Exemplo n.º 1
0
  /**
   * Generate version 1 self signed {@link java.security.cert.X509Certificate}..
   *
   * @param caKeyPair the CA key pair
   * @param subject the subject name
   * @return the x509 certificate
   * @throws Exception the exception
   */
  public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject)
      throws Exception {

    try {
      X500Name subjectDN = new X500Name("CN=" + subject);
      BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
      Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
      Calendar calendar = Calendar.getInstance();
      calendar.add(Calendar.YEAR, 10);
      Date validityEndDate = new Date(calendar.getTime().getTime());
      SubjectPublicKeyInfo subPubKeyInfo =
          SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());

      X509v1CertificateBuilder builder =
          new X509v1CertificateBuilder(
              subjectDN,
              serialNumber,
              validityStartDate,
              validityEndDate,
              subjectDN,
              subPubKeyInfo);
      X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));

      return new JcaX509CertificateConverter().getCertificate(holder);
    } catch (Exception e) {
      throw new RuntimeException("Error creating X509v1Certificate.", e);
    }
  }
Exemplo n.º 2
0
  /**
   * Create a self-signed X.509 Certificate. From
   * http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
   *
   * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
   * @param pair the KeyPair
   * @param days how many days from now the Certificate is valid for
   * @param algorithm the signing algorithm, eg "SHA1withRSA"
   * @return the self-signed certificate
   * @throws CertificateException thrown if a security error or an IO error ocurred.
   */
  public static X509Certificate generateCertificate(
      String dn, KeyPair pair, int days, String algorithm) throws CertificateException {

    try {
      Security.addProvider(new BouncyCastleProvider());
      AlgorithmIdentifier sigAlgId =
          new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
      AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
      AsymmetricKeyParameter privateKeyAsymKeyParam =
          PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
      SubjectPublicKeyInfo subPubKeyInfo =
          SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
      ContentSigner sigGen =
          new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
      X500Name name = new X500Name(dn);
      Date from = new Date();
      Date to = new Date(from.getTime() + days * 86400000L);
      BigInteger sn = new BigInteger(64, new SecureRandom());

      X509v1CertificateBuilder v1CertGen =
          new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
      X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
      return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
    } catch (CertificateException ce) {
      throw ce;
    } catch (Exception e) {
      throw new CertificateException(e);
    }
  }
  /** Build a sample V1 certificate to use as a CA root certificate */
  public static X509Certificate buildCARootCertV1(KeyPair keyPair) throws Exception {
    X500Name issuer =
        new X500Name("CN=Test Root Certificate,OU=JL,O=JL Corporation,L=SH_L,ST=SH,C=CN");
    BigInteger serial = BigInteger.valueOf(1);
    Date notBefore = new Date();
    Date notAfter = sdf.parse("2016-06-06 06:06:06");
    X500Name subject =
        new X500Name("CN=Test Root Certificate,OU=JL,O=JL Corporation,L=SH_L,ST=SH,C=CN");
    PublicKey publicKey = keyPair.getPublic();

    X509v1CertificateBuilder certBldr =
        new JcaX509v1CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKey);
    ContentSigner signer =
        new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(keyPair.getPrivate());
    return new JcaX509CertificateConverter()
        .setProvider("BC")
        .getCertificate(certBldr.build(signer));
  }