObjects.addCRL(convertCRL((X509CRLHolder) pemObject));
} else {
LOG.warning("Ignoring unrecognized PEM object of type {0}", pemObject.getClass().getName());
}
pemObject = parser.readObject();
}
}
return certObjects;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
IOException(java.io.IOException)
Nullable(de.carne.check.Nullable)
Example 15 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project xipki by xipki.
the class CertPollCmd method execute0.
@Override
protected Object execute0() throws Exception {
PKCS10CertificationRequest csr = new PKCS10CertificationRequest(IoUtil.read(csrFile));
Client client = getScepClient();
TransactionId transId = TransactionId.createTransactionId(CertificationRequestUtils.getPublicKey(csr), "SHA-1");
EnrollmentResponse resp = client.poll(getIdentityCert(), getIdentityKey(), new X500Principal(csr.getSubject().getEncoded()), transId);
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
X509Certificate cert = extractEeCerts(resp.getCertStore());
if (cert == null) {
throw new Exception("received no certificate");
}
saveVerbose("saved polled certificate to file", new File(outputFile), cert.getEncoded());
return null;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CmdFailure(org.xipki.console.karaf.CmdFailure)
X500Principal(javax.security.auth.x500.X500Principal)
EnrollmentResponse(org.jscep.client.EnrollmentResponse)
Client(org.jscep.client.Client)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
TransactionId(org.jscep.transaction.TransactionId)
Aggregations
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)79
Test (org.testng.annotations.Test)39
Path (java.nio.file.Path)34
DERIA5String (org.bouncycastle.asn1.DERIA5String)19
X509Certificate (java.security.cert.X509Certificate)17
IOException (java.io.IOException)14
X500Name (org.bouncycastle.asn1.x500.X500Name)13
PrivateKey (java.security.PrivateKey)12
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11
JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)11
KeyPair (java.security.KeyPair)9
X500Principal (javax.security.auth.x500.X500Principal)9
KeyPairGenerator (java.security.KeyPairGenerator)8
ContentSigner (org.bouncycastle.operator.ContentSigner)8
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8
File (java.io.File)7
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7
JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)7
PemObject (org.bouncycastle.util.io.pem.PemObject)6
CryptoException (org.kse.crypto.CryptoException)6
