Example 1 with ScepClient
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class ScepClientExample method main.
public static void main(String[] args) {
try {
X509Certificate caCert = ScepUtil.parseCert(ScepUtil.read(new FileInputStream(expandPath(CA_CERT_FILE))));
CaIdentifier tmpCaId = new CaIdentifier(CA_URL, null);
CaCertValidator caCertValidator = new PreprovisionedCaCertValidator(caCert);
ScepClient client = new ScepClient(tmpCaId, caCertValidator);
client.init();
// Self-Signed Identity Certificate
MyKeypair keypair = generateRsaKeypair();
CertificationRequest csr = genCsr(keypair, getSubject(), challengePassword);
// self-signed cert must use the same subject as in CSR
X500Name subjectDn = csr.getCertificationRequestInfo().getSubject();
X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(subjectDn, BigInteger.valueOf(1), new Date(), new Date(System.currentTimeMillis() + 24 * 3600 * 1000), subjectDn, keypair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keypair.getPrivate());
X509Certificate selfSignedCert = ScepUtil.parseCert(certGenerator.build(signer).getEncoded());
// Enroll certificate - RSA
EnrolmentResponse resp = (EnrolmentResponse) client.scepEnrol(csr, keypair.getPrivate(), selfSignedCert);
if (resp.isFailure()) {
throw new Exception("server returned 'failure'");
}
if (resp.isPending()) {
throw new Exception("server returned 'pending'");
}
X509Certificate cert = resp.getCertificates().get(0);
printCert("SCEP (RSA, Self-Signed Identity Cert)", cert);
// Use the CA signed identity certificate
X509Certificate identityCert = cert;
PrivateKey identityKey = keypair.getPrivate();
keypair = generateRsaKeypair();
csr = genCsr(keypair, getSubject(), challengePassword);
// Enroll certificate - RSA
resp = (EnrolmentResponse) client.scepEnrol(csr, identityKey, identityCert);
if (resp.isFailure()) {
throw new Exception("server returned 'failure'");
}
if (resp.isPending()) {
throw new Exception("server returned 'pending'");
}
cert = resp.getCertificates().get(0);
printCert("SCEP (RSA, CA issued identity Cert)", cert);
client.destroy();
} catch (Exception ex) {
ex.printStackTrace();
System.exit(-1);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
CaIdentifier(org.xipki.scep.client.CaIdentifier)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ScepClient(org.xipki.scep.client.ScepClient)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509Certificate(java.security.cert.X509Certificate)
FileInputStream(java.io.FileInputStream)
Date(java.util.Date)
CaCertValidator(org.xipki.scep.client.CaCertValidator)
PreprovisionedCaCertValidator(org.xipki.scep.client.PreprovisionedCaCertValidator)
PreprovisionedCaCertValidator(org.xipki.scep.client.PreprovisionedCaCertValidator)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
EnrolmentResponse(org.xipki.scep.client.EnrolmentResponse)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
Example 2 with ScepClient
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class EnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
ScepClient client = getScepClient();
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
EnrolmentResponse resp;
PrivateKey key0 = getIdentityKey();
X509Certificate cert0 = getIdentityCert();
if (StringUtil.isBlank(method)) {
resp = client.scepEnrol(csr, key0, cert0);
} else if ("pkcs".equalsIgnoreCase(method)) {
resp = client.scepPkcsReq(csr, key0, cert0);
} else if ("renewal".equalsIgnoreCase(method)) {
resp = client.scepRenewalReq(csr, key0, cert0);
} else if ("update".equalsIgnoreCase(method)) {
resp = client.scepUpdateReq(csr, key0, cert0);
} else {
throw new CmdFailure("invalid enroll method");
}
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
X509Certificate cert = resp.getCertificates().get(0);
saveVerbose("saved enrolled certificate to file", new File(outputFile), cert.getEncoded());
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ScepClient(org.xipki.scep.client.ScepClient)
EnrolmentResponse(org.xipki.scep.client.EnrolmentResponse)
File(java.io.File)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with ScepClient
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class ClientAction method getScepClient.
protected ScepClient getScepClient() throws CertificateException, IOException {
if (scepClient == null) {
X509Certificate caCert = X509Util.parseCert(caCertFile);
CaIdentifier tmpCaId = new CaIdentifier(url, caId);
CaCertValidator caCertValidator = new PreprovisionedCaCertValidator(caCert);
scepClient = new ScepClient(tmpCaId, caCertValidator);
}
return scepClient;
}
Also used :
CaCertValidator(org.xipki.scep.client.CaCertValidator)
PreprovisionedCaCertValidator(org.xipki.scep.client.PreprovisionedCaCertValidator)
PreprovisionedCaCertValidator(org.xipki.scep.client.PreprovisionedCaCertValidator)
CaIdentifier(org.xipki.scep.client.CaIdentifier)
ScepClient(org.xipki.scep.client.ScepClient)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with ScepClient
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class GetCaCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
CaIdentifier tmpCaId = new CaIdentifier(url, caId);
CaCertValidator caCertValidator = new CaCertValidator() {
@Override
public boolean isTrusted(X509Certificate cert) {
return true;
}
};
ScepClient client = new ScepClient(tmpCaId, caCertValidator);
client.init();
X509Certificate caCert = client.getCaCert();
if (caCert == null) {
throw new CmdFailure("received no CA certficate from server");
}
saveVerbose("saved certificate to file", new File(outFile), caCert.getEncoded());
return null;
}
Also used :
CaCertValidator(org.xipki.scep.client.CaCertValidator)
CmdFailure(org.xipki.console.karaf.CmdFailure)
CaIdentifier(org.xipki.scep.client.CaIdentifier)
ScepClient(org.xipki.scep.client.ScepClient)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 5 with ScepClient
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
Certificate cert = Certificate.getInstance(IoUtil.read(certFile));
ScepClient client = getScepClient();
X509CRL crl = client.scepGetCrl(getIdentityKey(), getIdentityCert(), cert.getIssuer(), cert.getSerialNumber().getPositiveValue());
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ScepClient(org.xipki.scep.client.ScepClient)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Aggregations
ScepClient (org.xipki.scep.client.ScepClient)8
X509Certificate (java.security.cert.X509Certificate)7
File (java.io.File)5
CmdFailure (org.xipki.console.karaf.CmdFailure)5
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
CaCertValidator (org.xipki.scep.client.CaCertValidator)4
CaIdentifier (org.xipki.scep.client.CaIdentifier)4
EnrolmentResponse (org.xipki.scep.client.EnrolmentResponse)4
PrivateKey (java.security.PrivateKey)3
PreprovisionedCaCertValidator (org.xipki.scep.client.PreprovisionedCaCertValidator)3
X509CRL (java.security.cert.X509CRL)2
Certificate (org.bouncycastle.asn1.x509.Certificate)2
FileInputStream (java.io.FileInputStream)1
BigInteger (java.math.BigInteger)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
Date (java.util.Date)1
List (java.util.List)1
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1
