private void writeKey(OpenSSLKey key, File f) throws GeneralSecurityException { try { OutputStream keyStream = openStream(f); if (!SHARED_PROXIES) { f.deleteOnExit(); } try { key.writeTo(keyStream); } finally { keyStream.close(); } } catch (Exception e) { throw new GeneralSecurityException("Failed to save CA private key", e); } }
/** * Creates an X509 version3 certificate * * @param algorithm (e.g RSA, DSA, etc...) * @param bits Cet strength e.g 1024 * @param issuer Issuer string e.g "O=Grid,OU=OGSA,CN=ACME" * @param subject Subject string e.g "O=Grid,OU=OGSA,CN=John Doe" * @param months time to live * @param outPrivKey OutputStream to the private key in PKCS#8 format (Note: this key will not be * encrypted) * @return X509 V3 Certificate * @throws GeneralSecurityException */ public static X509Certificate createX509Cert( String algorithm, int bits, String issuer, String subject, int months, OutputStream outPrivKey, String sigAlg, String pwd) throws GeneralSecurityException, IOException { // String sigAlg = "SHA1WithRSAEncryption"; // Priv key is in PKCS#8 format KeyPair kp = CertUtil.generateKeyPair(algorithm, bits); // must convert from PKCS#8 to PKCS#1 to encrypt with BouncyCastleOpenSSLKey // Priv key must be DER encoded key data in PKCS#1 format to be encrypted. OpenSSLKey PKCS_8key = new BouncyCastleOpenSSLKey(kp.getPrivate()); long serial = 0; logger.debug( "createX509Cert Alg: " + algorithm + " bits:" + bits + " Issuer: " + issuer + " Subject: " + subject); logger.debug( "createX509Cert Sig alg:" + sigAlg + " Priv key format:" + PKCS_8key.getPrivateKey().getFormat()); // if ( pwd != null && ! PKCS_8key.isEncrypted()) // PKCS_8key.encrypt(pwd); // write private key PKCS_8key.writeTo(outPrivKey); // return X509 Cert return createX509V3Certificate( kp.getPublic(), kp.getPrivate(), months, issuer, subject, serial, sigAlg); }