/**
* We need a root CA as a file to add to the browser under which all certificates will be trusted.
*
* @throws Exception
*/
private void createRootCA() throws Exception {
KeyPair _keyPair = newKeyPair();
rootCA = buildRootCert(Configuration.getRootCaName(), _keyPair);
writePEMObject(rootCAPath, rootCA);
writePEMObject(Configuration.getRootKeyPath(), _keyPair.getPrivate());
keystore.setKeyEntry(
Configuration.getRootCaName(),
_keyPair.getPrivate(),
KEYSTORE_PASSWORD.toCharArray(),
new X509Certificate[] {rootCA});
}
private SubjectPublicKeyInfo getSubjectPublicKeyInfo(KeyPair _keyPair) {
byte[] encodedPublicKey = _keyPair.getPublic().getEncoded();
return new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encodedPublicKey));
}
private X509Certificate buildRootCert(String domain, KeyPair _keyPair) throws Exception {
X509v3CertificateBuilder certificateBuilder = createX509v3CertificateBuilder(domain, _keyPair);
certificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return createX509Certificate(certificateBuilder, _keyPair.getPrivate());
}
protected void generateKeyAndPutIntoKeyStore(final String domain) throws Exception {
KeyPair keyPair = newKeyPair();
X509Certificate cert = buildSignedCert(domain, keyPair);
addCertToKeystore(cert, keyPair.getPrivate(), domain);
}
