No problem putting this on the mailing list. Let’s see what I can do. First off here I am using Bouncy Castle Java version 1.49 (later versions would also ostensibly have the same trouble, I don’t see why they wouldn’t. Yeah we have a tech debt item on this).
Step #1: Parse the CSR String into a PKCS10CertificationRequest: PKCS10CertificationRequest csr = (PKCS10CertificationRequest) new PEMParser(new StringReader(csrPEMEncoded)).readObject(); This API ain’t the most straightforward thing. Step #2: Acquire the issuer URL and then instantiate the client: Client client = new Client(url, paramX509Certificate -> true); // The lambda there is the CertificateVerifier (valuable for testing, but not for production). Step #3: Get your public/private keypair and load them into java.security.PrivateKey and java.security.cert.Certificate: Unfortunately, my code here is not all that clear, makes use of the JCA Keystore class though. Step #4: Call JSCEP to enroll: EnrollmentResponse response = client.enrol(publicKey, privateKey, csr); // csr is is what is provided from Step 1. The response has the status and any error messages. Thanks, James E. Ervin Senior Software Engineer [signature_865620494]Cell # M 210-251-1503 [signature_865620494]866.324.9345 W [signature_615102543] james.er...@hypori.com<mailto:james.er...@hypori.com> [signature_583934705] https://hypori.com [Logo, icon Description automatically generated]<https://linkedin.com/company/hypori> [Logo, icon Description automatically generated] <https://www.facebook.com/HyporiVMI> [Logo Description automatically generated] <https://twitter.com/Hypori_VM> [Logo, company name Description automatically generated] NOTE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please contact the sender by reply email and destroy or delete all copies of the message, including any attachments. From: Oliver Welter <m...@oliwel.de> Date: Monday, August 16, 2021 at 1:10 AM To: openxpki-users@lists.sourceforge.net <openxpki-users@lists.sourceforge.net> Subject: Re: [OpenXPKI-users] Bouncy Castle won't verify a signed cert coming back from OpenXPKI Hi James, Am 14.08.21 um 18:25 schrieb James Ervin: What kind of thing do you need? Uhm I did provide the csr request and what was returned from OpenXPKI in an earlier email in this thread. I don't need the CSR but a working example how to use the JSCEP libraries to create a request so I can have a look at the structures - my java times are some decades away so I would appreciate some help where to start. You can send it by PM if this is something you dont want to share publicly. Oliver -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
