Examples with PKCS10 sun.security.pkcs10.PKCS10 used on opensource projects

Example 11 with PKCS10

use of sun.security.pkcs10.PKCS10 in project jdk8u_jdk by JetBrains.

the class UnstructuredName method main.

public static void main(String[] args) throws Exception {
    PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(csrStr));
    // If PKCS9Attribute did not accept the PrintableString ASN.1 tag,
    // this would fail with an IOException
    Object attr = req.getAttributes().getAttribute("1.2.840.113549.1.9.2");
    // Check that the attribute exists
    if (attr == null) {
        throw new Exception("Attribute should not be null.");
    }
    System.out.println("Test passed.");
}

Example 12 with PKCS10

use of sun.security.pkcs10.PKCS10 in project spring-cloud-digital-sign by SpringForAll.

the class PfxCertStoreUtils method generateCSR.

public String generateCSR(String alg, int size, String cn) {
    Security.addProvider(new BouncyCastleProvider());
    String strCSR = "";
    try {
        strCSR = "";
        String sigAlg = "SHA1WithRSA";
        if ((alg == null) || (alg.length() <= 0))
            sigAlg = "SHA1WithRSA";
        else
            sigAlg = alg;
        int algSize = 1024;
        if (size != 0)
            algSize = size;
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(algSize, new SecureRandom());
        this.kp = kpg.generateKeyPair();
        PublicKey publicKey = this.kp.getPublic();
        PrivateKey privateKey = this.kp.getPrivate();
        PKCS10 pkcs10 = new PKCS10(publicKey);
        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);
        String CN = "defaultUserName";
        if ((cn != null) && (cn.length() > 0))
            CN = cn;
        String DN = "CN=" + CN + ",C=CN";
        X500Name x500Name = new X500Name(DN);
        pkcs10.encodeAndSign(x500Name, signature);
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        PrintStream ps = new PrintStream(baos);
        pkcs10.print(ps);
        String strPEMCSR = baos.toString();
        strCSR = strPEMCSR.replaceAll("\r|\n", "");
        strCSR = strCSR.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", "");
        strCSR = strCSR.replaceAll("-----END NEW CERTIFICATE REQUEST-----", "");
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (SignatureException e) {
        e.printStackTrace();
        return null;
    }
    return strCSR;
}

Example 13 with PKCS10

use of sun.security.pkcs10.PKCS10 in project spring-cloud-digital-sign by SpringForAll.

the class KeyStoreAdapter method generateCSR.

public CSR generateCSR(String alias, String password) throws KeyStoreException {
    try {
        KeyPair keyPair = getKayPairFor(alias, password).orElseThrow(() -> new KeyStoreException("Cannot find key for alias  " + alias));
        ;
        // CSR container format
        PKCS10 pkcs10 = new PKCS10(keyPair.getPublic());
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(keyPair.getPrivate());
        pkcs10.encodeAndSign(getX500Name(this.keyStore.getCertificate(alias)), signature);
        return new CSR(pkcs10);
    } catch (NoSuchAlgorithmException | InvalidKeyException | CertificateException | IOException | SignatureException e) {
        LOGGER.log(Level.SEVERE, e.getMessage(), e);
        throw new KeyStoreException(e);
    }
}

Example 14 with PKCS10

use of sun.security.pkcs10.PKCS10 in project Bytecoder by mirkosertic.

the class Pair method doPrintCertReq.

private void doPrintCertReq(InputStream in, PrintStream out) throws Exception {
    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null)
            break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.with.weak"), req.getSubjectName(), pkey.getFormat(), withWeak(pkey), withWeak(req.getSigAlg()));
    for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions) attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal);
        }
    }
    if (debug) {
        // Just to see more, say, public key length...
        out.println(req);
    }
    checkWeak(rb.getString("the.certificate.request"), req);
}

Example 15 with PKCS10

use of sun.security.pkcs10.PKCS10 in project Bytecoder by mirkosertic.

the class Pair method doGenCert.

/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception {
    if (keyStore.containsAlias(alias) == false) {
        MessageFormat form = new MessageFormat(rb.getString("Alias.alias.does.not.exist"));
        Object[] source = { alias };
        throw new Exception(form.format(source));
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo) signerCertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name) signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME);
    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity * 1000L * 24L * 60L * 60L);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    PrivateKey privateKey = (PrivateKey) recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey);
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);
    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);
    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null)
            break;
        // if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        // } else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Pem.decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);
    checkWeak(rb.getString("the.certificate.request"), req);
    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT, dname == null ? req.getSubjectName() : new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions) attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca : keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate) ca;
            if (!KeyStoreUtil.isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
    checkWeak(rb.getString("the.issuer"), keyStore.getCertificateChain(alias));
    checkWeak(rb.getString("the.generated.certificate"), cert);
}