From 400dc9b8727524430c83160aaa5ca24d29ab803d Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Tue, 19 Jan 2010 03:20:06 +0000
Subject: [PATCH] sun.security.x509.X500Signer not found when using JDK7. Issue 4483.
---
opends/src/server/org/opends/server/util/Platform.java | 502 +++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 410 insertions(+), 92 deletions(-)
diff --git a/opends/src/server/org/opends/server/util/Platform.java b/opends/src/server/org/opends/server/util/Platform.java
index 4e8f21a..d57a678 100644
--- a/opends/src/server/org/opends/server/util/Platform.java
+++ b/opends/src/server/org/opends/server/util/Platform.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Copyright 2009 Sun Microsystems, Inc.
+ * Copyright 2010 Sun Microsystems, Inc.
*/
package org.opends.server.util;
@@ -46,6 +46,7 @@
import org.opends.messages.Message;
import static org.opends.messages.UtilityMessages.*;
+
/**
* Provides a wrapper class that collects all of the JVM vendor
* and JDK version specific code in a single place.
@@ -80,7 +81,7 @@
}
else
{
- IMPL = new DefaultPlatformIMPL();
+ IMPL = new JDK6PlatformIMPL();
}
}
else
@@ -91,6 +92,10 @@
{
IMPL = new Sun5PlatformIMPL();
}
+ else if(ver.startsWith("1.6"))
+ {
+ IMPL = new JDK6PlatformIMPL();
+ }
else
{
IMPL = new DefaultPlatformIMPL();
@@ -106,42 +111,39 @@
//Key size, key algorithm and signature algorithms used.
private static final int KEY_SIZE = 1024;
private static final String KEY_ALGORITHM = "rsa";
- private static final String SIG_ALGORITHM = "SHA1WithRSA";
+ static final String SIG_ALGORITHM = "SHA1WithRSA";
//Time values used in validity calculations.
private static final int SEC_IN_DAY = 24 * 60 * 60;
- private static final int DEFAULT_VALIDITY = 90 * SEC_IN_DAY;
+ static final int DEFAULT_VALIDITY = 90 * SEC_IN_DAY;
//These two are used to build certificate request files.
- private static final String TMPFILE_PREFIX = "CertificateManager-";
- private static final String TMPFILE_EXT = ".csr";
+ static final String TMPFILE_PREFIX = "CertificateManager-";
+ static final String TMPFILE_EXT = ".csr";
//Methods pulled from the classes.
- private static final String ENCODE_SIGN_METHOD = "encodeAndSign";
+ static final String ENCODE_SIGN_METHOD = "encodeAndSign";
private static final String GENERATE_METHOD = "generate";
private static final String GET_PRIVATE_KEY_METHOD = "getPrivateKey";
private static final String GET_SELFSIGNED_CERT_METHOD =
"getSelfCertificate";
- private static final String PRINT_METHOD = "print";
+ static final String PRINT_METHOD = "print";
//Classes needed to manage certificates.
- private static Class<?> certKeyGenClass, X500NameClass,
- X500SignerClass, PKCS10Class;
+ static Class<?> certKeyGenClass, X500NameClass;
+ static Class<?> PKCS10Class;
//Constructors for each of the above classes.
- private static Constructor<?> certKeyGenCons, X500NameCons,
- X500SignerCons, pkcs10Cons;
+ static Constructor<?> certKeyGenCons, X500NameCons, pkcs10Cons;
static {
String x509pkg = pkgPrefix + ".x509";
String pkcs10Pkg = pkgPrefix + ".pkcs";
String certAndKeyGen= x509pkg + ".CertAndKeyGen";
String X500Name = x509pkg + ".X500Name";
- String X500Signer = x509pkg + ".X500Signer";
try {
certKeyGenClass = Class.forName(certAndKeyGen);
X500NameClass = Class.forName(X500Name);
- X500SignerClass = Class.forName(X500Signer);
if(certReqAllowed) {
String pkcs10 = pkcs10Pkg + ".PKCS10";
PKCS10Class = Class.forName(pkcs10);
@@ -150,8 +152,6 @@
certKeyGenCons =
certKeyGenClass.getConstructor(String.class, String.class);
X500NameCons = X500NameClass.getConstructor(String.class);
- X500SignerCons =
- X500SignerClass.getConstructor(Signature.class, X500NameClass);
} catch (ClassNotFoundException e) {
Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
throw new ExceptionInInitializerError(msg.toString());
@@ -166,73 +166,10 @@
protected PlatformIMPL() {}
- /**
- * Generate a certificate request. Note that this methods checks if
- * the certificate request generation is allowed and throws an
- * exception if it isn't supported. Some vendors JDKs aren't compatible
- * with Sun's certificate request generation classes so they aren't
- * supported.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- *
- * @return A file object pointing at the created certificate request.
- * @throws KeyStoreException If the certificate request failed.
- */
- public final File
- generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
- String alias, char[] pwd, String dn) throws KeyStoreException {
- if(!certReqAllowed) {
- String vendor = System.getProperty("java.vendor");
- Message msg =
- ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
- throw new KeyStoreException(msg.toString());
- }
- KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
- alias, pwd, dn, DEFAULT_VALIDITY);
- File csrFile;
- try {
- csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
- csrFile.deleteOnExit();
- PrintStream printStream =
- new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
- if(keyStore == null) {
- Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
- throw new KeyStoreException(msg.toString());
- }
- PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
- if(privateKey == null) {
- Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Certificate cert = keyStore.getCertificate(alias);
- if(cert == null) {
- Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Signature signature = Signature.getInstance(SIG_ALGORITHM);
- signature.initSign(privateKey);
- Object request = pkcs10Cons.newInstance(cert.getPublicKey());
- Object subject = X500NameCons.newInstance(dn);
- Object signer =
- X500SignerCons.newInstance(signature, subject);
- Method encodeAndSign =
- PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
- Method print =
- PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
- encodeAndSign.invoke(request, signer);
- print.invoke(request, printStream);
- printStream.close();
- } catch (Exception e) {
- Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return csrFile;
- }
+ public abstract File generateCertificateRequest(KeyStore ks,
+ String ksType, String ksPath, String alias,
+ char[] pwd, String dn) throws KeyStoreException;
+
/**
* Delete the specified alias from the specified keystore.
@@ -421,7 +358,7 @@
* @throws KeyStoreException If the alias is not in the keystore, the
* entry related to the alias is not of
*/
- private PrivateKey getPrivateKey(KeyStore ks, String alias, char[] pwd)
+ PrivateKey getPrivateKey(KeyStore ks, String alias, char[] pwd)
throws KeyStoreException {
PrivateKey key = null;
try {
@@ -549,22 +486,40 @@
//Normalized form method.
private static final Object FORM_NFKC;
+ private static Class<?> X500SignerClass;
+ private static Constructor<?> X500SignerCons;
+
static {
Method normalize = null;
Object formNFKC = null;
+ String x509pkg = pkgPrefix + ".x509";
+ String X500Signer = x509pkg + ".X500Signer";
try {
Class<?> normalizer = Class.forName("sun.text.Normalizer");
formNFKC = normalizer.getField("DECOMP_COMPAT").get(null);
Class<?> normalizerForm = Class.forName("sun.text.Normalizer$Mode");
normalize = normalizer.getMethod("normalize", String.class,
normalizerForm, Integer.TYPE);
+ X500SignerClass = Class.forName(X500Signer);
+ X500SignerCons = X500SignerClass.getConstructor(Signature.class,
+ X500NameClass);
+ }
+ catch (ClassNotFoundException e) {
+ Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (SecurityException e) {
+ Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (NoSuchMethodException e) {
+ Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
}
catch (Exception ex) {
- // Do not use Normalizer. The values are already set to null.
+ // Do not use Normalizer. The values are already set to null.
}
- NORMALIZE = normalize;
- FORM_NFKC = formNFKC;
- }
+ NORMALIZE = normalize;
+ FORM_NFKC = formNFKC;
+ }
@Override
@@ -578,6 +533,76 @@
//Don't do anything. buffer should be used.
}
}
+
+ /**
+ * Generate a certificate request. Note that this methods checks if
+ * the certificate request generation is allowed and throws an
+ * exception if it isn't supported. Some vendors JDKs aren't compatible
+ * with Sun's certificate request generation classes so they aren't
+ * supported. Note this method uses the X500Signer class which has been
+ * deprecated in JDK 1.7.
+ *
+ * @param ks The keystore to use in the request creation.
+ * @param ksType The keystore type.
+ * @param ksPath The path to the keystore.
+ * @param alias The alias to use in the request generation.
+ * @param pwd The keystore password to use.
+ * @param dn A dn string to use as the certificate subject.
+ *
+ * @return A file object pointing at the created certificate request.
+ * @throws KeyStoreException If the certificate request failed.
+ */
+ public File
+ generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
+ String alias, char[] pwd, String dn) throws KeyStoreException {
+ if(!certReqAllowed) {
+ String vendor = System.getProperty("java.vendor");
+ Message msg =
+ ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
+ throw new KeyStoreException(msg.toString());
+ }
+ KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
+ alias, pwd, dn, DEFAULT_VALIDITY);
+ File csrFile;
+ try {
+ csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
+ csrFile.deleteOnExit();
+ PrintStream printStream =
+ new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
+ if(keyStore == null) {
+ Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
+ throw new KeyStoreException(msg.toString());
+ }
+ PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
+ if(privateKey == null) {
+ Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Certificate cert = keyStore.getCertificate(alias);
+ if(cert == null) {
+ Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Signature signature = Signature.getInstance(SIG_ALGORITHM);
+ signature.initSign(privateKey);
+ Object request = pkcs10Cons.newInstance(cert.getPublicKey());
+ Object subject = X500NameCons.newInstance(dn);
+ Object signer =
+ X500SignerCons.newInstance(signature, subject);
+ Method encodeAndSign =
+ PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
+ Method print =
+ PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
+ encodeAndSign.invoke(request, signer);
+ print.invoke(request, printStream);
+ printStream.close();
+ } catch (Exception e) {
+ Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
+ throw new KeyStoreException(msg.toString());
+ }
+ return csrFile;
+ }
+
}
/**
@@ -618,19 +643,312 @@
//Don't do anything. buffer should be used.
}
}
+
+ /**
+ * Generate a certificate request. Note that this methods checks if
+ * the certificate request generation is allowed and throws an
+ * exception if it isn't supported. Some vendors JDKs aren't compatible
+ * with Sun's certificate request generation classes so they aren't
+ * supported.
+ *
+ * @param ks The keystore to use in the request creation.
+ * @param ksType The keystore type.
+ * @param ksPath The path to the keystore.
+ * @param alias The alias to use in the request generation.
+ * @param pwd The keystore password to use.
+ * @param dn A dn string to use as the certificate subject.
+ *
+ * @return A file object pointing at the created certificate request.
+ * @throws KeyStoreException If the certificate request failed.
+ */
+ public File
+ generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
+ String alias, char[] pwd, String dn) throws KeyStoreException {
+ if(!certReqAllowed) {
+ String vendor = System.getProperty("java.vendor");
+ Message msg =
+ ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
+ throw new KeyStoreException(msg.toString());
+ }
+ KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
+ alias, pwd, dn, DEFAULT_VALIDITY);
+ File csrFile;
+ try {
+ csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
+ csrFile.deleteOnExit();
+ PrintStream printStream =
+ new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
+ if(keyStore == null) {
+ Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
+ throw new KeyStoreException(msg.toString());
+ }
+ PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
+ if(privateKey == null) {
+ Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Certificate cert = keyStore.getCertificate(alias);
+ if(cert == null) {
+ Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Signature signature = Signature.getInstance(SIG_ALGORITHM);
+ signature.initSign(privateKey);
+ Object request = pkcs10Cons.newInstance(cert.getPublicKey());
+ Object subject = X500NameCons.newInstance(dn);
+ Method encodeAndSign =
+ PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500NameClass,
+ Signature.class);
+ Method print =
+ PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
+ encodeAndSign.invoke(request, subject, signature);
+ print.invoke(request, printStream);
+ printStream.close();
+ } catch (Exception e) {
+ e.printStackTrace();
+ Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
+ throw new KeyStoreException(msg.toString());
+ }
+ return csrFile;
+ }
}
/**
+ * Default JDK 6 platform class.
+ */
+ private static class JDK6PlatformIMPL extends PlatformIMPL {
+ //normalize method.
+ private static final Method NORMALIZE;
+ //Normalized form method.
+ private static final Object FORM_NFKC;
+
+ private static Class<?> X500SignerClass;
+ private static Constructor<?> X500SignerCons;
+
+ static {
+ Method normalize = null;
+ Object formNFKC = null;
+ String x509pkg = pkgPrefix + ".x509";
+ String X500Signer = x509pkg + ".X500Signer";
+ try {
+ Class<?> normalizer = Class.forName("java.text.Normalizer");
+ Class<?> normalizerForm = Class.forName("java.text.Normalizer$Form");
+ normalize = normalizer.getMethod("normalize", CharSequence.class,
+ normalizerForm);
+ formNFKC = normalizerForm.getField("NFKD").get(null);
+ X500SignerClass = Class.forName(X500Signer);
+ X500SignerCons = X500SignerClass.getConstructor(Signature.class,
+ X500NameClass);
+ }
+ catch (ClassNotFoundException e) {
+ Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (SecurityException e) {
+ Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (NoSuchMethodException e) {
+ Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ }
+ catch (Exception ex) {
+ // Do not use Normalizer. The values are already set to null.
+ }
+ NORMALIZE = normalize;
+ FORM_NFKC = formNFKC;
+ }
+
+
+ @Override
+ public void normalize(StringBuilder buffer) {
+
+ try {
+ String normal = (String) NORMALIZE.invoke(null, buffer, FORM_NFKC);
+ buffer.replace(0,buffer.length(),normal);
+ }
+ catch(Exception ex) {
+ //Don't do anything. buffer should be used.
+ }
+ }
+
+ /**
+ * Generate a certificate request. Note that this methods checks if
+ * the certificate request generation is allowed and throws an
+ * exception if it isn't supported. Some vendors JDKs aren't compatible
+ * with Sun's certificate request generation classes so they aren't
+ * supported. Note this method uses the X500Signer class which has been
+ * deprecated in JDK 1.7.
+ *
+ * @param ks The keystore to use in the request creation.
+ * @param ksType The keystore type.
+ * @param ksPath The path to the keystore.
+ * @param alias The alias to use in the request generation.
+ * @param pwd The keystore password to use.
+ * @param dn A dn string to use as the certificate subject.
+ *
+ * @return A file object pointing at the created certificate request.
+ * @throws KeyStoreException If the certificate request failed.
+ */
+ public File
+ generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
+ String alias, char[] pwd, String dn) throws KeyStoreException {
+ if(!certReqAllowed) {
+ String vendor = System.getProperty("java.vendor");
+ Message msg =
+ ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
+ throw new KeyStoreException(msg.toString());
+ }
+ KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
+ alias, pwd, dn, DEFAULT_VALIDITY);
+ File csrFile;
+ try {
+ csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
+ csrFile.deleteOnExit();
+ PrintStream printStream =
+ new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
+ if(keyStore == null) {
+ Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
+ throw new KeyStoreException(msg.toString());
+ }
+ PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
+ if(privateKey == null) {
+ Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Certificate cert = keyStore.getCertificate(alias);
+ if(cert == null) {
+ Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Signature signature = Signature.getInstance(SIG_ALGORITHM);
+ signature.initSign(privateKey);
+ Object request = pkcs10Cons.newInstance(cert.getPublicKey());
+ Object subject = X500NameCons.newInstance(dn);
+ Object signer =
+ X500SignerCons.newInstance(signature, subject);
+ Method encodeAndSign =
+ PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
+ Method print =
+ PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
+ encodeAndSign.invoke(request, signer);
+ print.invoke(request, printStream);
+ printStream.close();
+ } catch (Exception e) {
+ Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
+ throw new KeyStoreException(msg.toString());
+ }
+ return csrFile;
+ }
+ }
+
+
+
+
+ /**
* IBM JDK 5 platform class.
*/
private static class IBM5PlatformIMPL extends PlatformIMPL {
- @Override
- public void normalize(StringBuilder buffer) {
- //No implementation.
- }
+ //Classes needed to manage certificates.
+ private static Class<?> X500SignerClass;
+ private static Constructor<?> X500SignerCons;
+
+ static {
+ String x509pkg = pkgPrefix + ".x509";
+ String X500Signer = x509pkg + ".X500Signer";
+ try {
+ X500SignerClass = Class.forName(X500Signer);
+ X500SignerCons = X500SignerClass.getConstructor(Signature.class,
+ X500NameClass);
+ }
+ catch (ClassNotFoundException e) {
+ Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (SecurityException e) {
+ Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ } catch (NoSuchMethodException e) {
+ Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
+ throw new ExceptionInInitializerError(msg.toString());
+ }
+ }
+
+ @Override
+ public void normalize(StringBuilder buffer) {
+ //No implementation.
+ }
+
+ /**
+ * Generate a certificate request. Note that this methods checks if
+ * the certificate request generation is allowed and throws an
+ * exception if it isn't supported. Some vendors JDKs aren't compatible
+ * with Sun's certificate request generation classes so they aren't
+ * supported. Note this method uses the X500Signer class which has been
+ * deprecated in JDK 1.7.
+ *
+ * @param ks The keystore to use in the request creation.
+ * @param ksType The keystore type.
+ * @param ksPath The path to the keystore.
+ * @param alias The alias to use in the request generation.
+ * @param pwd The keystore password to use.
+ * @param dn A dn string to use as the certificate subject.
+ *
+ * @return A file object pointing at the created certificate request.
+ * @throws KeyStoreException If the certificate request failed.
+ */
+ public File
+ generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
+ String alias, char[] pwd, String dn) throws KeyStoreException {
+ if(!certReqAllowed) {
+ String vendor = System.getProperty("java.vendor");
+ Message msg =
+ ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
+ throw new KeyStoreException(msg.toString());
+ }
+ KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
+ alias, pwd, dn, DEFAULT_VALIDITY);
+ File csrFile;
+ try {
+ csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
+ csrFile.deleteOnExit();
+ PrintStream printStream =
+ new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
+ if(keyStore == null) {
+ Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
+ throw new KeyStoreException(msg.toString());
+ }
+ PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
+ if(privateKey == null) {
+ Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Certificate cert = keyStore.getCertificate(alias);
+ if(cert == null) {
+ Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
+ throw new KeyStoreException(msg.toString());
+ }
+ Signature signature = Signature.getInstance(SIG_ALGORITHM);
+ signature.initSign(privateKey);
+ Object request = pkcs10Cons.newInstance(cert.getPublicKey());
+ Object subject = X500NameCons.newInstance(dn);
+ Object signer =
+ X500SignerCons.newInstance(signature, subject);
+ Method encodeAndSign =
+ PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
+ Method print =
+ PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
+ encodeAndSign.invoke(request, signer);
+ print.invoke(request, printStream);
+ printStream.close();
+ } catch (Exception e) {
+ Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
+ throw new KeyStoreException(msg.toString());
+ }
+ return csrFile;
+ }
}
+
+
/**
* Normalize the specified buffer.
*
--
Gitblit v1.10.0