Search in sources :

Example 1 with PKCS10CertificationRequestBuilder

use of org.spongycastle.pkcs.PKCS10CertificationRequestBuilder in project android by nextcloud.

the class CsrHelper method generateCSR.

/**
 * Create the certificate signing request (CSR) from private and public keys
 *
 * @param keyPair the KeyPair with private and public keys
 * @param userId userId of CSR owner
 * @return PKCS10CertificationRequest with the certificate signing request (CSR) data
 * @throws IOException thrown if key cannot be created
 * @throws OperatorCreationException thrown if contentSigner cannot be build
 */
private static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String userId) throws IOException, OperatorCreationException {
    String principal = "CN=" + userId;
    AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
    AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
    ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
    return csrBuilder.build(signer);
}
Also used : BcRSAContentSignerBuilder(org.spongycastle.operator.bc.BcRSAContentSignerBuilder) JcaPKCS10CertificationRequestBuilder(org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) AsymmetricKeyParameter(org.spongycastle.crypto.params.AsymmetricKeyParameter) ContentSigner(org.spongycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.spongycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) X500Name(org.spongycastle.asn1.x500.X500Name) DefaultDigestAlgorithmIdentifierFinder(org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder) BasicConstraints(org.spongycastle.asn1.x509.BasicConstraints) AlgorithmIdentifier(org.spongycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) ExtensionsGenerator(org.spongycastle.asn1.x509.ExtensionsGenerator)

Example 2 with PKCS10CertificationRequestBuilder

use of org.spongycastle.pkcs.PKCS10CertificationRequestBuilder in project android-mdm-agent by flyve-mdm.

the class AndroidCryptoProvider method generateRequest.

/**
 * Generate the certificated Key pair
 * @param callback
 */
public void generateRequest(GenerateCallback callback) {
    byte[] snBytes = new byte[8];
    new SecureRandom().nextBytes(snBytes);
    KeyPair keyPair = null;
    try {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(4096);
        keyPair = keyPairGenerator.generateKeyPair();
        if (keyPair == null) {
            callback.onGenerate(false);
            return;
        }
    } catch (Exception ex) {
        FlyveLog.wtf("KeyPairGenerator fail: %s", ex.getMessage());
        callback.onGenerate(false);
        return;
    }
    X500Principal subjectName = new X500Principal("CN=mydevice.stork-mdm.com");
    ContentSigner signGen;
    try {
        signGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
        if (signGen == null) {
            callback.onGenerate(false);
            return;
        }
    } catch (Exception ex) {
        FlyveLog.e("generateRequest", ex);
        callback.onGenerate(false);
        return;
    }
    PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subjectName, keyPair.getPublic());
    csr = builder.build(signGen);
    try {
        key = (RSAPrivateKey) keyPair.getPrivate();
    } catch (Exception ex) {
        FlyveLog.wtf("generateRequest", ex);
        callback.onGenerate(false);
        return;
    }
    // Save the resulting pair
    saveCsrKey();
    // true or false
    boolean bvar = loadCsr();
    callback.onGenerate(bvar);
}
Also used : KeyPair(java.security.KeyPair) JcaPKCS10CertificationRequestBuilder(org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.spongycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) X500Principal(javax.security.auth.x500.X500Principal) PKCS10CertificationRequestBuilder(org.spongycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException)

Aggregations

ContentSigner (org.spongycastle.operator.ContentSigner)2 PKCS10CertificationRequestBuilder (org.spongycastle.pkcs.PKCS10CertificationRequestBuilder)2 JcaPKCS10CertificationRequestBuilder (org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)2 IOException (java.io.IOException)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 SecureRandom (java.security.SecureRandom)1 X500Principal (javax.security.auth.x500.X500Principal)1 X500Name (org.spongycastle.asn1.x500.X500Name)1 AlgorithmIdentifier (org.spongycastle.asn1.x509.AlgorithmIdentifier)1 BasicConstraints (org.spongycastle.asn1.x509.BasicConstraints)1 ExtensionsGenerator (org.spongycastle.asn1.x509.ExtensionsGenerator)1 AsymmetricKeyParameter (org.spongycastle.crypto.params.AsymmetricKeyParameter)1 DefaultDigestAlgorithmIdentifierFinder (org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder)1 DefaultSignatureAlgorithmIdentifierFinder (org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)1 BcRSAContentSignerBuilder (org.spongycastle.operator.bc.BcRSAContentSignerBuilder)1 JcaContentSignerBuilder (org.spongycastle.operator.jcajce.JcaContentSignerBuilder)1