Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Android™) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
// Important: Don't forget to include the call to System.loadLibrary // as shown at the bottom of this code sample. package com.test; import android.app.Activity; import com.chilkatsoft.*; import android.widget.TextView; import android.os.Bundle; public class SimpleActivity extends Activity { private static final String TAG = "Chilkat"; // Called when the activity is first created. @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. CkPrng fortuna = new CkPrng(); String entropy = fortuna.getEntropy(32,"base64"); boolean success = fortuna.AddEntropy(entropy,"base64"); CkEcc ec = new CkEcc(); // Generate a random EC private key on the prime256v1 curve. CkPrivateKey privKey = ec.GenEccKey("prime256v1",fortuna); if (ec.get_LastMethodSuccess() != true) { Log.i(TAG, ec.lastErrorText()); return; } // Create the CSR object and set properties. CkCsr csr = new CkCsr(); // Specify your CN csr.put_CommonName("mysubdomain.mydomain.com"); // Create the CSR using the private key. CkBinData bdCsr = new CkBinData(); success = csr.GenCsrBd(privKey,bdCsr); if (success == false) { Log.i(TAG, csr.lastErrorText()); return; } // Save the private key and CSR to files. privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem"); bdCsr.WriteFile("c:/temp/qa_output/csr.pem"); // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. CkHttp http = new CkHttp(); CkCert tlsClientCert = new CkCert(); success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem"); if (success == false) { Log.i(TAG, tlsClientCert.lastErrorText()); return; } CkBinData bdTlsClientCertPrivKey = new CkBinData(); success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem"); if (success == false) { Log.i(TAG, "Failed to load data/myTlsClientCert.key.pem"); return; } CkPrivateKey tlsClientCertPrivKey = new CkPrivateKey(); success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,""); if (success == false) { Log.i(TAG, tlsClientCertPrivKey.lastErrorText()); return; } success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey); if (success == false) { Log.i(TAG, tlsClientCert.lastErrorText()); return; } http.SetSslClientCert(tlsClientCert); http.put_RequireSslCertVerify(true); // The body of the HTTP request contains the binary CSR. CkHttpResponse resp = http.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",bdCsr,"application/pkcs10",false,false); if (http.get_LastMethodSuccess() == false) { Log.i(TAG, http.lastErrorText()); return; } if (resp.get_StatusCode() != 200) { Log.i(TAG, "response status code = " + String.valueOf(resp.get_StatusCode())); Log.i(TAG, resp.bodyStr()); Log.i(TAG, "Failed"); return; } // The response is the Base64 DER of the new certificate. CkCert myNewCert = new CkCert(); success = myNewCert.LoadFromBase64(resp.bodyStr()); if (success == false) { Log.i(TAG, myNewCert.lastErrorText()); Log.i(TAG, "Cert data = " + resp.bodyStr()); Log.i(TAG, "Failed."); return; } success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer"); if (success == false) { Log.i(TAG, myNewCert.lastErrorText()); Log.i(TAG, "Failed."); return; } Log.i(TAG, "Success."); } static { System.loadLibrary("chilkat"); // Note: If the incorrect library name is passed to System.loadLibrary, // then you will see the following error message at application startup: //"The application <your-application-name> has stopped unexpectedly. Please try again." } } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.