Example 6 with ExtensionsGenerator
use of org.spongycastle.asn1.x509.ExtensionsGenerator in project certmgr by hdecarne.
the class PKCS10CertificateRequest method generateCSR.
/**
* Generate a CSR object.
*
* @param dn The CSR's Distinguished Name (DN).
* @param key The CSR's key pair
* @param extensions The CRT's extension objects.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CSR object.
* @throws IOException if an error occurs during generation.
*/
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CSR generation ''{0}'' started...", dn);
// Initialize CSR builder
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
// Add custom extension objects
ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
for (X509ExtensionData extensionData : extensions) {
extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
}
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
PKCS10CertificateRequest csr;
try {
// Sign CSR
ContentSigner csrSigner;
csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
csr = fromPKCS10(csrBuilder.build(csrSigner));
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CSR generation ''{0}'' done", dn);
return csr;
}
Also used :
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Example 7 with ExtensionsGenerator
use of org.spongycastle.asn1.x509.ExtensionsGenerator in project vespa by vespa-engine.
the class Pkcs10CsrBuilder method build.
public Pkcs10Csr build() {
try {
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (basicConstraintsExtension != null) {
extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
return new Pkcs10Csr(requestBuilder.build(contentSigner));
} catch (OperatorCreationException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Also used :
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 8 with ExtensionsGenerator
use of org.spongycastle.asn1.x509.ExtensionsGenerator in project dcos-commons by mesosphere.
the class TLSArtifactsGenerator method generateCSR.
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator) throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Aggregations
ExtensionsGenerator (org.bouncycastle.asn1.x509.ExtensionsGenerator)7
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)4
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)4
JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)4
IOException (java.io.IOException)3
GeneralName (org.bouncycastle.asn1.x509.GeneralName)3
ContentSigner (org.bouncycastle.operator.ContentSigner)3
PKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)3
StringWriter (java.io.StringWriter)2
UncheckedIOException (java.io.UncheckedIOException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
X500Principal (javax.security.auth.x500.X500Principal)2
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)2
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
YAMLFactory (com.fasterxml.jackson.dataformat.yaml.YAMLFactory)1
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
Streams (com.google.common.collect.Streams)1
