/** Build a sample V3 certificate to use as an end entity certificate */
 public static X509Certificate buildEndEntityCert(
     PublicKey entityKey, PrivateKey caKey, X509Certificate caCert) throws Exception {
   X509v3CertificateBuilder certBldr =
       new JcaX509v3CertificateBuilder(
           caCert.getSubjectX500Principal(),
           BigInteger.valueOf(1),
           new Date(System.currentTimeMillis()),
           new Date(System.currentTimeMillis() + VALIDITY_PERIOD),
           new X500Principal("CN=Test End Entity Certificate"),
           entityKey);
   JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
   certBldr
       .addExtension(
           Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert))
       .addExtension(
           Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(entityKey))
       .addExtension(Extension.basicConstraints, true, new BasicConstraints(false))
       .addExtension(
           Extension.keyUsage,
           true,
           new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
   ContentSigner signer =
       new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caKey);
   return new JcaX509CertificateConverter()
       .setProvider("BC")
       .getCertificate(certBldr.build(signer));
 }
 /** Build a sample V3 certificate to use as an intermediate CA certificate */
 public static X509Certificate buildIntermediateCert(
     PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception {
   X509v3CertificateBuilder certBldr =
       new JcaX509v3CertificateBuilder(
           caCert.getSubjectX500Principal(),
           BigInteger.valueOf(1),
           new Date(),
           sdf.parse("2016-07-06 06:06:06"),
           new X500Principal("CN=Test CA Certificate"),
           intKey);
   JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
   certBldr
       .addExtension(
           Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert))
       .addExtension(
           Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(intKey))
       .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
       .addExtension(
           Extension.keyUsage,
           true,
           new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
   ContentSigner signer =
       new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caKey);
   return new JcaX509CertificateConverter()
       .setProvider("BC")
       .getCertificate(certBldr.build(signer));
 }
  public X509v3CertificateBuilder applyExtension(X509v3CertificateBuilder certificateGenerator)
      throws CertIOException {

    BasicConstraints bc = null;

    if (((BasicConstraintField) certificateField).getIsCA() == false) {
      bc = new BasicConstraints(false);
    } else {
      bc = new BasicConstraints(((BasicConstraintField) certificateField).getPathLength());
    }

    certificateGenerator.addExtension(
        X509Extension.basicConstraints, certificateField.getCritical(), bc);
    return (certificateGenerator);
  }
  /**
   * Generates version 3 {@link java.security.cert.X509Certificate}.
   *
   * @param keyPair the key pair
   * @param caPrivateKey the CA private key
   * @param caCert the CA certificate
   * @param subject the subject name
   * @return the x509 certificate
   * @throws Exception the exception
   */
  public static X509Certificate generateV3Certificate(
      KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject)
      throws Exception {

    try {
      X500Name subjectDN = new X500Name("CN=" + subject);

      // Serial Number
      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
      BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));

      // Validity
      Date notBefore = new Date(System.currentTimeMillis());
      Date notAfter =
          new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);

      // SubjectPublicKeyInfo
      SubjectPublicKeyInfo subjPubKeyInfo =
          new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));

      X509v3CertificateBuilder certGen =
          new X509v3CertificateBuilder(
              new X500Name(caCert.getSubjectDN().getName()),
              serialNumber,
              notBefore,
              notAfter,
              subjectDN,
              subjPubKeyInfo);

      DigestCalculator digCalc =
          new BcDigestCalculatorProvider()
              .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
      X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);

      // Subject Key Identifier
      certGen.addExtension(
          Extension.subjectKeyIdentifier,
          false,
          x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));

      // Authority Key Identifier
      certGen.addExtension(
          Extension.authorityKeyIdentifier,
          false,
          x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));

      // Key Usage
      certGen.addExtension(
          Extension.keyUsage,
          false,
          new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

      // Extended Key Usage
      KeyPurposeId[] EKU = new KeyPurposeId[2];
      EKU[0] = KeyPurposeId.id_kp_emailProtection;
      EKU[1] = KeyPurposeId.id_kp_serverAuth;

      certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));

      // Basic Constraints
      certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));

      // Content Signer
      ContentSigner sigGen =
          new JcaContentSignerBuilder("SHA1WithRSAEncryption")
              .setProvider("BC")
              .build(caPrivateKey);

      // Certificate
      return new JcaX509CertificateConverter()
          .setProvider("BC")
          .getCertificate(certGen.build(sigGen));
    } catch (Exception e) {
      throw new RuntimeException("Error creating X509v3Certificate.", e);
    }
  }
Beispiel #5
0
 private X509Certificate buildRootCert(String domain, KeyPair _keyPair) throws Exception {
   X509v3CertificateBuilder certificateBuilder = createX509v3CertificateBuilder(domain, _keyPair);
   certificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
   return createX509Certificate(certificateBuilder, _keyPair.getPrivate());
 }