List of usage examples for org.bouncycastle.cert X509v1CertificateBuilder build
public X509CertificateHolder build(ContentSigner signer)
From source file:CA.java
License:Apache License
private static Certificate build(ContentSigner sigGen, X500Principal issuer, BigInteger serial, Date notBefore, Date notAfter, X500Principal subject, PublicKey publicKey) throws Exception { X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKey);/*from w ww .ja va 2 s . c o m*/ X509CertificateHolder certHolder = certBuilder.build(sigGen); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); Certificate cert = null; cert = converter.getCertificate(certHolder); return cert; }
From source file:ataraxis.crypt.UBERKeyStoreHandlerTest.java
License:Open Source License
public static X509Certificate generateX509V3Cert(KeyPair keyPair) throws Exception { X509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(new X500Name("CN=Root"), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 1000 * 3600 * 24), new X500Name("CN=Root"), keyPair.getPublic());//from ww w .j av a2s .com ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBldr.build(signer)); }
From source file:beta01.SimpleRootCA.java
/** * Build a sample V1 certificate to use as a CA root certificate * @param keyPair//from w w w .j a v a 2 s . c o m */ public static X509CertificateHolder buildRootCert(org.bouncycastle.crypto.AsymmetricCipherKeyPair keyPair) throws Exception { X509v1CertificateBuilder certBldr = new X509v1CertificateBuilder(new X500Name("CN=Test Root Certificate"), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), new X500Name("CN=Test Root Certificate"), SubjectPublicKeyInfoFactory .createSubjectPublicKeyInfo((AsymmetricKeyParameter) keyPair.getPublic())); AlgorithmIdentifier sigAlg = algFinder.find("SHA1withRSA"); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcRSAContentSignerBuilder(sigAlg, digAlg) .build((AsymmetricKeyParameter) keyPair.getPrivate()); return certBldr.build(signer); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImpl.java
License:Apache License
@Override public X509Certificate generateX509CertificateV1(@NonNull final X509V1CertRequest request, @NonNull final PrivateKey privateKey) { final ContentSigner signer = contentSigner(privateKey); final X509v1CertificateBuilder certBuilder = request.x509v1CertificateBuilder(); final X509CertificateHolder certHolder = certBuilder.build(signer); return toX509Certificate(certHolder); }
From source file:com.aaasec.sigserv.cscommon.EntityKeyStore.java
License:EUPL
public X509Certificate generateV1Certificate(KeyPair pair) throws OperatorCreationException, IOException, CertificateException, KeyStoreException { BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Calendar startTime = Calendar.getInstance(); startTime.setTime(new Date()); startTime.add(Calendar.HOUR, -2); Calendar expiryTime = Calendar.getInstance(); expiryTime.setTime(new Date()); expiryTime.add(Calendar.YEAR, 10); Date notBefore = startTime.getTime(); Date notAfter = expiryTime.getTime(); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();//from w w w .j av a 2 s. c o m // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, ROOT); String certStr = generateCertificate.toString(); return generateCertificate; }
From source file:com.aaasec.sigserv.cssigapp.KeyStoreFactory.java
License:EUPL
public X509Certificate generateV1Certificate(String subject, char[] ksPass, KeyStore keyStore) throws OperatorCreationException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { KeyPair pair = generateKeyPair(); BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Date notBefore = new Date(System.currentTimeMillis() - 10000); Date notAfter = new Date(System.currentTimeMillis() + 10000); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();/*from w w w . ja v a2 s. c om*/ // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, K_NAME, keyStore, ksPass); String certStr = generateCertificate.toString(); return generateCertificate; }
From source file:com.aaasec.sigserv.csspsupport.models.SupportModel.java
License:EUPL
public static X509Certificate generateV1Certificate(String subject, KeyPair pair, SigAlgorithms algorithm) throws OperatorCreationException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Calendar startTime = Calendar.getInstance(); startTime.setTime(new Date()); startTime.add(Calendar.HOUR, -2); Calendar expiryTime = Calendar.getInstance(); expiryTime.setTime(new Date()); expiryTime.add(Calendar.YEAR, 10); Date notBefore = startTime.getTime(); Date notAfter = expiryTime.getTime(); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder(algorithm.getDummyCertAlgo()).build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();/*from w w w. j a v a 2 s . com*/ String certStr = generateCertificate.toString(); // strb.append("Certificate:\n").append(certStr).append("\n"); return generateCertificate; }
From source file:com.android.builder.internal.packaging.sign.SignatureTestUtils.java
License:Apache License
/** * Generates a private key / certificate. * * @param sign the asymmetric cypher, <em>e.g.</em>, {@code RSA} * @param full the full signature algorithm name, <em>e.g.</em>, {@code SHA1withRSA} * @return the pair with the private key and certificate * @throws Exception failed to generate the signature data *//*from ww w . j av a 2 s .c o m*/ @NonNull public static Pair<PrivateKey, X509Certificate> generateSignature(@NonNull String sign, @NonNull String full) throws Exception { // http://stackoverflow.com/questions/28538785/ // easy-way-to-generate-a-self-signed-certificate-for-java-security-keystore-using KeyPairGenerator generator = null; try { generator = KeyPairGenerator.getInstance(sign); } catch (NoSuchAlgorithmException e) { Assume.assumeNoException("Algorithm " + sign + " not supported.", e); } assertNotNull(generator); KeyPair keyPair = generator.generateKeyPair(); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date notAfter = new Date(System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal("cn=Myself").getName()); SubjectPublicKeyInfo publicKeyInfo; if (keyPair.getPublic() instanceof RSAPublicKey) { RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo( new RSAKeyParameters(false, rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent())); } else if (keyPair.getPublic() instanceof ECPublicKey) { publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); } else { fail(); publicKeyInfo = null; } X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer = new JcaContentSignerBuilder(full).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); return Pair.of(keyPair.getPrivate(), converter.getCertificate(holder)); }
From source file:com.android.ide.common.signing.KeystoreHelper.java
License:Apache License
/** * Generates a key and self-signed certificate pair. * @param asymmetric the asymmetric encryption algorithm (<em>e.g.,</em> {@code RSA}) * @param sign the signature algorithm (<em>e.g.,</em> {@code SHA1withRSA}) * @param validityYears number of years the certificate should be valid, must be greater than * zero//from w w w . ja v a2 s .c o m * @param dn the distinguished name of the issuer and owner of the certificate * @return a pair with the private key and the corresponding certificate * @throws KeytoolException failed to generate the pair */ private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(@NonNull String asymmetric, @NonNull String sign, int validityYears, @NonNull String dn) throws KeytoolException { Preconditions.checkArgument(validityYears > 0, "validityYears <= 0"); KeyPair keyPair; try { keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new KeytoolException( "Failed to generate key and certificate pair for " + "algorithm '" + asymmetric + "'.", e); } Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validityYears * 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal(dn).getName()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer; try { signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); } catch (OperatorCreationException e) { throw new KeytoolException("Failed to build content signer with signature algorithm '" + sign + "'.", e); } X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); X509Certificate certificate; try { certificate = converter.getCertificate(holder); } catch (CertificateException e) { throw new KeytoolException("Failed to obtain the self-signed certificate.", e); } return Pair.of(keyPair.getPrivate(), certificate); }
From source file:com.aqnote.shared.cryptology.cert.gen.SingleX509V1Creator.java
License:Open Source License
public static X509Certificate generate(CertObject certObject, KeyPair keyPair) throws CertException { try {// w w w.j a va 2s. c om X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }