Exemple #1
0
 private void addCertToKeystore(X509Certificate _cert, Key _privateKey, String alias)
     throws KeyStoreException {
   X509Certificate[] chain = new X509Certificate[2];
   chain[0] = _cert;
   chain[1] = rootCA;
   keystore.setKeyEntry(alias, _privateKey, KEYSTORE_PASSWORD.toCharArray(), chain);
 }
Exemple #2
0
 /**
  * We need a root CA as a file to add to the browser under which all certificates will be trusted.
  *
  * @throws Exception
  */
 private void createRootCA() throws Exception {
   KeyPair _keyPair = newKeyPair();
   rootCA = buildRootCert(Configuration.getRootCaName(), _keyPair);
   writePEMObject(rootCAPath, rootCA);
   writePEMObject(Configuration.getRootKeyPath(), _keyPair.getPrivate());
   keystore.setKeyEntry(
       Configuration.getRootCaName(),
       _keyPair.getPrivate(),
       KEYSTORE_PASSWORD.toCharArray(),
       new X509Certificate[] {rootCA});
 }
Exemple #3
0
 /**
  * Read certificate and adds it to the keystore.
  *
  * @throws IOException
  * @throws CertificateException
  * @throws KeyStoreException
  */
 private void readRootCA() throws IOException, CertificateException, KeyStoreException {
   Key _privateKey = readPrivateKey(Configuration.getRootKeyPath());
   X509CertificateHolder holder =
       (X509CertificateHolder) readWithPemParser(Configuration.getRootCaPath());
   rootCA =
       new JcaX509CertificateConverter()
           .setProvider(BouncyCastleProvider.PROVIDER_NAME)
           .getCertificate(holder);
   keystore.setKeyEntry(
       Configuration.getRootCaName(),
       _privateKey,
       KEYSTORE_PASSWORD.toCharArray(),
       new X509Certificate[] {rootCA});
 }
  /**
   * Create KeyStore and add a self-signed X.509 Certificate
   *
   * @param dname the X.509 Distinguished Name, eg "CN=www.google.co.uk, O=\"Google Inc\",
   *     L=\"Mountain View\", S=California, C=US"
   * @param keyAlgorithmName the key algorithm, eg "RSA"
   */
  private static KeyStore generateCertificate(
      String alias,
      char[] keyStorePassword,
      KeyAlgorithmName keyAlgorithmName,
      String dname,
      String... sanDomains)
      throws GeneralSecurityException, IOException {

    CertAndKeyGen certAndKeyGen =
        new CertAndKeyGen(
            keyAlgorithmName.name(), keyAlgorithmName.signatureAlgorithmName, "SunCertificates");
    certAndKeyGen.generate(keyAlgorithmName.keySize);

    PrivateKey privateKey = certAndKeyGen.getPrivateKey();
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(360));
    CertificateValidity interval = new CertificateValidity(from, to);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name(dname);

    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(certAndKeyGen.getPublicKey()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(
        X509CertInfo.ALGORITHM_ID,
        new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)));

    // add subject alternative names
    GeneralNames generalNames = new GeneralNames();
    for (String sanDomain : sanDomains) {
      generalNames.add(new GeneralName(new DNSName(sanDomain)));
    }
    if (generalNames.size() > 0) {
      CertificateExtensions certificateExtensions =
          (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
      if (certificateExtensions == null) certificateExtensions = new CertificateExtensions();
      certificateExtensions.set(
          SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames));
      info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    }

    // Sign the certificate to identify the algorithm that's used.
    X509CertImpl x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // update the algorithm, and resign.
    info.set(
        CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
        x509Certificate.get(X509CertImpl.SIG_ALG));
    x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // add to new key store
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, keyStorePassword);
    keyStore.setKeyEntry(
        alias, privateKey, keyStorePassword, new X509Certificate[] {x509Certificate});

    return keyStore;
  }