/**
* generateCertAndKey Creates a Signed User certificate and a private key by generating a self
* signed user certificate. Private key is encrypted w/ Pwd Certificates are kept internally. (CN
* and OU are given to the contructor)
*
* @param Pwd = Challenge pwd (used to encrypt pirv key)
* @throws FileNotFoundException
* @throws IOException
*/
public void generateSelfSignedCertAndKey(String Pwd) throws NoSuchAlgorithmException, Exception {
if (_subject == null)
throw new Exception(_resBundle.getString(GSIProperties.MSG_DN_INFO_REQUIRED));
if (Pwd == null) throw new Exception(_resBundle.getString(GSIProperties.MSG_INVALID_PWD));
logger.debug(
"generateSelfSignedCertAndKey Cert subject: "
+ _subject.getNameString()
+ " Strength="
+ _strength
+ " Pwd="
+ Pwd);
// Generate A Cert RQ
StringWriter sw = new StringWriter(); // wil contain the priv key PEM
BufferedWriter bw = new BufferedWriter(sw);
KeyPair kp = CertRequest.generateKey("RSA", _strength, Pwd, bw, true); // gen pub/priv keys
// certs are valid for 1 year: 31536000 secs
byte[] certBytes = CertRequest.makeSelfSignedCert(kp, _subject, 31536000);
// Private key
_keyPEM = sw.toString();
logger.debug("CertKeyGenerator: Private key PEM\n" + _keyPEM);
// cert in PEM format
// _certPEM = "Certificate:\n" +
// (CertUtil.loadCertificate(new ByteArrayInputStream(certBytes))).toString() + "\n" +
_certPEM = writePEM(certBytes, "-----BEGIN CERTIFICATE-----\n", "-----END CERTIFICATE-----\n");
logger.debug("CertKeyGenerator: Signed Cert RQ . signedUserCert\n" + _certPEM);
}
/**
* createCertRequest: Create a certificate request PEM encoded string
*
* @param bits Certificate strenght in bits (e.g 512)
* @param Pwd passphrase used to encrypt the private key
* @return PEM encoded cert rq string
* @throws IOException
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
*/
public synchronized void createCertRequest(int bits, String Pwd)
throws IOException, NoSuchProviderException, NoSuchAlgorithmException,
GeneralSecurityException {
// Pwd cannot be null
if (Pwd == null) throw new GeneralSecurityException("Invalid NULL password");
/*
* Generate A Cert RQ. Using the CertRequest utility class
* implemented in puretls.jar
*/
logger.debug(
"createCertRequest: Creating a cert request Subject:"
+ _subject.getNameString()
+ " bits="
+ bits
+ " pwd="
+ Pwd);
StringWriter sw = new StringWriter(); // wil contain the priv key PEM
BufferedWriter bw = new BufferedWriter(sw);
/*
* Generate public/private keys
*/
KeyPair kp = CertRequest.generateKey("RSA", bits, Pwd, bw, true);
byte[] req = CertRequest.makePKCS10Request(kp, _subject);
/*
* Save data in PEM format
*/
_certRQPEM =
buildRequestInfoHeader(_subject.getNameString())
+ writePEM(
req,
"-----BEGIN CERTIFICATE REQUEST-----\n",
"-----END CERTIFICATE REQUEST-----\n");
_keyPEM = sw.toString();
logger.debug("createCertRequest: Cert RQ\n" + _certRQPEM + "Key\n" + _keyPEM);
}