Java tutorial
/* * $Id: CertificateRequest.java,v 1.2 2006/10/24 08:54:01 vtschopp Exp $ * * Created on May 3, 2006 by tschopp * * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.slcs.pki; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.io.Reader; import java.security.GeneralSecurityException; import java.security.Principal; import java.util.ArrayList; import java.util.Enumeration; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import org.glite.slcs.pki.bouncycastle.PKCS10; import org.glite.slcs.util.Utils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; /** * CertificateRequest is a wrapper class for a PKCS10 object and the methods to * read and store as PEM format. * * @author Valery Tschopp <tschopp@switch.ch> * @version $Revision: 1.2 $ */ public class CertificateRequest { /** Logging */ private static Log LOG = LogFactory.getLog(CertificateRequest.class); /** Default unix file permission for the certificate request file */ private static final int CSR_FILE_PERMISSION = 640; /** * BouncyCastle PKCS10 wrapper */ private PKCS10 pkcs10_ = null; /** * Creates a certificate request for the given keys and principal (DN). * * @param keys * The CertificateKeys * @param principal * The certificate request principal (DN). * @throws GeneralSecurityException * If an error occurs while creating the object. */ public CertificateRequest(CertificateKeys keys, Principal principal) throws GeneralSecurityException { this(keys, principal.getName()); } /** * Creates a certificate request for the given keys and subject (DN). * * @param keys * The CertificateKeys * @param subject * The certificate request subject (DN). * @throws GeneralSecurityException * If an error occurs while creating the object. */ public CertificateRequest(CertificateKeys keys, String subject) throws GeneralSecurityException { this(keys, subject, null); } /** * Creates a certificate request for the given keys, subject and extensions. * * @param keys * The CertificateKeys * @param subject * The certificate request subject (DN). * @param extensions * An List of certificate extensions. * @throws GeneralSecurityException * If an error occurs while creating the object. * @see org.glite.slcs.pki.CertificateExtension */ public CertificateRequest(CertificateKeys keys, String subject, List certificateExtensions) throws GeneralSecurityException { X509Extensions x509extensions = null; if (certificateExtensions != null && !certificateExtensions.isEmpty()) { Hashtable extensionsMap = new Hashtable(); Iterator extensions = certificateExtensions.iterator(); while (extensions.hasNext()) { CertificateExtension extension = (CertificateExtension) extensions.next(); extensionsMap.put(extension.getOID(), extension.getExtension()); } x509extensions = new X509Extensions(extensionsMap); } this.pkcs10_ = new PKCS10(subject, keys.getPublic(), keys.getPrivate(), x509extensions); } /** * Creates a certificate request with the given PKCS10 object. * * @param pkcs10 * The PKCS10 object. */ public CertificateRequest(PKCS10 pkcs10) { this.pkcs10_ = pkcs10; } /** * Returns a List of certificate extensions contained in the certificate * request. * * @return The List of CertificateExtension */ public List getCertificateExtensions() { List certificateExtensions = new ArrayList(); X509Extensions x509Extensions = pkcs10_.getX509Extensions(); if (x509Extensions != null) { Enumeration oids = x509Extensions.oids(); while (oids.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) oids.nextElement(); X509Extension x509Extension = x509Extensions.getExtension(oid); boolean critical = x509Extension.isCritical(); CertificateExtension extension = new CertificateExtension(oid, x509Extension, critical); certificateExtensions.add(extension); } } return certificateExtensions; } /** * @return the certificate request principal (subject) */ public Principal getPrincipal() { return this.pkcs10_.getPrincipal(); } /** * @return The PKCS#10 PEM encoded string. */ public String getPEMEncoded() { return pkcs10_.getPEMEncoded(); } /** * @return PKCS#10 DER encoded byte array */ public byte[] getDEREncoded() { return pkcs10_.getDEREncoded(); } /** * * @param filename * @throws IOException */ public void storePEM(String filename) throws IOException { File file = new File(filename); storePEM(file); } /** * * @param file * @throws IOException */ public void storePEM(File file) throws IOException { boolean permOk = Utils.setFilePermissions(file, CSR_FILE_PERMISSION); if (!permOk) { LOG.warn("Failed to set permission: " + CSR_FILE_PERMISSION + " for file: " + file); } pkcs10_.storePEMEncoded(file); } /** * * @param file * @return * @throws IOException * @throws GeneralSecurityException */ static public CertificateRequest loadPEM(File file) throws IOException, GeneralSecurityException { FileReader reader = new FileReader(file); CertificateRequest csr = readPEM(reader); try { reader.close(); } catch (IOException e) { LOG.warn(e); } return csr; } /** * * @param reader * @return * @throws IOException * @throws GeneralSecurityException */ static public CertificateRequest readPEM(Reader reader) throws IOException, GeneralSecurityException { PKCS10 pkcs10 = PKCS10.readPEMEncoded(reader); CertificateRequest csr = new CertificateRequest(pkcs10); return csr; } }