Examples with PKCS10CertificationRequest org.bouncycastle.pkcs.PKCS10CertificationRequest used on opensource projects

Search in sources :

Example 26 with PKCS10CertificationRequest

use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.

the class CryptoTest method testExtractX509CSRFieldsURINull.

@Test
public void testExtractX509CSRFieldsURINull() throws IOException {
    Path path = Paths.get("src/test/resources/valid_email.csr");
    String csr = new String(Files.readAllBytes(path));
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    assertNotNull(certReq);
    List<String> uris = Crypto.extractX509CSRURIs(certReq);
    assertEquals(0, uris.size());
}
Also used : Path(java.nio.file.Path) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 27 with PKCS10CertificationRequest

use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.

the class CryptoTest method testExtractX509CSRFieldsURISingle.

@Test
public void testExtractX509CSRFieldsURISingle() throws IOException {
    Path path = Paths.get("src/test/resources/valid_single_uri.csr");
    String csr = new String(Files.readAllBytes(path));
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    assertNotNull(certReq);
    List<String> uris = Crypto.extractX509CSRURIs(certReq);
    assertEquals(1, uris.size());
    assertEquals(uris.get(0), "spiffe://athenz/domain1/service1");
}
Also used : Path(java.nio.file.Path) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 28 with PKCS10CertificationRequest

use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.

the class CryptoTest method testExtractX509CSRFieldsURIDouble.

@Test
public void testExtractX509CSRFieldsURIDouble() throws IOException {
    Path path = Paths.get("src/test/resources/valid_multiple_uri.csr");
    String csr = new String(Files.readAllBytes(path));
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    assertNotNull(certReq);
    List<String> uris = Crypto.extractX509CSRURIs(certReq);
    assertEquals(2, uris.size());
    assertEquals(uris.get(0), "spiffe://athenz/domain1/service1");
    assertEquals(uris.get(1), "spiffe://athenz/domain1/service2");
}
Also used : Path(java.nio.file.Path) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 29 with PKCS10CertificationRequest

use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.

the class KeyStoreCertSigner method generateX509Certificate.

@Override
public String generateX509Certificate(String provider, String certIssuer, String csr, String keyUsage, int certExpiryMins, Priority priority) {
    int certExpiryTime = (certExpiryMins == 0) ? this.maxCertExpiryTimeMins : certExpiryMins;
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    // keyUsage is ignored
    X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey, caCertificate, certExpiryTime, false);
    return Crypto.convertToPEMFormat(cert);
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) X509Certificate(java.security.cert.X509Certificate)

Example 30 with PKCS10CertificationRequest

use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.

the class SelfCertSignerFactory method create.

@Override
public CertSigner create() {
    // extract the private key for this self cert signer
    final String pKeyFileName = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_FNAME);
    final String pKeyPassword = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_PASSWORD);
    final String csrDn = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_CERT_DN, "cn=Self Signed Athenz CA,o=Athenz,c=US");
    final int maxCertExpiryTimeMins = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_CERTSIGN_MAX_EXPIRY_TIME, "43200"));
    if (StringUtil.isEmpty(pKeyFileName)) {
        LOGGER.error("No private key path available for Self Cert Signer Factory");
        return null;
    }
    File caKey = new File(pKeyFileName);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(caKey, pKeyPassword);
    // now generate a CSR for our own CA and self sign it
    String csr;
    try {
        csr = Crypto.generateX509CSR(caPrivateKey, csrDn, null);
    } catch (IllegalArgumentException | OperatorCreationException | IOException ex) {
        LOGGER.error("Unable to generate X509 CSR for dn: {}, error: {}", csrDn, ex.getMessage());
        return null;
    }
    // generate our self-signed certificate
    X500Principal subject = new X500Principal(csrDn);
    X500Name issuer = X500Name.getInstance(subject.getEncoded());
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    X509Certificate caCertificate = Crypto.generateX509Certificate(certReq, caPrivateKey, issuer, 30 * 24 * 60, true);
    return new KeyStoreCertSigner(caCertificate, caPrivateKey, maxCertExpiryTimeMins);
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) PrivateKey(java.security.PrivateKey) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) X500Principal(javax.security.auth.x500.X500Principal) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) File(java.io.File)

Aggregations

PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)79 Test (org.testng.annotations.Test)39 Path (java.nio.file.Path)34 DERIA5String (org.bouncycastle.asn1.DERIA5String)19 X509Certificate (java.security.cert.X509Certificate)17 IOException (java.io.IOException)14 X500Name (org.bouncycastle.asn1.x500.X500Name)13 PrivateKey (java.security.PrivateKey)12 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)11 KeyPair (java.security.KeyPair)9 X500Principal (javax.security.auth.x500.X500Principal)9 KeyPairGenerator (java.security.KeyPairGenerator)8 ContentSigner (org.bouncycastle.operator.ContentSigner)8 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8 File (java.io.File)7 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7 JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)7 PemObject (org.bouncycastle.util.io.pem.PemObject)6 CryptoException (org.kse.crypto.CryptoException)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial