Examples with JcaPKCS10CertificationRequestBuilder org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder used on opensource projects

Example 11 with JcaPKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project certmgr by hdecarne.

the class PKCS10CertificateRequest method generateCSR.

/**
 * Generate a CSR object.
 *
 * @param dn The CSR's Distinguished Name (DN).
 * @param key The CSR's key pair
 * @param extensions The CRT's extension objects.
 * @param signatureAlgorithm The signature algorithm to use.
 * @return The generated CSR object.
 * @throws IOException if an error occurs during generation.
 */
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CSR generation ''{0}'' started...", dn);
    // Initialize CSR builder
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
    // Add custom extension objects
    ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
    for (X509ExtensionData extensionData : extensions) {
        extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
    }
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
    PKCS10CertificateRequest csr;
    try {
        // Sign CSR
        ContentSigner csrSigner;
        csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
        csr = fromPKCS10(csrBuilder.build(csrSigner));
    } catch (OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CSR generation ''{0}'' done", dn);
    return csr;
}

Example 12 with JcaPKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project vespa by vespa-engine.

the class Pkcs10CsrBuilder method build.

public Pkcs10Csr build() {
    try {
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (basicConstraintsExtension != null) {
            extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
        return new Pkcs10Csr(requestBuilder.build(contentSigner));
    } catch (OperatorCreationException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}

Example 13 with JcaPKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project keystore-explorer by kaikramer.

the class DSignCsr method main.

// for quick testing
public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
    java.awt.EventQueue.invokeLater(new Runnable() {

        @Override
        public void run() {
            try {
                KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
                keyGen.initialize(1024);
                KeyPair keyPair = keyGen.genKeyPair();
                JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("cn=test"), keyPair.getPublic());
                PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(keyPair.getPrivate()));
                DSignCsr dialog = new DSignCsr(new javax.swing.JFrame(), csr, new File(System.getProperty("user.dir"), "test.csr"), keyPair.getPrivate(), KeyPairType.RSA, null, new BouncyCastleProvider());
                dialog.addWindowListener(new java.awt.event.WindowAdapter() {

                    @Override
                    public void windowClosing(java.awt.event.WindowEvent e) {
                        System.exit(0);
                    }
                });
                dialog.setVisible(true);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    });
}

Example 14 with JcaPKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project athenz by yahoo.

the class Crypto method generateX509CSR.

public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
    // Create Distinguished Name
    X500Principal subject = new X500Principal(x500Principal);
    // Create ContentSigner
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
    ContentSigner signer = csBuilder.build(privateKey);
    // Create the CSR
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
    // /CLOVER:OFF
    if (sanArray != null) {
        // /CLOVER:ON
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        GeneralNames subjectAltNames = new GeneralNames(sanArray);
        extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
        p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    // write to openssl PEM format
    PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
    StringWriter strWriter;
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
        pemWriter.writeObject(pemObject);
    }
    return strWriter.toString();
}

Example 15 with JcaPKCS10CertificationRequestBuilder

use of org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder in project java by kubernetes-client.

the class CSRUtils method sign.

/**
 * Sign CSR from the key-pair.
 *
 * @param keyPair the key pair
 * @param csrAlgo the csr algo
 * @param subjects the subjects
 * @return the byte [ ]
 * @throws CSRSigningException the csr signing exception
 */
public static byte[] sign(KeyPair keyPair, String csrAlgo, String subjects) throws CSRSigningException {
    try {
        PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(subjects), keyPair.getPublic());
        JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(csrAlgo);
        ContentSigner signer = csBuilder.build(keyPair.getPrivate());
        PKCS10CertificationRequest csr = p10Builder.build(signer);
        // NOTE: a work-around for https://github.com/kubernetes/kubernetes/pull/96747
        ByteArrayOutputStream bs = new ByteArrayOutputStream();
        PrintStream ps = new PrintStream(bs);
        byte[] CRLF = new byte[] { '\r', '\n' };
        ps.println("-----BEGIN CERTIFICATE REQUEST-----");
        ps.println(Base64.getMimeEncoder(64, CRLF).encodeToString(csr.getEncoded()));
        ps.println("-----END CERTIFICATE REQUEST-----");
        return bs.toByteArray();
    } catch (IOException | OperatorCreationException e) {
        throw new CSRSigningException(e);
    }
}