Examples with PKCS10 sun.security.pkcs10.PKCS10 used on opensource projects

Example 1 with PKCS10

use of sun.security.pkcs10.PKCS10 in project jdk8u_jdk by JetBrains.

the class CertAndKeyGen method getCertRequest.

/**
     * Returns a PKCS #10 certificate request.  The caller uses either
     * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
     * operations on the result, to get the request in an appropriate
     * transmission format.
     *
     * <P>PKCS #10 certificate requests are sent, along with some proof
     * of identity, to Certificate Authorities (CAs) which then issue
     * X.509 public key certificates.
     *
     * @param myname X.500 name of the subject
     * @exception InvalidKeyException on key handling errors.
     * @exception SignatureException on signature handling errors.
     */
public PKCS10 getCertRequest(X500Name myname) throws InvalidKeyException, SignatureException {
    PKCS10 req = new PKCS10(publicKey);
    try {
        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);
        req.encodeAndSign(myname, signature);
    } catch (CertificateException e) {
        throw new SignatureException(sigAlg + " CertificateException");
    } catch (IOException e) {
        throw new SignatureException(sigAlg + " IOException");
    } catch (NoSuchAlgorithmException e) {
        // "can't happen"
        throw new SignatureException(sigAlg + " unavailable?");
    }
    return req;
}

Example 2 with PKCS10

use of sun.security.pkcs10.PKCS10 in project jdk8u_jdk by JetBrains.

the class Pair method doGenCert.

/**
     * Generate a certificate: Read PKCS10 request from in, and print
     * certificate to out. Use alias as CA, sigAlgName as the signature
     * type.
     */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception {
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo) signerCertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name) signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME);
    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity * 1000L * 24L * 60L * 60L);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    PrivateKey privateKey = (PrivateKey) recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);
    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);
    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null)
            break;
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Pem.decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);
    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT, dname == null ? req.getSubjectName() : new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions) attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca : keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate) ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}

Example 3 with PKCS10

use of sun.security.pkcs10.PKCS10 in project Bytecoder by mirkosertic.

the class CertAndKeyGen method getCertRequest.

/**
 * Returns a PKCS #10 certificate request.  The caller uses either
 * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
 * operations on the result, to get the request in an appropriate
 * transmission format.
 *
 * <P>PKCS #10 certificate requests are sent, along with some proof
 * of identity, to Certificate Authorities (CAs) which then issue
 * X.509 public key certificates.
 *
 * @param myname X.500 name of the subject
 * @exception InvalidKeyException on key handling errors.
 * @exception SignatureException on signature handling errors.
 */
public PKCS10 getCertRequest(X500Name myname) throws InvalidKeyException, SignatureException {
    PKCS10 req = new PKCS10(publicKey);
    try {
        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);
        req.encodeAndSign(myname, signature);
    } catch (CertificateException e) {
        throw new SignatureException(sigAlg + " CertificateException");
    } catch (IOException e) {
        throw new SignatureException(sigAlg + " IOException");
    } catch (NoSuchAlgorithmException e) {
        // "can't happen"
        throw new SignatureException(sigAlg + " unavailable?");
    }
    return req;
}

Example 4 with PKCS10

use of sun.security.pkcs10.PKCS10 in project jdk8u_jdk by JetBrains.

the class Pair method doPrintCertReq.

private void doPrintCertReq(InputStream in, PrintStream out) throws Exception {
    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null)
            break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions) attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal);
        }
    }
    if (debug) {
        // Just to see more, say, public key length...
        out.println(req);
    }
}

Example 5 with PKCS10

use of sun.security.pkcs10.PKCS10 in project jdk8u_jdk by JetBrains.

the class Pair method doCertReq.

/**
     * Creates a PKCS#10 cert signing request, corresponding to the
     * keys (and name) associated with a given alias.
     */
private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception {
    if (alias == null) {
        alias = keyAlias;
    }
    Pair<Key, char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey) objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }
    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat(rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = { alias };
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null ? new X500Name(((X509Certificate) cert).getSubjectDN().toString()) : new X500Name(dname);
    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}