示例#1
0
  private X509Certificate genCert(
      PrivateKey signKey,
      PublicKey pubKey,
      String subjectDN,
      String issuerDN,
      Map<DERObjectIdentifier, DEREncodable> ext)
      throws GeneralSecurityException {
    gen.reset();
    Date now = new Date();

    gen.setSerialNumber(BigInteger.valueOf(0));
    gen.setNotBefore(now);
    gen.setNotAfter(new Date(now.getTime() + CA_CERT_LIFETIME));
    gen.setIssuerDN(new X509Name(issuerDN));
    gen.setSubjectDN(new X509Name(subjectDN));
    gen.setPublicKey(pubKey);
    gen.setSignatureAlgorithm(CA_CERT_SIGNATURE_ALGORITHM);

    if (ext != null) {
      for (Map.Entry<DERObjectIdentifier, DEREncodable> e : ext.entrySet()) {
        gen.addExtension(e.getKey(), false, e.getValue());
      }
    }

    try {
      X509Certificate cert = gen.generateX509Certificate(signKey, "BC", new SecureRandom());
      return cert;
    } catch (Exception e) {
      throw new GeneralSecurityException("Failed to create X509 certificate", e);
    }
  }
示例#2
0
  public boolean createSelfSignedKeystore(
      String cn,
      String keystoreFile,
      String keystorePassword,
      String privateKeyPassword,
      String privateKeyAlias) {
    KeyStore ks = null;

    try {
      ks = KeyStore.getInstance("JKS");
      ks.load(null, null);

      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
      keyGen.initialize(1024, new SecureRandom());
      KeyPair keypair = keyGen.generateKeyPair();
      PrivateKey privkey = keypair.getPrivate();
      PublicKey pubkey = keypair.getPublic();

      Hashtable<DERObjectIdentifier, String> attrs = new Hashtable<DERObjectIdentifier, String>();
      Vector<DERObjectIdentifier> ordering = new Vector<DERObjectIdentifier>();
      ordering.add(X509Name.CN);
      attrs.put(X509Name.CN, cn);
      X509Name issuerDN = new X509Name(ordering, attrs);
      X509Name subjectDN = new X509Name(ordering, attrs);

      Date validFrom = new Date();
      validFrom.setTime(validFrom.getTime() - (10 * 60 * 1000));
      Date validTo = new Date();
      validTo.setTime(validTo.getTime() + (20 * (24 * 60 * 60 * 1000)));

      X509V3CertificateGenerator x509 = new X509V3CertificateGenerator();
      x509.setSignatureAlgorithm("SHA1withDSA");
      x509.setIssuerDN(issuerDN);
      x509.setSubjectDN(subjectDN);
      x509.setPublicKey(pubkey);
      x509.setNotBefore(validFrom);
      x509.setNotAfter(validTo);
      x509.setSerialNumber(new BigInteger(128, new Random()));

      X509Certificate[] cert = new X509Certificate[1];
      cert[0] = x509.generate(privkey, "BC");
      java.security.cert.Certificate[] chain = new java.security.cert.Certificate[1];
      chain[0] = cert[0];

      ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), cert);
      ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), chain);
      ks.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());

      String IDP_RFC_CERT = "WEB-INF/guanxi_idp/keystore/guanxi_idp_cert.txt";

      PEMWriter pemWriter = new PEMWriter(new FileWriter(servletContext.getRealPath(IDP_RFC_CERT)));
      pemWriter.writeObject(cert[0]);
      pemWriter.close();

      return true;
    } catch (Exception se) {
      return false;
    }
  }
  private X509Certificate generateCertificate(
      PublicKey subjectPublicKey,
      String subjectDn,
      DateTime notBefore,
      DateTime notAfter,
      X509Certificate issuerCertificate,
      PrivateKey issuerPrivateKey)
      throws Exception {

    X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
    certificateGenerator.reset();
    certificateGenerator.setPublicKey(subjectPublicKey);
    certificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
    certificateGenerator.setNotBefore(notBefore.toDate());
    certificateGenerator.setNotAfter(notAfter.toDate());

    X509Principal issuerDN;
    if (null != issuerCertificate) {
      issuerDN = new X509Principal(issuerCertificate.getSubjectX500Principal().toString());
    } else {
      issuerDN = new X509Principal(subjectDn);
    }
    certificateGenerator.setIssuerDN(issuerDN);
    certificateGenerator.setSubjectDN(new X509Principal(subjectDn));
    certificateGenerator.setSerialNumber(new BigInteger(128, new SecureRandom()));

    certificateGenerator.addExtension(
        X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey));

    PublicKey issuerPublicKey;
    if (null != issuerCertificate) {
      issuerPublicKey = issuerCertificate.getPublicKey();
    } else {
      issuerPublicKey = subjectPublicKey;
    }
    certificateGenerator.addExtension(
        X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey));

    X509Certificate certificate;
    certificate = certificateGenerator.generate(issuerPrivateKey);

    /*
     * Next certificate factory trick is needed to make sure that the
     * certificate delivered to the caller is provided by the default
     * security provider instead of BouncyCastle. If we don't do this trick
     * we might run into trouble when trying to use the CertPath validator.
     */
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    certificate =
        (X509Certificate)
            certificateFactory.generateCertificate(
                new ByteArrayInputStream(certificate.getEncoded()));
    return certificate;
  }
示例#4
0
  /**
   * Generowanie certyfikatu x509
   *
   * @param certInfo informacje ktore maja znalezc sie w certyfikacie
   * @return
   * @throws InvalidKeyException
   * @throws NoSuchProviderException
   * @throws SignatureException
   * @throws CertificateEncodingException
   * @throws IllegalStateException
   * @throws NoSuchAlgorithmException
   */
  public common.Pair<X509Certificate, KeyPair> generateV3Certificate(X500Principal certInfo)
      throws InvalidKeyException, NoSuchProviderException, SignatureException,
          CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException,
          KeyStoreException {
    KeyPairGenerator keyGen;
    keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(1024);
    KeyPair keyPair = keyGen.generateKeyPair();
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(
        ((X509Certificate) this.keystore.getCertificate("servertrustedcert"))
            .getSubjectX500Principal());
    certGen.setNotBefore(new Date(System.currentTimeMillis() - 7 * 24 * 3600 * 1000));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 7 * 24 * 3600 * 1000));
    certGen.setSubjectDN(certInfo);
    certGen.setPublicKey(keyPair.getPublic());
    certGen.setSignatureAlgorithm("SHA1withDSA");

    // return new Pair(certGen.generate(this.caPrivKey), keyPair);
    return new common.Pair<X509Certificate, KeyPair>(certGen.generate(this.caPrivKey), keyPair);
  }
  /** Generate a sample V3 certificate to use as an intermediate CA certificate */
  public static X509Certificate generateIntermediateCert(
      PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception {
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

    certGen.setSerialNumber(BigInteger.valueOf(1));
    certGen.setIssuerDN(caCert.getSubjectX500Principal());
    certGen.setNotBefore(new Date(System.currentTimeMillis()));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + ConfigurationClass.VALIDITY_PERIOD));
    certGen.setSubjectDN(new X500Principal("CN=Test Intermediate Certificate"));
    certGen.setPublicKey(intKey);
    certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

    certGen.addExtension(
        X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    certGen.addExtension(
        X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
    certGen.addExtension(
        X509Extensions.KeyUsage,
        true,
        new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

    return certGen.generateX509Certificate(caKey, "BC");
  }