/* Cert creation engine */
private static synchronized X509Certificate createX509V3Certificate(
PublicKey pubKey,
PrivateKey privKey,
int ttlMonths,
String issuerDN,
String subjectDN,
long serial,
String signAlgoritm)
throws GeneralSecurityException {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.reset();
certGenerator.setSerialNumber(java.math.BigInteger.valueOf(serial));
certGenerator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name(issuerDN));
certGenerator.setNotBefore(new java.util.Date(System.currentTimeMillis()));
certGenerator.setNotAfter(
new java.util.Date(System.currentTimeMillis() + ttlMonths * (1000L * 60 * 60 * 24 * 30)));
certGenerator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name(subjectDN));
certGenerator.setPublicKey(pubKey);
certGenerator.setSignatureAlgorithm(signAlgoritm);
X509Certificate cert =
certGenerator.generateX509Certificate(privKey, "BC", new java.security.SecureRandom());
cert.checkValidity(new java.util.Date());
cert.verify(pubKey);
return cert;
}
private boolean isSignatureValid(List<PublicKey> keys, X509Certificate sub) {
if (plugin) {
for (PublicKey key : keys) {
try {
sub.verify(key);
return true;
} catch (Exception ex) {
continue;
}
}
return false;
}
return true; // only check if PLUGIN is set
}