github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Add an utility method to read CSR PEM files

pull/17/merge
Richard Körber 2016-03-06 16:54:04 +01:00
parent 7213eede8c
commit ec8ea0bd87
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
View File

@ -16,6 +16,7 @@ package org.shredzone.acme4j.util;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream; import java.io.OutputStream;
import java.io.OutputStreamWriter; import java.io.OutputStreamWriter;
import java.io.Writer; import java.io.Writer;
@ -31,9 +32,11 @@ import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.shredzone.acme4j.challenge.TlsSni01Challenge; import org.shredzone.acme4j.challenge.TlsSni01Challenge;
/** /**
@ -91,6 +94,23 @@ public final class CertificateUtils {
} }
} }
/**
* Reads a CSR PEM file.
*
* @param in
* {@link InputStream} to read the CSR from.
* @return CSR that was read
*/
public static PKCS10CertificationRequest readCSR(InputStream in) throws IOException {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(in))) {
Object parsedObj = pemParser.readObject();
if (!(parsedObj instanceof PKCS10CertificationRequest)) {
throw new IOException("Not a PKCS10 CSR");
}
return (PKCS10CertificationRequest) parsedObj;
}
}
/** /**
* Creates a self-signed {@link X509Certificate} that can be used for * Creates a self-signed {@link X509Certificate} that can be used for
* {@link TlsSni01Challenge}. The certificate is valid for 7 days. * {@link TlsSni01Challenge}. The certificate is valid for 7 days.

25
acme4j-utils/src/test/java/org/shredzone/acme4j/util/CertificateUtilsTest.java
View File

@ -31,6 +31,7 @@ import java.util.List;
import java.util.Set; import java.util.Set;
import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -107,6 +108,30 @@ public class CertificateUtilsTest {
assertThat(getSANs(cert), containsInAnyOrder(subject)); assertThat(getSANs(cert), containsInAnyOrder(subject));
} }
/**
* Test if {@link CertificateUtils#readCSR(InputStream)} reads an identical CSR.
*/
@Test
public void testReadCSR() throws IOException {
KeyPair keypair = KeyPairUtils.createKeyPair(2048);
CSRBuilder builder = new CSRBuilder();
builder.addDomains("example.com", "example.org");
builder.sign(keypair);
PKCS10CertificationRequest original = builder.getCSR();
byte[] pemFile;
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
builder.write(baos);
pemFile = baos.toByteArray();
}
try (ByteArrayInputStream bais = new ByteArrayInputStream(pemFile)) {
PKCS10CertificationRequest read = CertificateUtils.readCSR(bais);
assertThat(original.getEncoded(), is(equalTo(read.getEncoded())));
}
}
/** /**
* Extracts all DNSName SANs from a certificate. * Extracts all DNSName SANs from a certificate.
* *