com.safelayer.rap.crypto.CertificationRequestInfoBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pki-connector-restapi Show documentation
Show all versions of pki-connector-restapi Show documentation
The PKI Connector RESTAPI is a library that helps developing new PKI Connectors for TrustedX
The newest version!
package com.safelayer.rap.crypto;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.jce.X509KeyUsage;
import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.PublicKey;
import java.util.*;
public class CertificationRequestInfoBuilder {
private PublicKey publicKey;
private String subject;
private boolean isDigitalSignature;
private boolean isContentCommitment;
private boolean leaveOffEmpty;
public CertificationRequestInfoBuilder setPublicKey(PublicKey publicKey) {
this.publicKey = publicKey;
return this;
}
public CertificationRequestInfoBuilder setSubject(String subject) {
this.subject = subject;
return this;
}
public CertificationRequestInfoBuilder isDigitalSignature(boolean ds) {
this.isDigitalSignature = ds;
return this;
}
public CertificationRequestInfoBuilder isContentCommitment(boolean cc) {
this.isContentCommitment = cc;
return this;
}
public CertificationRequestInfoBuilder setLeaveOffEmpty(boolean value) {
this.leaveOffEmpty = value;
return this;
}
public byte[] build() throws Exception {
SubjectPublicKeyInfo publicKeyInfo = createSubjectPublicKeyInfo(publicKey);
X500Name x500Subject = getSubject(subject);
CertificationRequestInfo info;
List attributes = getCsrAttributes();
if (attributes == null || attributes.isEmpty()) {
if (leaveOffEmpty) {
info = new CertificationRequestInfo(x500Subject, publicKeyInfo, null);
}
else {
info = new CertificationRequestInfo(x500Subject, publicKeyInfo, new DERSet());
}
}
else {
ASN1EncodableVector v = new ASN1EncodableVector();
for (Iterator iterator = attributes.iterator(); iterator.hasNext();) {
v.add(Attribute.getInstance(iterator.next()));
}
info = new CertificationRequestInfo(x500Subject, publicKeyInfo, new DERSet(v));
}
return info.getEncoded(ASN1Encoding.DER);
}
public CertificationRequest build(byte[] certificateRequestInfo, byte[] popSignature, String popSignatureAlgorithm) throws Exception {
CertificationRequestInfo csrInfo = CertificationRequestInfo.getInstance(ASN1Sequence.getInstance(certificateRequestInfo));
DERBitString signature = new DERBitString(popSignature);
AlgorithmIdentifier algorithmIdentifier = CryptoUtils.getBCAlgorithm(popSignatureAlgorithm);
return new CertificationRequest(csrInfo, algorithmIdentifier, signature);
}
protected X500Name getSubject(String subjectString) throws Exception {
return new X500Name(subjectString);
}
private List getCsrAttributes() throws Exception {
KeyUsage keyUsage = getX509KeyUsage();
if (keyUsage == null)
return null;
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.keyUsage, true, keyUsage);
Extensions extensions = extGen.generate();
List attributes = new ArrayList();
for (ASN1ObjectIdentifier asn1ObjectIdentifier : extensions.getExtensionOIDs()) {
ASN1Set derSet = new DERSet(extensions.getExtension(asn1ObjectIdentifier).getExtnValue());
attributes.add(new Attribute(asn1ObjectIdentifier, derSet));
}
return attributes;
}
private KeyUsage getX509KeyUsage() {
Set keyUsages = getKeyUsages();
int intKeyUsage = 0;
for (Integer keyUsage : keyUsages) {
intKeyUsage = intKeyUsage | keyUsage.intValue();
}
return new KeyUsage(intKeyUsage);
}
private Set getKeyUsages() {
Set retList = new HashSet();
if (isDigitalSignature) {
retList.add(X509KeyUsage.digitalSignature);
}
if (isContentCommitment) {
retList.add(X509KeyUsage.nonRepudiation);
}
return retList;
}
private SubjectPublicKeyInfo createSubjectPublicKeyInfo(Key key) throws Exception {
ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
try {
ASN1Sequence seq = (ASN1Sequence) is.readObject();
return SubjectPublicKeyInfo.getInstance(seq);
}
finally {
is.close();
}
}
}