Example 6 with JcaPKCS10CertificationRequestBuilder
use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project cloudbreak by hortonworks.
the class PkiUtil method generateCsr.
private static PKCS10CertificationRequest generateCsr(KeyPair identity, String publicAddress) throws Exception {
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(String.format("cn=%s", publicAddress)), identity.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(identity.getPrivate());
return p10Builder.build(signer);
}
Also used :
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
X500Principal(javax.security.auth.x500.X500Principal)
Example 7 with JcaPKCS10CertificationRequestBuilder
use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project Openfire by igniterealtime.
the class CertificateManager method createSigningRequest.
/**
* Creates and returns the content of a new singing request for the specified certificate. Signing
* requests are required by Certificate Authorities as part of their signing process. The signing request
* contains information about the certificate issuer, subject DN, subject alternative names and public key.
* Private keys are not included. After the Certificate Authority verified and signed the certificate a new
* certificate is going to be returned.
*
* @param cert the certificate to create a signing request.
* @param privKey the private key of the certificate.
* @return the content of a new singing request for the specified certificate.
* @throws OperatorCreationException if there was a problem creating the CSR
* @throws IOException if there was a problem creating the CSR
* @throws CertificateParsingException if there was a problem creating the CSR
*/
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException, CertificateParsingException {
JcaPKCS10CertificationRequestBuilder csrBuilder = new //
JcaPKCS10CertificationRequestBuilder(//
cert.getSubjectX500Principal(), //
cert.getPublicKey());
// Add SubjectAlternativeNames (SANs)
final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector();
final Collection<List<?>> certSans = cert.getSubjectAlternativeNames();
if (certSans != null) {
for (final List<?> certSan : certSans) {
final int nameType = (Integer) certSan.get(0);
// this is either a string, or a byte-array that represents the ASN.1 DER encoded form.
final Object value = certSan.get(1);
switch(nameType) {
case 0:
// OtherName: search for "id-on-xmppAddr" or 'sRVName' or 'userPrincipalName'
try (final ASN1InputStream decoder = new ASN1InputStream((byte[]) value)) {
// By specification, OtherName instances must always be an ASN.1 Sequence.
final ASN1Primitive object = decoder.readObject();
final ASN1Sequence otherNameSeq = (ASN1Sequence) object;
// By specification, an OtherName instance consists of:
// - the type-id (which is an Object Identifier), followed by:
// - a tagged value, of which the tag number is 0 (zero) and the value is defined by the type-id.
final ASN1ObjectIdentifier typeId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
final ASN1TaggedObject taggedValue = (ASN1TaggedObject) otherNameSeq.getObjectAt(1);
final int tagNo = taggedValue.getTagNo();
if (tagNo != 0) {
throw new IllegalArgumentException("subjectAltName 'otherName' sequence's second object is expected to be a tagged value of which the tag number is 0. The tag number that was detected: " + tagNo);
}
subjectAlternativeNames.add(new DERTaggedObject(false, GeneralName.otherName, new DERSequence(new ASN1Encodable[] { typeId, taggedValue })));
} catch (Exception e) {
Log.warn("Unable to parse certificate SAN 'otherName' value", e);
}
break;
case 2:
// DNS
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, (String) value));
break;
case 6:
// URI
subjectAlternativeNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, (String) value));
break;
default:
// Not applicable to XMPP, so silently ignore them
break;
}
}
}
final GeneralNames subjectAltNames = GeneralNames.getInstance(new DERSequence(subjectAlternativeNames));
final ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
StringWriter string = new StringWriter();
PemWriter pemWriter = new PemWriter(string);
PemObjectGenerator objGen = new MiscPEMGenerator(csr);
pemWriter.writeObject(objGen);
pemWriter.close();
return string.toString();
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
ContentSigner(org.bouncycastle.operator.ContentSigner)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertException(org.bouncycastle.cert.CertException)
CertificateParsingException(java.security.cert.CertificateParsingException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertificateException(java.security.cert.CertificateException)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
BigInteger(java.math.BigInteger)
JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 8 with JcaPKCS10CertificationRequestBuilder
use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project android by nextcloud.
the class CsrHelper method generateCSR.
/**
* Create the certificate signing request (CSR) from private and public keys
*
* @param keyPair the KeyPair with private and public keys
* @param userId userId of CSR owner
* @return PKCS10CertificationRequest with the certificate signing request (CSR) data
* @throws IOException thrown if key cannot be created
* @throws OperatorCreationException thrown if contentSigner cannot be build
*/
private static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String userId) throws IOException, OperatorCreationException {
String principal = "CN=" + userId;
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return csrBuilder.build(signer);
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Example 9 with JcaPKCS10CertificationRequestBuilder
use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project dcos-commons by mesosphere.
the class CertificateAuthorityClientTest method createCSR.
private byte[] createCSR() throws IOException, OperatorCreationException {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
X500Name name = new X500NameBuilder().addRDN(BCStyle.CN, "issuer").build();
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
GeneralNames subAtlNames = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.dNSName, "test.com"), new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR) });
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, subAtlNames);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return PEMUtils.toPEM(csrBuilder.build(signer));
}
Also used :
KeyPair(java.security.KeyPair)
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Example 10 with JcaPKCS10CertificationRequestBuilder
use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project Spark by igniterealtime.
the class IdentityController method createCSR.
/**
* Creates Certificate Signing Request.
*
* @throws IOException
* @throws OperatorCreationException
*/
public PKCS10CertificationRequest createCSR(KeyPair keyPair) throws IOException, OperatorCreationException {
X500Principal principal = new X500Principal(createX500NameString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
return csr;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Principal(javax.security.auth.x500.X500Principal)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
Aggregations
JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)18
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)17
ContentSigner (org.bouncycastle.operator.ContentSigner)13
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)11
PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)11
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)9
IOException (java.io.IOException)7
X500Principal (javax.security.auth.x500.X500Principal)7
ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)7
KeyPair (java.security.KeyPair)6
KeyPairGenerator (java.security.KeyPairGenerator)5
X500Name (org.bouncycastle.asn1.x500.X500Name)5
JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)5
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)4
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)4
WindowAdapter (java.awt.event.WindowAdapter)3
WindowEvent (java.awt.event.WindowEvent)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CryptoException (org.kse.crypto.CryptoException)3
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2
