List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator generateX509Certificate
public X509Certificate generateX509Certificate(PrivateKey key, String provider) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
From source file:io.aos.crypto.spl08.CertReqSolution.java
License:Apache License
public static void main(String... args) throws Exception { // create the CA certificates X500PrivateCredential rootCredential = Utils.createRootCredential(); X500PrivateCredential interCredential = Utils.createIntermediateCredential(rootCredential.getPrivateKey(), rootCredential.getCertificate()); // parse the request PEMReader pRd = new PEMReader(new InputStreamReader(new FileInputStream("pkcs10.req"))); PKCS10CertificationRequest request = (PKCS10CertificationRequest) pRd.readObject(); // get our validation certificate X509Certificate caCert = interCredential.getCertificate(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(caCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject()); certGen.setPublicKey(request.getPublicKey("BC")); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); // provide some basic extensions and mark the certificate as appropriate for signing and encipherment certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); // create the chain List chain = Arrays/*from w w w.ja v a 2 s .co m*/ .asList(new Certificate[] { certGen.generateX509Certificate(interCredential.getPrivateKey(), "BC"), interCredential.getCertificate(), rootCredential.getCertificate() }); // create the CertPath CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); CertPath path = fact.generateCertPath(chain); // write it out FileOutputStream fOut = new FileOutputStream("pkcs7.pth"); fOut.write(path.getEncoded("PKCS7")); fOut.close(); }
From source file:libcore.net.ssl.SslContextBuilder.java
License:Apache License
/** * Generates a certificate for {@code hostName} containing {@code keyPair}'s * public key, signed by {@code keyPair}'s private key. *///from www . ja v a 2 s . co m @SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies. private X509Certificate selfSignedCertificate(KeyPair keyPair) throws GeneralSecurityException { X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); X500Principal issuer = new X500Principal("CN=" + hostName); X500Principal subject = new X500Principal("CN=" + hostName); generator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); generator.setIssuerDN(issuer); generator.setNotBefore(new Date(notBefore)); generator.setNotAfter(new Date(notAfter)); generator.setSubjectDN(subject); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
From source file:net.jxta.impl.membership.pse.PSEUtils.java
License:Open Source License
/** * Generate a Cert given a keypair/* w w w . j a v a 2 s . c o m*/ * * @param subject subjectDN for the certificate * @param keypair the keypair to use. * @param issuerinfo the cert issuer or null if self-signed root cert. * @return the details of the generated cert. * @throws SecurityException if the cert could not be generated. */ public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo) throws SecurityException { try { // set up issuer PrivateKey signer; X509Principal issuer; if (null == issuerinfo) { // self-signed root cert signer = keypair.getPrivate(); issuer = new X509Principal(subject.getEncoded()); } else { // issuer signed service sert signer = issuerinfo.subjectPkey; X500Principal issuer_subject = issuerinfo.cert.getSubjectX500Principal(); issuer = new X509Principal(issuer_subject.getEncoded()); } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.YEAR, 10); Date until = cal.getTime(); // generate cert X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(issuer); certGen.setSubjectDN(new X509Principal(subject.getEncoded())); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(keypair.getPublic()); // certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1WITHRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert IssuerInfo info = new IssuerInfo(); // the cert info.cert = certGen.generateX509Certificate(signer, UTILS.srng); // For saving service cert private key info.subjectPkey = keypair.getPrivate(); // for signing service cert info.issuer = (null == issuerinfo) ? info.cert : issuerinfo.cert; // for signing service cert info.issuerPkey = signer; // dump the certificate? if (null == issuer) { Logging.logCheckedFine(LOG, "Root Cert : \n", info.cert); } else { Logging.logCheckedFine(LOG, "Client Cert : \n", info.cert); } return info; } catch (SignatureException e) { Logging.logCheckedSevere(LOG, "Could not generate certificate\n\n", e); SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } catch (InvalidKeyException e) { Logging.logCheckedSevere(LOG, "Could not generate certificate\n\n", e); SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } catch (IOException e) { Logging.logCheckedSevere(LOG, "Could not generate certificate\n\n", e); SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } }
From source file:org.apache.synapse.transport.certificatevalidation.CRLVerifierTest.java
License:Apache License
public X509Certificate generateFakePeerCert(BigInteger serialNumber, PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, X509Certificate firstCertificate) throws Exception { Utils utils = new Utils(); X509V3CertificateGenerator certGen = utils.getUsableCertificateGenerator(caCert, entityKey, serialNumber); certGen.copyAndAddExtension(new DERObjectIdentifier(X509Extensions.CRLDistributionPoints.getId()), false, firstCertificate);/*from ww w .j ava 2 s .c om*/ return certGen.generateX509Certificate(caKey, "BC"); }
From source file:org.apache.synapse.transport.certificatevalidation.OCSPVerifierTest.java
License:Apache License
private X509Certificate generateFakePeerCert(BigInteger serialNumber, PublicKey entityKey, PrivateKey caKey, X509Certificate caCert) throws Exception { Utils utils = new Utils(); X509V3CertificateGenerator certGen = utils.getUsableCertificateGenerator(caCert, entityKey, serialNumber); return certGen.generateX509Certificate(caKey, "BC"); }
From source file:org.apache.synapse.transport.certificatevalidation.Utils.java
License:Apache License
/** * Generates a fake certificate chain. The array will contain two certificates, the root and the peer. * @return the created array of certificates. * @throws Exception/*from w ww . j a v a 2s.c om*/ */ public X509Certificate[] getFakeCertificateChain() throws Exception { KeyPair rootKeyPair = generateRSAKeyPair(); X509Certificate rootCert = generateFakeRootCert(rootKeyPair); KeyPair entityKeyPair = generateRSAKeyPair(); BigInteger entitySerialNum = BigInteger.valueOf(111); X509V3CertificateGenerator certGen = getUsableCertificateGenerator(rootCert, entityKeyPair.getPublic(), entitySerialNum); X509Certificate entityCert = certGen.generateX509Certificate(rootKeyPair.getPrivate(), "BC"); return new X509Certificate[] { entityCert, rootCert }; }
From source file:org.deviceconnect.android.ssl.AbstractKeyStoreManager.java
License:MIT License
private X509Certificate generateX509V3Certificate(final KeyPair keyPair, final X500Principal subject, final X500Principal issuer, final Date notBefore, final Date notAfter, final BigInteger serialNumber, final GeneralNames generalNames, final boolean isCA) throws GeneralSecurityException { Security.addProvider(new BouncyCastleProvider()); X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serialNumber); generator.setIssuerDN(issuer);// w w w.j a va 2s . c o m generator.setSubjectDN(subject); generator.setNotBefore(notBefore); generator.setNotAfter(notAfter); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); generator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isCA)); generator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160)); generator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); if (generalNames != null) { generator.addExtension(X509Extensions.SubjectAlternativeName, false, generalNames); } return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
From source file:util.X509Helper.java
private X509Certificate generateCertificate(KeyPair keyPair, boolean selfSigned, Principal issuerDN) { try {//from ww w . ja va 2s . co m X500Principal x500Principal = new X500Principal("C=" + Constants.access.getSubjectCountry() + ",ST=" + Constants.access.getSubjectState() + ",L=" + Constants.access.getSubjectLocality() + ",O=" + Constants.access.getSubjectOrganization() + ",OU=" + Constants.access.getSubjectOrganizationUnit() + ",CN=" + Constants.access.getSubjectCommonName()); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(new BigInteger(Constants.access.getSerialNumber())); certGen.setIssuerDN(selfSigned ? x500Principal : new X500Principal(issuerDN.toString())); certGen.setNotBefore(Constants.access.getNotBefore()); certGen.setNotAfter(Constants.access.getNotAfter()); certGen.setSubjectDN(x500Principal); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(Constants.access.getPublicKeySignatureAlgorithm()); //TODO:SET EXTENSIONS // certGen.addExtension(X509Extensions.BasicConstraints, uiParams.isExtensionBasicConstraintsIsCritical(), basicConstraint); return certGen.generateX509Certificate(keyPair.getPrivate(), "BC"); } catch (Exception ex) { Logger.getLogger(X509Helper.class.getName()).log(Level.SEVERE, null, ex); } return null; }