public static X509Certificate generateSelfsignedCert(CertificationRequest csr, PrivateKey identityKey) throws CertificateException { requireNonNull("csr", csr); return generateSelfsignedCert(csr.getCertificationRequestInfo().getSubject(), csr.getCertificationRequestInfo().getSubjectPublicKeyInfo(), identityKey); }
public Certificate generateCert(CertificationRequest csr) throws Exception { if (!verifyPopo(csr)) { throw new Exception("CSR invalid"); } CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo(); return generateCert(reqInfo.getSubjectPublicKeyInfo(), reqInfo.getSubject()); }
public EnrolmentResponse scepCertPoll(PrivateKey identityKey, X509Certificate identityCert, CertificationRequest csr, X500Name issuer) throws ScepClientException { ScepUtil.requireNonNull("csr", csr); TransactionId tid; try { tid = TransactionId.sha1TransactionId( csr.getCertificationRequestInfo().getSubjectPublicKeyInfo()); } catch (InvalidKeySpecException ex) { throw new ScepClientException(ex.getMessage(), ex); } return scepCertPoll(identityKey, identityCert, tid, issuer, csr.getCertificationRequestInfo().getSubject()); }
public static CertificateRequest loadCertificateRequest(Reader reader) throws IOException { try (PEMReader pr = new PEMReader(reader)) { CertificationRequest req = (CertificationRequest) pr.readObject(); // get the CN String cn = (String) ((X509Name) req.getCertificationRequestInfo().getSubject()).getValues(new DERObjectIdentifier("2.5.4.3")).get(0); // build the key KeyFactory kf = KeyFactory.getInstance("RSA"); PublicKey key = kf.generatePublic(new RSAPublicKeySpec( ((ASN1Integer)((DERSequence) req.getCertificationRequestInfo().getSubjectPublicKeyInfo().getPublicKey()).getObjectAt(0)).getValue(), ((ASN1Integer)((DERSequence) req.getCertificationRequestInfo().getSubjectPublicKeyInfo().getPublicKey()).getObjectAt(1)).getValue() )); return new CertificateRequest(cn, key); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new IOException("Failed to parse certificate request", e); } }
private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Certificate identityCert) throws ScepClientException { TransactionId tid; try { tid = TransactionId.sha1TransactionId( csr.getCertificationRequestInfo().getSubjectPublicKeyInfo()); } catch (InvalidKeySpecException ex) { throw new ScepClientException(ex.getMessage(), ex); } PkiMessage pkiMessage = new PkiMessage(tid, messageType); pkiMessage.setMessageData(csr); ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert); ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest); CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes()); DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert); assertSameNonce(pkiMessage, response); return new EnrolmentResponse(response); }
X500Name requestedSubject = csr.getCertificationRequestInfo().getSubject(); ASN1Set attrs = csr.getCertificationRequestInfo().getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP"); } else { CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo(); Extensions extensions = CaUtil.getExtensions(certTemp);
ca.checkCsr(csr); CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
X500Name name = X500Name.getInstance( req.getSignatureCert().getSubjectX500Principal().getEncoded()); if (!name.equals(csr.getCertificationRequestInfo().getSubject())) { LOG.warn("tid={}: self-signed cert.subject != CSR.subject", tid); return buildPkiMessage(rep, PkiStatus.FAILURE, FailInfo.badRequest); String challengePwd = getChallengePassword(csr.getCertificationRequestInfo()); if (challengePwd == null || !control.getSecret().equals(challengePwd)) { LOG.warn("challengePassword is not trusted");
case UpdateReq: CertificationRequest csr = CertificationRequest.getInstance(req.getMessageData()); X500Name reqSubject = csr.getCertificationRequestInfo().getSubject(); if (LOG.isInfoEnabled()) { LOG.info("tid={}, subject={}", tid, X509Util.getRfc4519Name(reqSubject)); CertificationRequestInfo csrReqInfo = csr.getCertificationRequestInfo(); X509Certificate reqSignatureCert = req.getSignatureCert(); X500Principal reqSigCertSubject = reqSignatureCert.getSubjectX500Principal();
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo(); Extensions extensions = null; ASN1Set attrs = certTemp.getAttributes();