Examples of org.bouncycastle.jce.PKCS10CertificationRequest

• org.bouncycastle.jce.PKCS10CertificationRequest
  A class for verifying and creating PKCS10 Certification requests.

   CertificationRequest ::= SEQUENCE { certificationRequestInfo  CertificationRequestInfo, signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }}, signature                 BIT STRING } CertificationRequestInfo ::= SEQUENCE { version             INTEGER { v1(0) } (v1,...), subject             Name, subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes          [0] Attributes{{ CRIAttributes }} } Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { type    ATTRIBUTE.&id({IOSet}), values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) } 

        userdatas.get(0).setPassword("foo123");
        userdatas.get(0).setClearPwd(true);
        ejbcaraws.editUser(userdatas.get(0));

        KeyPair keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
        PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(),
                new DERSet(), keys.getPrivate());

        CertificateResponse certenv = ejbcaraws.pkcs10Request(CA1_WSTESTUSER1, "foo123", new String(Base64.encode(pkcs10.getEncoded())), null,
                CertificateHelper.RESPONSETYPE_CERTIFICATE);

        assertNotNull(certenv);
        assertTrue(certenv.getResponseType().equals(CertificateHelper.RESPONSETYPE_CERTIFICATE));
        X509Certificate cert = (X509Certificate) CertificateHelper.getCertificate(certenv.getData());

        assertNotNull(cert);
        assertTrue(cert.getSubjectDN().toString().equals(getDN(CA1_WSTESTUSER1)));

        ejbcaraws.editUser(userdatas.get(0));
        certenv = ejbcaraws
                .pkcs10Request(CA1_WSTESTUSER1, "foo123", new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_PKCS7);
        assertTrue(certenv.getResponseType().equals(CertificateHelper.RESPONSETYPE_PKCS7));
        CMSSignedData cmsSignedData = new CMSSignedData(CertificateHelper.getPKCS7(certenv.getData()));
        assertTrue(cmsSignedData != null);

        CertStore certStore = cmsSignedData.getCertificatesAndCRLs("Collection", "BC");

        user1.setCertificateProfileName("ENDUSER");
        user1.setCaName(getAdminCAName());
        ejbcaraws.editUser(user1);

        KeyPair keys = null;
        PKCS10CertificationRequest pkcs10 = null;
        ErrorCode errorCode = null;

        // ///// Check Error.LOGIN_ERROR ///////
        keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
        pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=WSTESTUSER30"), keys.getPublic(), new DERSet(), keys
                .getPrivate());

        try {
            ejbcaraws.pkcs10Request("WSTESTUSER30", "foo123", new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE);
        } catch (EjbcaException_Exception e) {
            errorCode = e.getFaultInfo().getErrorCode();
        }

        assertNotNull("error code should not be null", errorCode);
        assertEquals(errorCode.getInternalErrorCode(), org.ejbca.core.ErrorCode.LOGIN_ERROR.getInternalErrorCode());

        errorCode = null;

        // ///// Check Error.USER_WRONG_STATUS ///////
        user1.setStatus(UserDataConstants.STATUS_REVOKED);
        ejbcaraws.editUser(user1);

        keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
        pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=WSTESTUSER30"), keys.getPublic(), new DERSet(), keys
                .getPrivate());

        try {
            ejbcaraws
                    .pkcs10Request("WSTESTUSER30", "foo1234", new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_CERTIFICATE);
        } catch (EjbcaException_Exception e) {
            errorCode = e.getFaultInfo().getErrorCode();
        }

        assertNotNull("error code should not be null", errorCode);

        // Send certificate request for a server generated PKCS12
        setupUser(SecConst.TOKEN_SOFT_BROWSERGEN);

        // Create a PKCS10 request
        KeyPair rsakeys = KeyTools.genKeys("512", "RSA");
        PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo"), rsakeys.getPublic(), new DERSet(), rsakeys.getPrivate());
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dOut = new DEROutputStream(bOut);
        dOut.writeObject(req);
        dOut.close();
        String p10 = new String(Base64.encode(bOut.toByteArray()));

    final String password = "foo12345";

    // Create request
    final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);
    final byte[] requestData = new String("-----BEGIN CERTIFICATE REQUEST-----\n"
        + new String(Base64.encode(new PKCS10CertificationRequest("SHA1WithRSA",
                    CertTools.stringToBcX509Name("CN=oneshot-dummyname"), keys.getPublic(), null, keys.getPrivate()).getEncoded()))
        + "\n-----END CERTIFICATE REQUEST-----").getBytes();

    final CertificateRequestRequest request = new CertificateRequestRequest(
        requestId,

    KeyPair rsakeys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);
    BigInteger serno = SernoGenerator.instance().getSerno();
    log.debug("serno: " + serno);

    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
        CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo"), rsakeys.getPublic(), new DERSet(),
        rsakeys.getPrivate());

    PKCS10RequestMessage p10 = new PKCS10RequestMessage(req);
    p10.setUsername("foo");

    KeyPair rsakeys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);
    BigInteger serno = ((X509Certificate) certificateStoreSession.findCertificatesByUsername(admin, "foo").iterator().next()).getSerialNumber();
    log.debug("foo serno: " + serno);

    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
        CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo2"), rsakeys.getPublic(), new DERSet(),
        rsakeys.getPrivate());

    PKCS10RequestMessage p10 = new PKCS10RequestMessage(req);
    p10.setUsername("foo2");

    KeyPair rsakeys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);
    BigInteger serno = ((X509Certificate) certificateStoreSession.findCertificatesByUsername(admin, "foo").iterator().next()).getSerialNumber();
    log.debug("foo serno: " + serno);

    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
        CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo3"), rsakeys.getPublic(), new DERSet(),
        rsakeys.getPrivate());

    PKCS10RequestMessage p10 = new PKCS10RequestMessage(req);
    p10.setUsername("foo3");

    KeyPair rsakeys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA);
    BigInteger serno = SernoGenerator.instance().getSerno();
    log.debug("serno: " + serno);

    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
        CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo"), rsakeys.getPublic(), new DERSet(),
        rsakeys.getPrivate());

    PKCS10RequestMessage p10 = new PKCS10RequestMessage(req.getEncoded());
    p10.setUsername("foo");
    p10.setPassword("foo123");

    CertificateProfile fooCertProfile = certificateProfileSession.getCertificateProfile(admin, "FOOCERTPROFILE");
    fooCertProfile.setAllowCertSerialNumberOverride(false);

    private class Pkcs10RequestCommand extends BaseCommand implements Command {
        final private EjbcaWS ejbcaWS;
        final private PKCS10CertificationRequest pkcs10;
        Pkcs10RequestCommand(EjbcaWS _ejbcaWS, KeyPair keys, JobData _jobData) throws Exception {
            super(_jobData);
            this.pkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), new DERSet(), keys.getPrivate());
            this.ejbcaWS = _ejbcaWS;
        }

    log.trace("<test18DNSpaceTrimming()");
  }

  @SuppressWarnings("unchecked")
    public void test19getAltNameStringFromExtension() throws Exception {
    PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(
        p10ReqWithAltNames);
    CertificationRequestInfo info = p10.getCertificationRequestInfo();
    ASN1Set set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
    Enumeration<Object> en = set.getObjects();
    boolean found = false;
    while (en.hasMoreElements()) {
      ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
      DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
      if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        // The object at position 1 is a SET of x509extensions
        DERSet s = (DERSet) seq.getObjectAt(1);
        X509Extensions exts = X509Extensions.getInstance(s
            .getObjectAt(0));
        X509Extension ext = exts
            .getExtension(X509Extensions.SubjectAlternativeName);
        if (ext != null) {
          found = true;
          String altNames = CertTools
              .getAltNameStringFromExtension(ext);
          assertEquals(
              "dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237",
              altNames);
        }
      }
    }
    assertTrue(found);

    p10 = new PKCS10CertificationRequest(p10ReqWithAltNames2);
    info = p10.getCertificationRequestInfo();
    set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest

    en = set.getObjects();