/**
* Creates an X509 version3 certificate
*
* @param algorithm (e.g RSA, DSA, etc...)
* @param bits Cet strength e.g 1024
* @param issuer Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
* @param subject Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
* @param months time to live
* @param outPrivKey OutputStream to the private key in PKCS#8 format (Note: this key will not be
* encrypted)
* @return X509 V3 Certificate
* @throws GeneralSecurityException
*/
public static X509Certificate createX509Cert(
String algorithm,
int bits,
String issuer,
String subject,
int months,
OutputStream outPrivKey,
String sigAlg,
String pwd)
throws GeneralSecurityException, IOException {
// String sigAlg = "SHA1WithRSAEncryption";
// Priv key is in PKCS#8 format
KeyPair kp = CertUtil.generateKeyPair(algorithm, bits);
// must convert from PKCS#8 to PKCS#1 to encrypt with BouncyCastleOpenSSLKey
// Priv key must be DER encoded key data in PKCS#1 format to be encrypted.
OpenSSLKey PKCS_8key = new BouncyCastleOpenSSLKey(kp.getPrivate());
long serial = 0;
logger.debug(
"createX509Cert Alg: "
+ algorithm
+ " bits:"
+ bits
+ " Issuer: "
+ issuer
+ " Subject: "
+ subject);
logger.debug(
"createX509Cert Sig alg:"
+ sigAlg
+ " Priv key format:"
+ PKCS_8key.getPrivateKey().getFormat());
// if ( pwd != null && ! PKCS_8key.isEncrypted())
// PKCS_8key.encrypt(pwd);
// write private key
PKCS_8key.writeTo(outPrivKey);
// return X509 Cert
return createX509V3Certificate(
kp.getPublic(), kp.getPrivate(), months, issuer, subject, serial, sigAlg);
}
private void writeKey(OpenSSLKey key, File f) throws GeneralSecurityException {
try {
OutputStream keyStream = openStream(f);
if (!SHARED_PROXIES) {
f.deleteOnExit();
}
try {
key.writeTo(keyStream);
} finally {
keyStream.close();
}
} catch (Exception e) {
throw new GeneralSecurityException("Failed to save CA private key", e);
}
}