Example usage for org.bouncycastle.cert.bc BcX509v3CertificateBuilder BcX509v3CertificateBuilder

List of usage examples for org.bouncycastle.cert.bc BcX509v3CertificateBuilder BcX509v3CertificateBuilder

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.bc.*
  5. BcX509v3CertificateBuilder
  6. BcX509v3CertificateBuilder

Introduction

In this page you can find the example usage for org.bouncycastle.cert.bc BcX509v3CertificateBuilder BcX509v3CertificateBuilder.

Prototype

public BcX509v3CertificateBuilder(X509CertificateHolder issuerCert, BigInteger serial, Date notBefore,
        Date notAfter, X500Name subject, AsymmetricKeyParameter publicKey) throws IOException

Source Link

Document

Initialise the builder using the subject from the passed in issuerCert as the issuer, as well as passing through and converting the other objects provided.

Usage

From source file:uk.ac.cam.gpe21.droidssl.mitm.crypto.cert.CertificateGenerator.java

License:Apache License

public X509CertificateHolder generate(String cn, String[] sans) {
    try {/* w w  w  . j a  va  2 s.  co m*/
        /* basic certificate structure */
        //serial = serial.add(BigInteger.ONE);
        // TODO: temporary workaround as reusing serial numbers makes Firefox complain
        serial = new BigInteger(Long.toString(System.currentTimeMillis()));

        Calendar notBefore = new GregorianCalendar(UTC);
        notBefore.add(Calendar.HOUR, -1);

        Calendar notAfter = new GregorianCalendar(UTC);
        notAfter.add(Calendar.HOUR, 24);

        X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, cn).build();

        BcX509ExtensionUtils utils = new BcX509ExtensionUtils();
        X509v3CertificateBuilder builder = new BcX509v3CertificateBuilder(ca.getCertificate(), serial,
                notBefore.getTime(), notAfter.getTime(), subject, keyPair.getPublic());

        /* subjectAlernativeName extension */
        if (sans.length > 0) {
            GeneralName[] names = new GeneralName[sans.length];
            for (int i = 0; i < names.length; i++) {
                names[i] = new GeneralName(GeneralName.dNSName, sans[i]);
            }
            builder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(names));
        }

        /* basicConstraints extension */
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));

        /* subjectKeyIdentifier extension */
        builder.addExtension(Extension.subjectKeyIdentifier, false,
                utils.createSubjectKeyIdentifier(keyPair.getPublic()));

        /* authorityKeyIdentifier extension */
        builder.addExtension(Extension.authorityKeyIdentifier, false,
                utils.createAuthorityKeyIdentifier(ca.getPublicKey()));

        /* keyUsage extension */
        int usage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyAgreement;
        builder.addExtension(Extension.keyUsage, true, new KeyUsage(usage));

        /* extendedKeyUsage extension */
        KeyPurposeId[] usages = { KeyPurposeId.id_kp_serverAuth };
        builder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(usages));

        /* create the signer */
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
                .find("SHA1withRSA");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder()
                .find(signatureAlgorithm);
        ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm)
                .build(ca.getPrivateKey());

        /* build and sign the certificate */
        return builder.build(signer);
    } catch (IOException | OperatorCreationException ex) {
        throw new CertificateGenerationException(ex);
    }
}