예제 #1
0
  /**
   * generateCertAndKey Creates a Signed User certificate and a private key by generating a self
   * signed user certificate. Private key is encrypted w/ Pwd Certificates are kept internally. (CN
   * and OU are given to the contructor)
   *
   * @param Pwd = Challenge pwd (used to encrypt pirv key)
   * @throws FileNotFoundException
   * @throws IOException
   */
  public void generateSelfSignedCertAndKey(String Pwd) throws NoSuchAlgorithmException, Exception {
    if (_subject == null)
      throw new Exception(_resBundle.getString(GSIProperties.MSG_DN_INFO_REQUIRED));

    if (Pwd == null) throw new Exception(_resBundle.getString(GSIProperties.MSG_INVALID_PWD));

    logger.debug(
        "generateSelfSignedCertAndKey Cert subject: "
            + _subject.getNameString()
            + " Strength="
            + _strength
            + " Pwd="
            + Pwd);

    // Generate A Cert RQ
    StringWriter sw = new StringWriter(); // wil contain the priv key PEM
    BufferedWriter bw = new BufferedWriter(sw);

    KeyPair kp = CertRequest.generateKey("RSA", _strength, Pwd, bw, true); // gen pub/priv keys

    // certs are valid for 1 year: 31536000 secs
    byte[] certBytes = CertRequest.makeSelfSignedCert(kp, _subject, 31536000);

    // Private key
    _keyPEM = sw.toString();
    logger.debug("CertKeyGenerator: Private key PEM\n" + _keyPEM);

    // cert in PEM format
    // _certPEM = "Certificate:\n" +
    //		(CertUtil.loadCertificate(new ByteArrayInputStream(certBytes))).toString() + "\n" +
    _certPEM = writePEM(certBytes, "-----BEGIN CERTIFICATE-----\n", "-----END CERTIFICATE-----\n");

    logger.debug("CertKeyGenerator: Signed Cert RQ . signedUserCert\n" + _certPEM);
  }
예제 #2
0
  /**
   * createCertRequest: Create a certificate request PEM encoded string
   *
   * @param bits Certificate strenght in bits (e.g 512)
   * @param Pwd passphrase used to encrypt the private key
   * @return PEM encoded cert rq string
   * @throws IOException
   * @throws NoSuchProviderException
   * @throws NoSuchAlgorithmException
   */
  public synchronized void createCertRequest(int bits, String Pwd)
      throws IOException, NoSuchProviderException, NoSuchAlgorithmException,
          GeneralSecurityException {
    // Pwd cannot be null
    if (Pwd == null) throw new GeneralSecurityException("Invalid NULL password");

    /*
     * Generate A Cert RQ. Using the CertRequest utility class
     * implemented in puretls.jar
     */
    logger.debug(
        "createCertRequest: Creating a cert request Subject:"
            + _subject.getNameString()
            + " bits="
            + bits
            + " pwd="
            + Pwd);

    StringWriter sw = new StringWriter(); // wil contain the priv key PEM
    BufferedWriter bw = new BufferedWriter(sw);

    /*
     * Generate public/private keys
     */
    KeyPair kp = CertRequest.generateKey("RSA", bits, Pwd, bw, true);
    byte[] req = CertRequest.makePKCS10Request(kp, _subject);

    /*
     * Save data in PEM format
     */
    _certRQPEM =
        buildRequestInfoHeader(_subject.getNameString())
            + writePEM(
                req,
                "-----BEGIN CERTIFICATE REQUEST-----\n",
                "-----END CERTIFICATE REQUEST-----\n");

    _keyPEM = sw.toString();

    logger.debug("createCertRequest: Cert RQ\n" + _certRQPEM + "Key\n" + _keyPEM);
  }