Example 16 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project xipki by xipki.
the class EnrollCertAction method execute0.
@Override
protected Object execute0() throws Exception {
Client client = getScepClient();
PKCS10CertificationRequest csr = new PKCS10CertificationRequest(IoUtil.read(csrFile));
EnrollmentResponse resp = requestCertificate(client, csr, getIdentityKey(), getIdentityCert());
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
X509Certificate cert = extractEeCerts(resp.getCertStore());
if (cert == null) {
throw new Exception("received no certificate");
}
saveVerbose("saved enrolled certificate to file", new File(outputFile), cert.getEncoded());
return null;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CmdFailure(org.xipki.console.karaf.CmdFailure)
EnrollmentResponse(org.jscep.client.EnrollmentResponse)
Client(org.jscep.client.Client)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
TransactionException(org.jscep.transaction.TransactionException)
ClientException(org.jscep.client.ClientException)
Example 17 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project platformlayer by platformlayer.
the class Csr method parse.
public static Csr parse(String encoded) {
CsrParser parser = new CsrParser();
PKCS10CertificationRequest csr = parser.parse(encoded);
if (csr == null) {
throw new IllegalArgumentException("Cannot parse CSR");
}
return new Csr(csr);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CsrParser(org.platformlayer.crypto.CsrParser)
Example 18 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method parseCsr.
private static PKCS10CertificationRequest parseCsr(String csr) throws IOException {
PemReader reader = new PemReader(new StringReader(csr));
PemObject pemObject = reader.readPemObject();
reader.close();
PKCS10CertificationRequest csrHolder = new PKCS10CertificationRequest(pemObject.getContent());
return csrHolder;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PemReader(org.bouncycastle.util.io.pem.PemReader)
PemObject(org.bouncycastle.util.io.pem.PemObject)
StringReader(java.io.StringReader)
Example 19 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project Openfire by igniterealtime.
the class CertificateManager method createSigningRequest.
/**
* Creates and returns the content of a new singing request for the specified certificate. Signing
* requests are required by Certificate Authorities as part of their signing process. The signing request
* contains information about the certificate issuer, subject DN, subject alternative names and public key.
* Private keys are not included. After the Certificate Authority verified and signed the certificate a new
* certificate is going to be returned.
*
* @param cert the certificate to create a signing request.
* @param privKey the private key of the certificate.
* @return the content of a new singing request for the specified certificate.
* @throws OperatorCreationException if there was a problem creating the CSR
* @throws IOException if there was a problem creating the CSR
* @throws CertificateParsingException if there was a problem creating the CSR
*/
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException, CertificateParsingException {
JcaPKCS10CertificationRequestBuilder csrBuilder = new //
JcaPKCS10CertificationRequestBuilder(//
cert.getSubjectX500Principal(), //
cert.getPublicKey());
// Add SubjectAlternativeNames (SANs)
final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector();
final Collection<List<?>> certSans = cert.getSubjectAlternativeNames();
if (certSans != null) {
for (final List<?> certSan : certSans) {
final int nameType = (Integer) certSan.get(0);
// this is either a string, or a byte-array that represents the ASN.1 DER encoded form.
final Object value = certSan.get(1);
switch(nameType) {
case 0:
// OtherName: search for "id-on-xmppAddr" or 'sRVName' or 'userPrincipalName'
try (final ASN1InputStream decoder = new ASN1InputStream((byte[]) value)) {
// By specification, OtherName instances must always be an ASN.1 Sequence.
final ASN1Primitive object = decoder.readObject();
final ASN1Sequence otherNameSeq = (ASN1Sequence) object;
// By specification, an OtherName instance consists of:
// - the type-id (which is an Object Identifier), followed by:
// - a tagged value, of which the tag number is 0 (zero) and the value is defined by the type-id.
final ASN1ObjectIdentifier typeId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
final ASN1TaggedObject taggedValue = (ASN1TaggedObject) otherNameSeq.getObjectAt(1);
final int tagNo = taggedValue.getTagNo();
if (tagNo != 0) {
throw new IllegalArgumentException("subjectAltName 'otherName' sequence's second object is expected to be a tagged value of which the tag number is 0. The tag number that was detected: " + tagNo);
}
subjectAlternativeNames.add(new DERTaggedObject(false, GeneralName.otherName, new DERSequence(new ASN1Encodable[] { typeId, taggedValue })));
} catch (Exception e) {
Log.warn("Unable to parse certificate SAN 'otherName' value", e);
}
break;
case 2:
// DNS
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, (String) value));
break;
case 6:
// URI
subjectAlternativeNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, (String) value));
break;
default:
// Not applicable to XMPP, so silently ignore them
break;
}
}
}
final GeneralNames subjectAltNames = GeneralNames.getInstance(new DERSequence(subjectAlternativeNames));
final ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
StringWriter string = new StringWriter();
PemWriter pemWriter = new PemWriter(string);
PemObjectGenerator objGen = new MiscPEMGenerator(csr);
pemWriter.writeObject(objGen);
pemWriter.close();
return string.toString();
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
ContentSigner(org.bouncycastle.operator.ContentSigner)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertException(org.bouncycastle.cert.CertException)
CertificateParsingException(java.security.cert.CertificateParsingException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertificateException(java.security.cert.CertificateException)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
BigInteger(java.math.BigInteger)
JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 20 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class CryptoTest method testExtractX509CSRFieldsWithRfc822s.
@Test
public void testExtractX509CSRFieldsWithRfc822s() throws IOException {
Path path = Paths.get("src/test/resources/valid_emails.csr");
String csr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
assertNotNull(certReq);
assertEquals(Crypto.extractX509CSRCommonName(certReq), "athenz.production");
List<String> emails = Crypto.extractX509CSREmails(certReq);
assertEquals(2, emails.size());
assertEquals(emails.get(0), "sports.scores@aws.yahoo.cloud");
assertEquals(emails.get(1), "nhl.scores@aws.yahoo.cloud");
}
Also used :
Path(java.nio.file.Path)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Test(org.testng.annotations.Test)
Aggregations
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)79
Test (org.testng.annotations.Test)39
Path (java.nio.file.Path)34
DERIA5String (org.bouncycastle.asn1.DERIA5String)19
X509Certificate (java.security.cert.X509Certificate)17
IOException (java.io.IOException)14
X500Name (org.bouncycastle.asn1.x500.X500Name)13
PrivateKey (java.security.PrivateKey)12
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11
JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)11
KeyPair (java.security.KeyPair)9
X500Principal (javax.security.auth.x500.X500Principal)9
KeyPairGenerator (java.security.KeyPairGenerator)8
ContentSigner (org.bouncycastle.operator.ContentSigner)8
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8
File (java.io.File)7
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7
JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)7
PemObject (org.bouncycastle.util.io.pem.PemObject)6
CryptoException (org.kse.crypto.CryptoException)6
