Examples with PKCS10CertificationRequestBuilder org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder used on opensource projects

Example 11 with PKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder in project xipki by xipki.

the class ScepUtil method generateRequest.

public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, Map<ASN1ObjectIdentifier, ASN1Encodable> attributes) throws OperatorCreationException {
    requireNonNull("privatekey", privatekey);
    requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
    requireNonNull("subjectDn", subjectDn);
    PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subjectDn, subjectPublicKeyInfo);
    if (attributes != null) {
        for (ASN1ObjectIdentifier attrType : attributes.keySet()) {
            csrBuilder.addAttribute(attrType, attributes.get(attrType));
        }
    }
    ContentSigner contentSigner = new JcaContentSignerBuilder(getSignatureAlgorithm(privatekey, ScepHashAlgo.SHA1)).build(privatekey);
    return csrBuilder.build(contentSigner);
}

Example 12 with PKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder in project certmgr by hdecarne.

the class PKCS10CertificateRequest method generateCSR.

/**
 * Generate a CSR object.
 *
 * @param dn The CSR's Distinguished Name (DN).
 * @param key The CSR's key pair
 * @param extensions The CRT's extension objects.
 * @param signatureAlgorithm The signature algorithm to use.
 * @return The generated CSR object.
 * @throws IOException if an error occurs during generation.
 */
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CSR generation ''{0}'' started...", dn);
    // Initialize CSR builder
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
    // Add custom extension objects
    ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
    for (X509ExtensionData extensionData : extensions) {
        extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
    }
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
    PKCS10CertificateRequest csr;
    try {
        // Sign CSR
        ContentSigner csrSigner;
        csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
        csr = fromPKCS10(csrBuilder.build(csrSigner));
    } catch (OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CSR generation ''{0}'' done", dn);
    return csr;
}

Example 13 with PKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder in project vespa by vespa-engine.

the class Pkcs10CsrBuilder method build.

public Pkcs10Csr build() {
    try {
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (basicConstraintsExtension != null) {
            extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
        return new Pkcs10Csr(requestBuilder.build(contentSigner));
    } catch (OperatorCreationException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}

Example 14 with PKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder in project athenz by yahoo.

the class Crypto method generateX509CSR.

public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
    // Create Distinguished Name
    X500Principal subject = new X500Principal(x500Principal);
    // Create ContentSigner
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
    ContentSigner signer = csBuilder.build(privateKey);
    // Create the CSR
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
    // /CLOVER:OFF
    if (sanArray != null) {
        // /CLOVER:ON
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        GeneralNames subjectAltNames = new GeneralNames(sanArray);
        extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
        p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    // write to openssl PEM format
    PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
    StringWriter strWriter;
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
        pemWriter.writeObject(pemObject);
    }
    return strWriter.toString();
}

Example 15 with PKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder in project java by kubernetes-client.

the class CSRUtils method sign.

/**
 * Sign CSR from the key-pair.
 *
 * @param keyPair the key pair
 * @param csrAlgo the csr algo
 * @param subjects the subjects
 * @return the byte [ ]
 * @throws CSRSigningException the csr signing exception
 */
public static byte[] sign(KeyPair keyPair, String csrAlgo, String subjects) throws CSRSigningException {
    try {
        PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(subjects), keyPair.getPublic());
        JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(csrAlgo);
        ContentSigner signer = csBuilder.build(keyPair.getPrivate());
        PKCS10CertificationRequest csr = p10Builder.build(signer);
        // NOTE: a work-around for https://github.com/kubernetes/kubernetes/pull/96747
        ByteArrayOutputStream bs = new ByteArrayOutputStream();
        PrintStream ps = new PrintStream(bs);
        byte[] CRLF = new byte[] { '\r', '\n' };
        ps.println("-----BEGIN CERTIFICATE REQUEST-----");
        ps.println(Base64.getMimeEncoder(64, CRLF).encodeToString(csr.getEncoded()));
        ps.println("-----END CERTIFICATE REQUEST-----");
        return bs.toByteArray();
    } catch (IOException | OperatorCreationException e) {
        throw new CSRSigningException(e);
    }
}