PKCS10CertificationRequest certRequest = createPKCS10CertificationRequest(subject, "SHA1withRSA", keyPair); JcaPKCS10CertificationRequest jcaCertRequest = new JcaPKCS10CertificationRequest(certRequest.getEncoded()).setProvider("BC");
/** * create a PKCS10 certfication request using the named provider. */ public PKCS10CertificationRequest( String signatureAlgorithm, X500Principal subject, PublicKey key, ASN1Set attributes, PrivateKey signingKey, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); }
/** * construct a PKCS10 certification request from a DER encoded * byte stream. */ public PKCS10CertificationRequest( byte[] bytes) { super(toDERSequence(bytes)); }
sig = Signature.getInstance(getSignatureName(sigAlgId)); sig = Signature.getInstance(getSignatureName(sigAlgId), provider); setSignatureParameters(sig, sigAlgId.getParameters());
public byte[] generateCSR (X500Name subject, PublicKey publicKey, String signatureAlgorithm) throws Exception{ //Create the unsigned CSR CertificationRequestInfo info = new CertificationRequestInfo( x500name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()),new DERSet()); //The CSR bytes to be signed byte dataToSign[] = info.getEncoded(ASN1Encoding.DER); //Send the CSR to the card byte signedData[] = signOnJavaCard (dataToSign,signatureAlgorithm); //Build the signed CSR AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( new CertificationRequest(info, sigAlgId, new DERBitString(signedData))); byte signedCSR = csr.getEncoded(); //Verify signature validity ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(publicKey); boolean valid = csr.isSignatureValid(verifier); return signedCSR; }
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); InvalidKeyException, SignatureException this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
public X509Certificate x509ReqToX509(PKCS10CertificationRequest csr, int days, PrivateKey pKey) { Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.add(Calendar.DATE, days); Date notAfter = cal.getTime(); BigInteger serialNumber = generateCertSerialNumber(); // No implemented here X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(csr.getCertificationRequestInfo().getSubject()); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(notBefore); certGen.setNotAfter(notAfter); certGen.setPublicKey(csr.getPublicKey()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(pKey, "BC"); }
public PublicKey getPublicKey( String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException { SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId(); try { try { if (provider == null) { return KeyFactory.getInstance(keyAlg.getObjectId().getId()).generatePublic(xspec); } else { return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec); } } catch (NoSuchAlgorithmException e) { // // try an alternate // if (keyAlgorithms.get(keyAlg.getObjectId()) != null) { String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId());
/** * verify the request using the BC provider. */ public boolean verify() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { return verify(BouncyCastleProvider.PROVIDER_NAME); }
static String getSignatureName( AlgorithmIdentifier sigAlgId) { ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !DERNull.INSTANCE.equals(params)) { if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; } } return sigAlgId.getObjectId().getId(); }
sig = Signature.getInstance(getSignatureName(sigAlgId)); sig = Signature.getInstance(getSignatureName(sigAlgId), provider); setSignatureParameters(sig, sigAlgId.getParameters());
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); InvalidKeyException, SignatureException this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
public PublicKey getPublicKey( String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException { SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); try { X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getOctets()); AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); try { if (provider == null) { return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec); } else { return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec); } } catch (NoSuchAlgorithmException e) { // // try an alternate // if (keyAlgorithms.get(keyAlg.getAlgorithm()) != null) {
/** * verify the request using the BC provider. */ public boolean verify() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { return verify(BouncyCastleProvider.PROVIDER_NAME); }
static String getSignatureName( AlgorithmIdentifier sigAlgId) { ASN1Encodable params = sigAlgId.getParameters(); if (params != null && !DERNull.INSTANCE.equals(params)) { if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; } } return sigAlgId.getAlgorithm().getId(); }
//Generate KeyPair KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(KEY_SIZE, new SecureRandom()); KeyPair keyPair = keyGen.generateKeyPair(); //Generate CSR in PKCS#10 format encoded in DER PKCS10CertificationRequest csr = CsrHelper.generateCSR(keyPair, commonname); byte CSRder[] = csr.getEncoded();
/** * construct a PKCS10 certification request from a DER encoded * byte stream. */ public PKCS10CertificationRequest( byte[] bytes) { super(toDERSequence(bytes)); }
/** * create a PKCS10 certfication request using the named provider. */ public PKCS10CertificationRequest( String signatureAlgorithm, X500Principal subject, PublicKey key, ASN1Set attributes, PrivateKey signingKey, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); }
/** * return a DER encoded byte array representing this object */ public byte[] getEncoded() { try { return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException(e.toString()); } }
/** * return a DER encoded byte array representing this object */ public byte[] getEncoded() { try { return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException(e.toString()); } }