Example usage for org.bouncycastle.cert.bc BcX509ExtensionUtils createAuthorityKeyIdentifier

List of usage examples for org.bouncycastle.cert.bc BcX509ExtensionUtils createAuthorityKeyIdentifier

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.bc.*
  5. BcX509ExtensionUtils
  6. createAuthorityKeyIdentifier

Introduction

In this page you can find the example usage for org.bouncycastle.cert.bc BcX509ExtensionUtils createAuthorityKeyIdentifier.

Prototype

public AuthorityKeyIdentifier createAuthorityKeyIdentifier(AsymmetricKeyParameter publicKey)
            throws IOException

Source Link

Usage

From source file:uk.ac.cam.gpe21.droidssl.mitm.crypto.cert.CertificateGenerator.java

License:Apache License

public X509CertificateHolder generate(String cn, String[] sans) {
    try {/*from www .  jav a 2  s. co  m*/
        /* basic certificate structure */
        //serial = serial.add(BigInteger.ONE);
        // TODO: temporary workaround as reusing serial numbers makes Firefox complain
        serial = new BigInteger(Long.toString(System.currentTimeMillis()));

        Calendar notBefore = new GregorianCalendar(UTC);
        notBefore.add(Calendar.HOUR, -1);

        Calendar notAfter = new GregorianCalendar(UTC);
        notAfter.add(Calendar.HOUR, 24);

        X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, cn).build();

        BcX509ExtensionUtils utils = new BcX509ExtensionUtils();
        X509v3CertificateBuilder builder = new BcX509v3CertificateBuilder(ca.getCertificate(), serial,
                notBefore.getTime(), notAfter.getTime(), subject, keyPair.getPublic());

        /* subjectAlernativeName extension */
        if (sans.length > 0) {
            GeneralName[] names = new GeneralName[sans.length];
            for (int i = 0; i < names.length; i++) {
                names[i] = new GeneralName(GeneralName.dNSName, sans[i]);
            }
            builder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(names));
        }

        /* basicConstraints extension */
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));

        /* subjectKeyIdentifier extension */
        builder.addExtension(Extension.subjectKeyIdentifier, false,
                utils.createSubjectKeyIdentifier(keyPair.getPublic()));

        /* authorityKeyIdentifier extension */
        builder.addExtension(Extension.authorityKeyIdentifier, false,
                utils.createAuthorityKeyIdentifier(ca.getPublicKey()));

        /* keyUsage extension */
        int usage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyAgreement;
        builder.addExtension(Extension.keyUsage, true, new KeyUsage(usage));

        /* extendedKeyUsage extension */
        KeyPurposeId[] usages = { KeyPurposeId.id_kp_serverAuth };
        builder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(usages));

        /* create the signer */
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
                .find("SHA1withRSA");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder()
                .find(signatureAlgorithm);
        ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm)
                .build(ca.getPrivateKey());

        /* build and sign the certificate */
        return builder.build(signer);
    } catch (IOException | OperatorCreationException ex) {
        throw new CertificateGenerationException(ex);
    }
}