@@ -26,6 +26,7 @@ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2626import java .security .KeyPair ;
2727import java .security .KeyPairGenerator ;
2828import java .security .PrivateKey ;
29+ import java .security .PublicKey ;
2930import java .security .SecureRandom ;
3031import java .security .Security ;
3132import java .security .cert .X509Certificate ;
@@ -43,20 +44,26 @@ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
4344import org .apache .commons .io .FileUtils ;
4445import org .bouncycastle .asn1 .ASN1Sequence ;
4546import org .bouncycastle .asn1 .ASN1Set ;
47+ import org .bouncycastle .asn1 .ASN1Encodable ;
4648import org .bouncycastle .asn1 .ASN1ObjectIdentifier ;
4749import org .bouncycastle .asn1 .DERSequence ;
4850import org .bouncycastle .asn1 .cms .Attribute ;
51+ import org .bouncycastle .asn1 .pkcs .CertificationRequest ;
4952import org .bouncycastle .asn1 .pkcs .CertificationRequestInfo ;
5053import org .bouncycastle .asn1 .pkcs .PKCSObjectIdentifiers ;
5154import org .bouncycastle .asn1 .x509 .BasicConstraints ;
55+ import org .bouncycastle .asn1 .x509 .Extension ;
56+ import org .bouncycastle .asn1 .x509 .Extensions ;
5257import org .bouncycastle .asn1 .x509 .GeneralName ;
5358import org .bouncycastle .asn1 .x509 .GeneralNames ;
5459import org .bouncycastle .asn1 .x509 .KeyUsage ;
60+ import org .bouncycastle .asn1 .x509 .SubjectPublicKeyInfo ;
5561import org .bouncycastle .asn1 .x509 .X509Extension ;
5662import org .bouncycastle .asn1 .x509 .X509Extensions ;
5763import org .bouncycastle .crypto .prng .VMPCRandomGenerator ;
5864import org .bouncycastle .jce .PKCS10CertificationRequest ;
5965import org .bouncycastle .jce .X509Principal ;
66+ import org .bouncycastle .openssl .jcajce .JcaPEMKeyConverter ;
6067import org .bouncycastle .util .io .pem .PemObject ;
6168import org .bouncycastle .x509 .X509V3CertificateGenerator ;
6269import org .bouncycastle .x509 .extension .AuthorityKeyIdentifierStructure ;
@@ -120,11 +127,21 @@ public static long generatePositiveRandom()
120127
121128 public static X509Certificate createCertFromCSR (PemObject certReq , CertCreateFields signerCert ) throws Exception
122129 {
123- /*
124- certReq.verify();
125130
126- final CertificationRequestInfo reqInfo = certReq.getCertificationRequestInfo();
131+ byte [] csrBytes = certReq .getContent ();
132+
133+ CertificationRequest csrObj = CertificationRequest .getInstance (csrBytes );
134+
135+ // Parse the PKCS#10 structure
136+ CertificationRequestInfo csr = csrObj .getCertificationRequestInfo ();
137+
138+ // Extract SPKI
139+ SubjectPublicKeyInfo spki = csrObj .getCertificationRequestInfo ().getSubjectPublicKeyInfo ();
127140
141+ // Convert to java.security.PublicKey
142+ JcaPEMKeyConverter converter = new JcaPEMKeyConverter ().setProvider ("BC" );
143+ PublicKey publicKey = converter .getPublicKey (spki );
144+
128145 final X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator ();
129146 final Calendar start = Calendar .getInstance ();
130147 final Calendar end = Calendar .getInstance ();
@@ -134,58 +151,36 @@ public static X509Certificate createCertFromCSR(PemObject certReq, CertCreateFie
134151 v1CertGen .setIssuerDN (signerCert .getSignerCert ().getSubjectX500Principal ()); // issuer is the parent cert
135152 v1CertGen .setNotBefore (start .getTime ());
136153 v1CertGen .setNotAfter (end .getTime ());
137- v1CertGen.setSubjectDN(new X509Principal(reqInfo .getSubject().toString()));
138- v1CertGen.setPublicKey(certReq.getPublicKey() );
154+ v1CertGen .setSubjectDN (new X509Principal (csr .getSubject ().toString ()));
155+ v1CertGen .setPublicKey (publicKey );
139156 v1CertGen .setSignatureAlgorithm ("SHA256WithRSAEncryption" );
140157
141158
142- final ASN1Set attributesAsn1Set = reqInfo .getAttributes();
159+ ASN1Set attrs = csrObj . getCertificationRequestInfo () .getAttributes ();
143160
144- X509Extensions certificateRequestExtensions = null;
145- for (int i = 0; i < attributesAsn1Set.size(); ++i)
146- {
147- // There should be only only one attribute in the set. (that is, only
148- // the `Extension Request`, but loop through to find it properly)
149- final DEREncodable derEncodable = attributesAsn1Set.getObjectAt( i );
150-
151-
152- if (derEncodable instanceof DERSequence)
153- {
154- final Attribute attribute = new Attribute( (DERSequence) attributesAsn1Set
155- .getObjectAt( i ) );
156-
157- if (attribute.getAttrType().equals( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest ))
158- {
159- // The `Extension Request` attribute is present.
160- final ASN1Set attributeValues = attribute.getAttrValues();
161-
162- // The X509Extensions are contained as a value of the ASN.1 Set.
163- // Assume that it is the first value of the set.
164- if (attributeValues.size() >= 1)
165- {
166- certificateRequestExtensions = new X509Extensions( (ASN1Sequence) attributeValues
167- .getObjectAt( 0 ) );
168-
169- // No need to search any more.
170- //break;
171- }
172- }
173- }
174- }
161+
162+ Extensions requestedExtensions = null ;
163+
164+ for (ASN1Encodable attrObj : attrs ) {
165+ org .bouncycastle .asn1 .pkcs .Attribute attr =
166+ org .bouncycastle .asn1 .pkcs .Attribute .getInstance (attrObj );
175167
176- @SuppressWarnings("unchecked")
177- Enumeration<DERObjectIdentifier> oids = certificateRequestExtensions.oids();
178- while (oids.hasMoreElements())
179- {
180- DERObjectIdentifier oid = oids.nextElement();
181- X509Extension ex = certificateRequestExtensions.getExtension(oid);
182-
183- v1CertGen.addExtension(oid, ex.isCritical(), X509Extension.convertValueToObject(ex));
168+ if (PKCSObjectIdentifiers .pkcs_9_at_extensionRequest .equals (attr .getAttrType ())) {
169+ requestedExtensions = Extensions .getInstance (attr .getAttrValues ().getObjectAt (0 ));
170+ break ;
171+ }
184172 }
185173
174+
175+ if (requestedExtensions != null ) {
176+ for (ASN1ObjectIdentifier oid : requestedExtensions .getExtensionOIDs ()) {
177+ Extension ext = requestedExtensions .getExtension (oid );
178+ v1CertGen .addExtension (oid , ext .isCritical (), ext .getParsedValue ());
179+ }
180+ }
181+
186182 return v1CertGen .generate ((PrivateKey )signerCert .getSignerKey (), CryptoExtensions .getJCEProviderName ());
187- */
188- return null ;
183+
189184 }
190185
191186 private static CertCreateFields createNewCA (CertCreateFields fields , KeyPair keyPair , boolean addAltNames ) throws Exception
0 commit comments