Example usage for org.bouncycastle.x509 X509V3CertificateGenerator reset

List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator reset

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. X509V3CertificateGenerator
  6. reset

Introduction

In this page you can find the example usage for org.bouncycastle.x509 X509V3CertificateGenerator reset.

Prototype

public void reset()

Source Link

Document

reset the generator

Usage

From source file:test.unit.test.be.fedict.eid.applet.model.XmlSignatureServiceBeanTest.java

License:Open Source License

private X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore,
        DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag,
        int pathLength, String ocspUri, KeyUsage keyUsage) throws IOException, InvalidKeyException,
        IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException {
    String signatureAlgorithm = "SHA1withRSA";
    X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
    certificateGenerator.reset();
    certificateGenerator.setPublicKey(subjectPublicKey);
    certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
    certificateGenerator.setNotBefore(notBefore.toDate());
    certificateGenerator.setNotAfter(notAfter.toDate());
    X509Principal issuerDN;// w  ww. ja  va 2s . c o m
    if (null != issuerCertificate) {
        issuerDN = new X509Principal(issuerCertificate.getSubjectX500Principal().toString());
    } else {
        issuerDN = new X509Principal(subjectDn);
    }
    certificateGenerator.setIssuerDN(issuerDN);
    certificateGenerator.setSubjectDN(new X509Principal(subjectDn));
    certificateGenerator.setSerialNumber(new BigInteger(128, new SecureRandom()));

    certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            createSubjectKeyId(subjectPublicKey));
    PublicKey issuerPublicKey;
    issuerPublicKey = subjectPublicKey;
    certificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            createAuthorityKeyId(issuerPublicKey));

    if (caFlag) {
        if (-1 == pathLength) {
            certificateGenerator.addExtension(X509Extensions.BasicConstraints, false,
                    new BasicConstraints(true));
        } else {
            certificateGenerator.addExtension(X509Extensions.BasicConstraints, false,
                    new BasicConstraints(pathLength));
        }
    }

    if (null != ocspUri) {
        GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri);
        AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(
                X509ObjectIdentifiers.ocspAccessMethod, ocspName);
        certificateGenerator.addExtension(X509Extensions.AuthorityInfoAccess.getId(), false,
                authorityInformationAccess);
    }

    if (null != keyUsage) {
        certificateGenerator.addExtension(X509Extensions.KeyUsage, true, keyUsage);
    }

    X509Certificate certificate;
    certificate = certificateGenerator.generate(issuerPrivateKey);

    /*
     * Next certificate factory trick is needed to make sure that the
     * certificate delivered to the caller is provided by the default
     * security provider instead of BouncyCastle. If we don't do this trick
     * we might run into trouble when trying to use the CertPath validator.
     */
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    certificate = (X509Certificate) certificateFactory
            .generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
    return certificate;
}

From source file:TorJava.PrivateKeyHandler.java

License:Open Source License

public java.security.cert.X509Certificate[] getCertificateChain(String alias) {
    try {/*from w  w w . jav a2  s .  co  m*/
        org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator();
        generator.reset();
        generator.setSerialNumber(BigInteger.valueOf(42));
        generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000));
        generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000));
        /*generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR"));
        generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR"));*/
        generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava"));
        generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava"));
        generator.setPublicKey(keypair.getPublic());
        generator.setSignatureAlgorithm("SHA1WITHRSA");
        java.security.cert.X509Certificate x509 = generator.generateX509Certificate(keypair.getPrivate());
        java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2];
        // send the same certificate twice works fine with the default implementation of tor!
        x509s[0] = x509; // myself
        x509s[1] = x509; // a certificate for myself
        return x509s;
    } catch (Exception e) {
        Logger.logTLS(Logger.ERROR, "Caught exception: " + e.getMessage());
    }
    return null;
}