/
SendCertificateToCA.java
159 lines (138 loc) · 5.93 KB
/
SendCertificateToCA.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package com.tvd12.example.ssl;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public class SendCertificateToCA {
public static void main(String[] args) throws Exception {
KeyPair keyPair = loadKeyPair();
X509Certificate certificate = loadCertificate();
byte[] csrBytes = generateCSR(keyPair, certificate);
saveCSRToFile(csrBytes, "certificate_signing_request.csr");
String signedCertificate = submitCSRToCA(csrBytes, keyPair.getPrivate());
saveSignedCertificateToFile(signedCertificate, "signed_certificate.crt");
}
private static KeyPair loadKeyPair() throws Exception {
PrivateKey privateKey = loadPrivateKey("private_key.pem");
PublicKey publicKey = loadPublicKey("public_key.pem");
return new KeyPair(publicKey, privateKey);
}
private static PrivateKey loadPrivateKey(
String filePath
) throws Exception {
byte[] keyBytes = readKeyBytesFromFile(filePath);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
private static PublicKey loadPublicKey(
String filePath
) throws Exception {
byte[] keyBytes = readKeyBytesFromFile(filePath);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);
}
private static byte[] readKeyBytesFromFile(String filePath) throws IOException {
Path path = Paths.get(filePath);
return Files.readAllBytes(path);
}
private static X509Certificate loadCertificate() throws Exception {
try (InputStream inputStream = Files.newInputStream(Paths.get("certificate.crt"))) {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(inputStream);
}
}
private static byte[] generateCSR(
KeyPair keyPair,
X509Certificate certificate
) throws Exception {
X500Name subject = new X500Name(certificate.getSubjectX500Principal().getName());
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
subject,
certificate.getPublicKey()
);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequest csr = builder.build(signer);
return csr.getEncoded();
}
private static void saveCertificateToFile(
X509Certificate certificate,
String filePath
) throws Exception {
try (FileOutputStream fos = new FileOutputStream(filePath)) {
fos.write(certificate.getEncoded());
}
}
private static void saveCSRToFile(
byte[] csrBytes,
String filePath
) throws Exception {
try (FileOutputStream fos = new FileOutputStream(filePath)) {
fos.write(csrBytes);
}
}
private static String submitCSRToCA(
byte[] csrBytes,
PrivateKey privateKey
) throws Exception {
// Set up the connection to the CA
URL caUrl = new URL("https://ca.example.com/sign"); // Replace with the CA's URL
HttpURLConnection connection = (HttpURLConnection) caUrl.openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
// Set the appropriate headers
connection.setRequestProperty("Content-Type", "application/pkcs10");
connection.setRequestProperty("Content-Length", String.valueOf(csrBytes.length));
// Sign the CSR with the private key
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
signature.update(csrBytes);
byte[] signatureBytes = signature.sign();
// Encode the CSR and signature as Base64
String encodedCSR = Base64
.getEncoder()
.encodeToString(csrBytes);
String encodedSignature = Base64
.getEncoder()
.encodeToString(signatureBytes);
// Build the request body with the CSR and signature
String requestBody = "csr=" + encodedCSR + "&signature=" + encodedSignature;
// Send the request
try (OutputStream outputStream = connection.getOutputStream()) {
outputStream.write(requestBody.getBytes(StandardCharsets.UTF_8));
}
// Read the response from the CA
try (BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()))) {
StringBuilder responseBuilder = new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {
responseBuilder.append(line);
}
return responseBuilder.toString();
}
}
private static void saveSignedCertificateToFile(
String certificate,
String filePath
) throws Exception {
try (FileOutputStream fos = new FileOutputStream(filePath)) {
fos.write(certificate.getBytes(StandardCharsets.UTF_8));
}
}
}