Beispiel #1
0
  private X509Certificate createAll(int index) throws GeneralSecurityException, IOException {
    logger.info("Generating CA key pair");
    KeyPair ca = CertUtil.generateKeyPair(CA_CERT_ALGORITHM, CA_CERT_BITS);
    OpenSSLKey caKey = new BouncyCastleOpenSSLKey(ca.getPrivate());
    logger.info("Self-signing CA certificate");
    X509Certificate caCert = genCert(ca.getPrivate(), ca.getPublic(), CA_CERT_DN, CA_CERT_DN, null);

    logger.info("Generating user key pair");
    KeyPair user = CertUtil.generateKeyPair(CA_CERT_ALGORITHM, CA_CERT_BITS);
    OpenSSLKey userKey = new BouncyCastleOpenSSLKey(user.getPrivate());
    logger.info("Signing user certificate");
    X509Certificate userCert =
        genCert(
            ca.getPrivate(),
            user.getPublic(),
            USER_CERT_DN,
            CA_CERT_DN,
            createExtensions(ca.getPublic(), user.getPublic()));
    logger.info("Generating proxy certificate");
    GlobusCredential proxy = makeProxy(user, userCert);

    try {
      logger.info("Writing keys, certificates, and proxy");
      writeKey(caKey, makeFile(CA_KEY_NAME_PREFIX, index));
      writeCert(caCert, makeFile(CA_CRT_NAME_PREFIX, index));
      writeKey(userKey, makeFile(USER_KEY_NAME_PREFIX, index));
      writeCert(userCert, makeFile(USER_CRT_NAME_PREFIX, index));
      writeProxy(proxy, makeFile(PROXY_NAME_PREFIX, index));
      copySigningPolicy(index);
    } catch (GeneralSecurityException e) {
      deleteAll(index);
      throw e;
    }
    return cert;
  }
Beispiel #2
0
  private GlobusCredential makeProxy(KeyPair kp, X509Certificate issuerCert)
      throws GeneralSecurityException {
    BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault();
    KeyPair newKeyPair = CertUtil.generateKeyPair(CA_CERT_ALGORITHM, CA_CERT_BITS);

    return factory.createCredential(
        new X509Certificate[] {issuerCert},
        kp.getPrivate(),
        CA_CERT_BITS,
        (int) (CA_CERT_LIFETIME / 1000),
        GSIConstants.DELEGATION_FULL,
        (X509ExtensionSet) null);
  }
  /**
   * Creates an X509 version3 certificate
   *
   * @param algorithm (e.g RSA, DSA, etc...)
   * @param bits Cet strength e.g 1024
   * @param issuer Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
   * @param subject Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
   * @param months time to live
   * @param outPrivKey OutputStream to the private key in PKCS#8 format (Note: this key will not be
   *     encrypted)
   * @return X509 V3 Certificate
   * @throws GeneralSecurityException
   */
  public static X509Certificate createX509Cert(
      String algorithm,
      int bits,
      String issuer,
      String subject,
      int months,
      OutputStream outPrivKey,
      String sigAlg,
      String pwd)
      throws GeneralSecurityException, IOException {
    // String sigAlg = "SHA1WithRSAEncryption";

    // Priv key is in PKCS#8 format
    KeyPair kp = CertUtil.generateKeyPair(algorithm, bits);

    // must convert from PKCS#8 to PKCS#1 to encrypt with BouncyCastleOpenSSLKey
    // Priv key must be DER encoded key data in PKCS#1 format to be encrypted.
    OpenSSLKey PKCS_8key = new BouncyCastleOpenSSLKey(kp.getPrivate());

    long serial = 0;

    logger.debug(
        "createX509Cert Alg: "
            + algorithm
            + " bits:"
            + bits
            + " Issuer: "
            + issuer
            + " Subject: "
            + subject);
    logger.debug(
        "createX509Cert Sig alg:"
            + sigAlg
            + " Priv key format:"
            + PKCS_8key.getPrivateKey().getFormat());

    // if ( pwd != null && ! PKCS_8key.isEncrypted())
    //	PKCS_8key.encrypt(pwd);

    // write private key
    PKCS_8key.writeTo(outPrivKey);

    // return X509 Cert
    return createX509V3Certificate(
        kp.getPublic(), kp.getPrivate(), months, issuer, subject, serial, sigAlg);
  }