List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setSignatureAlgorithm
public void setSignatureAlgorithm(String signatureAlgorithm)
From source file:TorJava.PrivateKeyHandler.java
License:Open Source License
public java.security.cert.X509Certificate[] getCertificateChain(String alias) { try {/* www .j av a2 s . c om*/ org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator(); generator.reset(); generator.setSerialNumber(BigInteger.valueOf(42)); generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000)); generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000)); /*generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR")); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR"));*/ generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava")); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava")); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm("SHA1WITHRSA"); java.security.cert.X509Certificate x509 = generator.generateX509Certificate(keypair.getPrivate()); java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2]; // send the same certificate twice works fine with the default implementation of tor! x509s[0] = x509; // myself x509s[1] = x509; // a certificate for myself return x509s; } catch (Exception e) { Logger.logTLS(Logger.ERROR, "Caught exception: " + e.getMessage()); } return null; }
From source file:util.X509Helper.java
private X509Certificate generateCertificate(KeyPair keyPair, boolean selfSigned, Principal issuerDN) { try {//from w w w . jav a 2 s .c o m X500Principal x500Principal = new X500Principal("C=" + Constants.access.getSubjectCountry() + ",ST=" + Constants.access.getSubjectState() + ",L=" + Constants.access.getSubjectLocality() + ",O=" + Constants.access.getSubjectOrganization() + ",OU=" + Constants.access.getSubjectOrganizationUnit() + ",CN=" + Constants.access.getSubjectCommonName()); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(new BigInteger(Constants.access.getSerialNumber())); certGen.setIssuerDN(selfSigned ? x500Principal : new X500Principal(issuerDN.toString())); certGen.setNotBefore(Constants.access.getNotBefore()); certGen.setNotAfter(Constants.access.getNotAfter()); certGen.setSubjectDN(x500Principal); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(Constants.access.getPublicKeySignatureAlgorithm()); //TODO:SET EXTENSIONS // certGen.addExtension(X509Extensions.BasicConstraints, uiParams.isExtensionBasicConstraintsIsCritical(), basicConstraint); return certGen.generateX509Certificate(keyPair.getPrivate(), "BC"); } catch (Exception ex) { Logger.getLogger(X509Helper.class.getName()).log(Level.SEVERE, null, ex); } return null; }
From source file:utils.Tools.java
License:Apache License
/** * Generate a sample V3 certificate to use as an intermediate CA certificate * @author David Hook// ww w . ja v a2 s . c o m */ public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Name(caCert.getSubjectX500Principal().getName())); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X509Name(new X500Principal("CN=Test Intermediate Certificate").getName())); certGen.setPublicKey(intKey); certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return certGen.generate(caKey, "BC"); }
From source file:utils.Tools.java
License:Apache License
/** * Generate a sample V3 certificate to use as an end entity certificate * @author David Hook/* w ww . ja v a 2 s. co m*/ */ public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Name(caCert.getSubjectX500Principal().getName())); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X509Name(new X500Principal("CN=Test End Certificate").getName())); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); return certGen.generate(caKey, "BC"); }
From source file:utils.Utils.java
License:Apache License
/** * Generate a sample V1 certificate to use as a CA root certificate *///from ww w. j a va2 s. co m public static X509Certificate generateRootCert(KeyPair pair, Config config) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Name("CN=Test CA Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X509Name("CN=Test CA Certificate")); certGen.setPublicKey(pair.getPublic()); if (config == null) { certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); } else { String name = "SHA1WithRSAEncryption"; certGen.setSignatureAlgorithm(name); } return certGen.generate(pair.getPrivate(), "BC"); }
From source file:utils.Utils.java
License:Apache License
/** * Generate a sample V3 certificate to use as an intermediate CA certificate *//*from w w w. ja va 2 s . c om*/ public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Name(caCert.getSubjectX500Principal().getName())); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X509Name(new X500Principal("CN=Test Intermediate Certificate").getName())); certGen.setPublicKey(intKey); certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new org.bouncycastle.asn1.x509.KeyUsage(org.bouncycastle.asn1.x509.KeyUsage.digitalSignature | org.bouncycastle.asn1.x509.KeyUsage.keyCertSign | KeyUsage.cRLSign)); return certGen.generate(caKey, "BC"); }
From source file:utils.Utils.java
License:Apache License
/** * Generate a sample V3 certificate to use as an end entity certificate *//*from www . jav a2 s.c om*/ public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, Config config) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X509Name(caCert.getSubjectX500Principal().getName())); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X509Name(new X500Principal("CN=Test End Certificate").getName())); certGen.setPublicKey(entityKey); if (config.getHash() == 0) certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); else certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new org.bouncycastle.asn1.x509.KeyUsage(org.bouncycastle.asn1.x509.KeyUsage.digitalSignature | org.bouncycastle.asn1.x509.KeyUsage.keyEncipherment)); return certGen.generate(caKey, "BC"); }