/* Cert creation engine */
private static synchronized X509Certificate createX509V3Certificate(
PublicKey pubKey,
PrivateKey privKey,
int ttlMonths,
String issuerDN,
String subjectDN,
long serial,
String signAlgoritm)
throws GeneralSecurityException {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.reset();
certGenerator.setSerialNumber(java.math.BigInteger.valueOf(serial));
certGenerator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name(issuerDN));
certGenerator.setNotBefore(new java.util.Date(System.currentTimeMillis()));
certGenerator.setNotAfter(
new java.util.Date(System.currentTimeMillis() + ttlMonths * (1000L * 60 * 60 * 24 * 30)));
certGenerator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name(subjectDN));
certGenerator.setPublicKey(pubKey);
certGenerator.setSignatureAlgorithm(signAlgoritm);
X509Certificate cert =
certGenerator.generateX509Certificate(privKey, "BC", new java.security.SecureRandom());
cert.checkValidity(new java.util.Date());
cert.verify(pubKey);
return cert;
}
/*
* Returns a String to show if the certificate is valid
*/
private String checkValidity(X509Certificate cert) {
try {
cert.checkValidity();
} catch (CertificateExpiredException e) {
return ("\r\n" + Messages.JarVerificationResult_ExpiredCertificate); // $NON-NLS-1$
} catch (CertificateNotYetValidException e) {
return ("\r\n" + Messages.JarVerificationResult_CertificateNotYetValid); // $NON-NLS-1$
}
return ("\r\n" + Messages.JarVerificationResult_CertificateValid); // $NON-NLS-1$
}
/**
* Return true if the certificate is active<br>
* <br>
* Restituisce true se il certificato è ancora attivo
*
* @return true: if the certificate is active
*/
public boolean getInUse() {
try {
cert.checkValidity();
isInUse = true;
isExpired = false;
} catch (CertificateNotYetValidException ex) {
isInUse = false;
} catch (CertificateExpiredException ex) {
isExpired = true;
}
return isInUse;
}