Android™
Android™
Renew a DigiCert Certificate from an EST-enabled profile
See more Certificates Examples
Demonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)Chilkat Android™ Downloads
// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;
import android.app.Activity;
import com.chilkatsoft.*;
import android.widget.TextView;
import android.os.Bundle;
public class SimpleActivity extends Activity {
private static final String TAG = "Chilkat";
// Called when the activity is first created.
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
boolean success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// The example below duplicates the following OpenSSL commands:
//
// # Name of certificate as argument 1
//
// # Make new key
// openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem
//
// # Make csr
// openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}"
//
// # Request new cert
// curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem
// --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll
//
// # Convert to PEM
// openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem
// ------------------------------------------------------------------------------------------------------------------
// Create a Fortuna PRNG and seed it with system entropy.
// This will be our source of random data for generating the ECC private key.
CkPrng fortuna = new CkPrng();
String entropy = fortuna.getEntropy(32,"base64");
success = fortuna.AddEntropy(entropy,"base64");
CkEcc ec = new CkEcc();
// Generate a random EC private key on the prime256v1 curve.
CkPrivateKey privKey = new CkPrivateKey();
success = ec.GenKey("prime256v1",fortuna,privKey);
if (success != true) {
Log.i(TAG, ec.lastErrorText());
return;
}
// Create the CSR object and set properties.
CkCsr csr = new CkCsr();
// Specify your CN
csr.put_CommonName("mysubdomain.mydomain.com");
// Create the CSR using the private key.
CkBinData bdCsr = new CkBinData();
success = csr.GenCsrBd(privKey,bdCsr);
if (success == false) {
Log.i(TAG, csr.lastErrorText());
return;
}
// Save the private key and CSR to files.
privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem");
bdCsr.WriteFile("c:/temp/qa_output/csr.pem");
// ----------------------------------------------------------------------
// Now do the CURL request to POST the CSR and get the new certificate.
CkHttp http = new CkHttp();
CkCert tlsClientCert = new CkCert();
success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem");
if (success == false) {
Log.i(TAG, tlsClientCert.lastErrorText());
return;
}
CkBinData bdTlsClientCertPrivKey = new CkBinData();
success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem");
if (success == false) {
Log.i(TAG, "Failed to load data/myTlsClientCert.key.pem");
return;
}
CkPrivateKey tlsClientCertPrivKey = new CkPrivateKey();
success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,"");
if (success == false) {
Log.i(TAG, tlsClientCertPrivKey.lastErrorText());
return;
}
success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey);
if (success == false) {
Log.i(TAG, tlsClientCert.lastErrorText());
return;
}
http.SetSslClientCert(tlsClientCert);
http.put_RequireSslCertVerify(true);
// The body of the HTTP request contains the binary CSR.
CkHttpResponse resp = new CkHttpResponse();
String url = "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll";
success = http.HttpBd("POST",url,bdCsr,"application/pkcs10",resp);
if (success == false) {
Log.i(TAG, http.lastErrorText());
return;
}
if (resp.get_StatusCode() != 200) {
Log.i(TAG, "response status code = " + String.valueOf(resp.get_StatusCode()));
Log.i(TAG, resp.bodyStr());
Log.i(TAG, "Failed");
return;
}
// The response is the Base64 DER of the new certificate.
CkCert myNewCert = new CkCert();
success = myNewCert.LoadFromBase64(resp.bodyStr());
if (success == false) {
Log.i(TAG, myNewCert.lastErrorText());
Log.i(TAG, "Cert data = " + resp.bodyStr());
Log.i(TAG, "Failed.");
return;
}
success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer");
if (success == false) {
Log.i(TAG, myNewCert.lastErrorText());
Log.i(TAG, "Failed.");
return;
}
Log.i(TAG, "Success.");
}
static {
System.loadLibrary("chilkat");
// Note: If the incorrect library name is passed to System.loadLibrary,
// then you will see the following error message at application startup:
//"The application <your-application-name> has stopped unexpectedly. Please try again."
}
}