I am new to the security side of Java and stumbled across this library called BouncyCastle. But the examples that they provide and the ones out on the internet ask to use
return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
"CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate()
But when I use PKCS10CertificationRequest
, it looks like it is deprecated. So I started looking at another method where I use CertificationRequest
class. But I am really confused, the constructor does not take the same parameters instead it takes CertificationRequestInfo
class which I am not sure how to fill up.
CertificationRequest request = new CertificationRequest(...);
It would be awesome if someone could help me figure out how to make a CSR so that I can send it to the server for getting it signed.
With the recent versions of BouncyCastle it is recommended to create the CSR using the org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder
class.
You can use this code snipppet:
KeyPair pair = generateKeyPair(); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal("CN=Requested Test Certificate"), pair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(pair.getPrivate()); PKCS10CertificationRequest csr = p10Builder.build(signer);
It's really simmilar to Jcs's answer, it is just a little bit supplemented.
Dont forget to add:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
And the csr generate:
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(4096); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal("OU=Try, C=US## Heading ##"), keyPair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(keyPair.getPrivate()); PKCS10CertificationRequest csr = p10Builder.build(signer); JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter("cert/test.csr")); jcaPEMWriter.writeObject(csr); jcaPEMWriter.close();
I think a useful link
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With