List of usage examples for org.bouncycastle.cert.jcajce JcaX509v1CertificateBuilder build
public X509CertificateHolder build(ContentSigner signer)
From source file:com.zotoh.crypto.Crypto.java
License:Open Source License
private Tuple createSSV1Cert(Provider pv, KeyPair keyPair, Date start, Date end, String dnStr, int keyLength, String algo) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, GeneralSecurityException { // generate self-signed cert X500Principal dnName = new X500Principal(dnStr); PrivateKey prv = keyPair.getPrivate(); PublicKey pub = keyPair.getPublic(); X509Certificate cert;// w ww . ja v a 2s . com // self signed-> issuer is self JcaX509v1CertificateBuilder bdr = new JcaX509v1CertificateBuilder(dnName, getNextSerialNumber(), start, end, dnName, pub); ContentSigner cs; try { cs = new JcaContentSignerBuilder(algo).setProvider(pv).build(prv); } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } cert = new JcaX509CertificateConverter().setProvider(pv).getCertificate(bdr.build(cs)); cert.checkValidity(new Date()); cert.verify(pub); return new Tuple(cert, prv); }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, long validity, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException { Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validity); JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); try {// w ww.j a va 2 s . c om ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC") .build(privateKey); return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.portecle.crypto.X509CertUtil.java
License:Open Source License
/** * Generate a self-signed X509 Version 1 certificate for the supplied key pair and signature algorithm. * /* ww w .j ava2s . c o m*/ * @return The generated certificate * @param sCommonName Common name certificate attribute * @param sOrganisationUnit Organization Unit certificate attribute * @param sOrganisation Organization certificate attribute * @param sLocality Locality certificate * @param sState State certificate attribute * @param sEmailAddress Email Address certificate attribute * @param sCountryCode Country Code certificate attribute * @param iValidity Validity period of certificate in days * @param publicKey Public part of key pair * @param privateKey Private part of key pair * @param signatureType Signature Type * @throws CryptoException If there was a problem generating the certificate */ public static X509Certificate generateCert(String sCommonName, String sOrganisationUnit, String sOrganisation, String sLocality, String sState, String sCountryCode, String sEmailAddress, int iValidity, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType) throws CryptoException { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); if (sEmailAddress != null) { nameBuilder.addRDN(BCStyle.E, sEmailAddress); } if (sCountryCode != null) { nameBuilder.addRDN(BCStyle.C, sCountryCode); } if (sState != null) { nameBuilder.addRDN(BCStyle.ST, sState); } if (sLocality != null) { nameBuilder.addRDN(BCStyle.L, sLocality); } if (sOrganisation != null) { nameBuilder.addRDN(BCStyle.O, sOrganisation); } if (sOrganisationUnit != null) { nameBuilder.addRDN(BCStyle.OU, sOrganisationUnit); } if (sCommonName != null) { nameBuilder.addRDN(BCStyle.CN, sCommonName); } BigInteger serial = generateX509SerialNumber(); Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(notBefore.getTime() + ((long) iValidity * 24 * 60 * 60 * 1000)); JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(nameBuilder.build(), serial, notBefore, notAfter, nameBuilder.build(), publicKey); try { ContentSigner signer = new JcaContentSignerBuilder(signatureType.name()).build(privateKey); X509CertificateHolder certHolder = certBuilder.build(signer); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (CertificateException | OperatorCreationException ex) { throw new CryptoException(RB.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.portecle.crypto.X509CertUtil.java
License:Open Source License
/** * Renew a self-signed X509 Version 1 certificate. * /*from w w w.j a va2s. c o m*/ * @return The renewed certificate * @param oldCert old certificate * @param iValidity Validity period of certificate in days to add to the old cert's expiry date, or * current time if the certificate has expired * @param publicKey Public part of key pair * @param privateKey Private part of key pair * @throws CryptoException If there was a problem generating the certificate */ public static X509Certificate renewCert(X509Certificate oldCert, int iValidity, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { BigInteger serial = generateX509SerialNumber(); // Valid before and after dates now to iValidity days in the future from now or existing expiry date Date notBefore = new Date(); Date oldExpiry = oldCert.getNotAfter(); if (oldExpiry == null || oldExpiry.before(notBefore)) { oldExpiry = notBefore; } Date notAfter = new Date(oldExpiry.getTime() + ((long) iValidity * 24 * 60 * 60 * 1000)); // TODO: verify/force self-signedness JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(oldCert.getIssuerX500Principal(), serial, notBefore, notAfter, oldCert.getSubjectX500Principal(), publicKey); try { ContentSigner signer = new JcaContentSignerBuilder(oldCert.getSigAlgName()).build(privateKey); X509CertificateHolder certHolder = certBuilder.build(signer); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (CertificateException | OperatorCreationException ex) { throw new CryptoException(RB.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:org.kse.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException { Date notBefore = validityStart == null ? new Date() : validityStart; Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;/*w ww . j a v a 2 s . c om*/ JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); try { ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC") .build(privateKey); return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }