package com.owncloud.android.utils; import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.spongycastle.asn1.x500.X500Name; import org.spongycastle.asn1.x509.AlgorithmIdentifier; import org.spongycastle.asn1.x509.BasicConstraints; import org.spongycastle.asn1.x509.Extension; import org.spongycastle.asn1.x509.ExtensionsGenerator; import org.spongycastle.crypto.params.AsymmetricKeyParameter; import org.spongycastle.crypto.util.PrivateKeyFactory; import org.spongycastle.operator.ContentSigner; import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder; import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.spongycastle.operator.OperatorCreationException; import org.spongycastle.operator.bc.BcRSAContentSignerBuilder; import org.spongycastle.pkcs.PKCS10CertificationRequest; import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder; import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; import java.io.IOException; import java.security.KeyPair; /** * copied & modified from: * https://github.com/awslabs/aws-sdk-android-samples/blob/master/CreateIotCertWithCSR/src/com/amazonaws/demo/csrcert/CsrHelper.java * accessed at 31.08.17 * Original parts are licensed under the Apache License, Version 2.0: http://aws.amazon.com/apache2.0 * Own parts are licensed unter GPLv3+. */ public class CsrHelper { /** * Create the certificate signing request (CSR) from private and public keys * * @param keyPair the KeyPair with private and public keys * @return PKCS10CertificationRequest with the certificate signing request (CSR) data * @throws IOException thrown if key cannot be created * @throws OperatorCreationException thrown if contentSigner cannot be build */ private static PKCS10CertificationRequest generateCSR(KeyPair keyPair) throws IOException, OperatorCreationException { String principal = "CN=www.nextcloud.com, O=Nextcloud, L=Stuttgart, ST=Baden-Wuerttemberg, C=DE"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); return csrBuilder.build(signer); } public static String generateCsrPemEncodedString(KeyPair keyPair) throws IOException, OperatorCreationException { PKCS10CertificationRequest csr = CsrHelper.generateCSR(keyPair); byte[] derCSR = csr.getEncoded(); return "-----BEGIN CERTIFICATE REQUEST-----\n" + android.util.Base64.encodeToString( derCSR, android.util.Base64.NO_PADDING | android.util.Base64.NO_WRAP) + "\n-----END CERTIFICATE REQUEST-----"; } }