|
|
@ -55,10 +55,28 @@ import org.bouncycastle.operator.OperatorCreationException;
|
|
|
|
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
|
|
|
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
|
|
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
|
|
|
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
|
|
|
|
import org.bouncycastle.util.Store;
|
|
|
|
import org.bouncycastle.util.Store;
|
|
|
|
import org.jscep.message.*;
|
|
|
|
import org.jscep.message.CertRep;
|
|
|
|
|
|
|
|
import org.jscep.message.MessageDecodingException;
|
|
|
|
|
|
|
|
import org.jscep.message.MessageEncodingException;
|
|
|
|
|
|
|
|
import org.jscep.message.PkcsPkiEnvelopeDecoder;
|
|
|
|
|
|
|
|
import org.jscep.message.PkcsPkiEnvelopeEncoder;
|
|
|
|
|
|
|
|
import org.jscep.message.PkiMessage;
|
|
|
|
|
|
|
|
import org.jscep.message.PkiMessageDecoder;
|
|
|
|
|
|
|
|
import org.jscep.message.PkiMessageEncoder;
|
|
|
|
import org.jscep.transaction.FailInfo;
|
|
|
|
import org.jscep.transaction.FailInfo;
|
|
|
|
import org.jscep.transaction.Nonce;
|
|
|
|
import org.jscep.transaction.Nonce;
|
|
|
|
import org.jscep.transaction.TransactionId;
|
|
|
|
import org.jscep.transaction.TransactionId;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dao.CertificateDAO;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOFactory;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dto.CAStatus;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.exception.TransactionManagementException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.util.CertificateManagementConstants;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
|
|
|
|
|
|
|
|
import org.wso2.carbon.certificate.mgt.core.util.Serializer;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
|
|
|
|
|
|
|
|
import javax.naming.InvalidNameException;
|
|
|
|
import javax.naming.InvalidNameException;
|
|
|
@ -70,12 +88,35 @@ import java.io.ByteArrayInputStream;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.math.BigInteger;
|
|
|
|
import java.math.BigInteger;
|
|
|
|
import java.security.*;
|
|
|
|
import java.security.InvalidKeyException;
|
|
|
|
|
|
|
|
import java.security.KeyFactory;
|
|
|
|
|
|
|
|
import java.security.KeyPair;
|
|
|
|
|
|
|
|
import java.security.KeyPairGenerator;
|
|
|
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
|
|
|
import java.security.NoSuchProviderException;
|
|
|
|
|
|
|
|
import java.security.PrivateKey;
|
|
|
|
|
|
|
|
import java.security.PublicKey;
|
|
|
|
|
|
|
|
import java.security.SecureRandom;
|
|
|
|
|
|
|
|
import java.security.Security;
|
|
|
|
|
|
|
|
import java.security.SignatureException;
|
|
|
|
import java.security.cert.Certificate;
|
|
|
|
import java.security.cert.Certificate;
|
|
|
|
import java.security.cert.*;
|
|
|
|
import java.security.cert.*;
|
|
|
|
import java.security.spec.InvalidKeySpecException;
|
|
|
|
import java.security.spec.InvalidKeySpecException;
|
|
|
|
import java.security.spec.X509EncodedKeySpec;
|
|
|
|
import java.security.spec.X509EncodedKeySpec;
|
|
|
|
import java.util.*;
|
|
|
|
import java.util.*;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateEncodingException;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateExpiredException;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateFactory;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateNotYetValidException;
|
|
|
|
|
|
|
|
import java.security.cert.X509Certificate;
|
|
|
|
|
|
|
|
import java.security.spec.InvalidKeySpecException;
|
|
|
|
|
|
|
|
import java.security.spec.X509EncodedKeySpec;
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
|
|
|
import java.util.Collection;
|
|
|
|
|
|
|
|
import java.util.Date;
|
|
|
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
>>>>>>> dfe957b019 (Add SCEP support):components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
|
|
|
|
import java.util.concurrent.TimeUnit;
|
|
|
|
import java.util.concurrent.TimeUnit;
|
|
|
|
|
|
|
|
|
|
|
|
public class CertificateGenerator {
|
|
|
|
public class CertificateGenerator {
|
|
|
@ -773,6 +814,7 @@ public class CertificateGenerator {
|
|
|
|
|
|
|
|
|
|
|
|
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
|
|
|
|
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<<<<<<< HEAD:components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
|
|
|
|
//Reversing the order of components of the subject DN due to Nginx not verifying the client certificate
|
|
|
|
//Reversing the order of components of the subject DN due to Nginx not verifying the client certificate
|
|
|
|
//generated by Java using this subject DN.
|
|
|
|
//generated by Java using this subject DN.
|
|
|
|
//Ref: https://stackoverflow.com/questions/33769978 & engineering mail SCEP implementation for Android
|
|
|
|
//Ref: https://stackoverflow.com/questions/33769978 & engineering mail SCEP implementation for Android
|
|
|
@ -783,6 +825,10 @@ public class CertificateGenerator {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
String subjectDn = joiner.toString();
|
|
|
|
String subjectDn = joiner.toString();
|
|
|
|
X500Name issuerName = new X500Name(subjectDn);
|
|
|
|
X500Name issuerName = new X500Name(subjectDn);
|
|
|
|
|
|
|
|
=======
|
|
|
|
|
|
|
|
X500Name issuerName = new X500Name(certCA.getSubjectDN().getName());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>>>>>>> dfe957b019 (Add SCEP support):components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
|
|
|
|
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
|
|
|
|
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
|
|
|
|
.getValue().toString();
|
|
|
|
.getValue().toString();
|
|
|
|
X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
|
|
|
|
X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
|
|
|
|