/* * X509V3CertGen.java */ package org.maxkey.crypto.cert; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Date; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.maxkey.crypto.KeyPairType; import org.maxkey.crypto.KeyPairUtil; /** * Provides utility methods relating to X509 Certificates Gen */ public final class X509V3CertGen { public static X509Certificate genV3Certificate(String issuerName,String subjectName,Date notBefore,Date notAfter,KeyPair keyPair) throws Exception { //issuer same as subject is CA BigInteger serial=BigInteger.valueOf(System.currentTimeMillis()); X500Name x500Name =new X500Name(issuerName); X500Name subject =new X500Name(subjectName); PublicKey publicKey =keyPair.getPublic(); PrivateKey privateKey=keyPair.getPrivate(); SubjectPublicKeyInfo subjectPublicKeyInfo = null; try { Object aiStream=new ASN1InputStream(publicKey.getEncoded()).readObject(); subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream); } catch (IOException e1) { e1.printStackTrace(); } X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey); //certBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); //certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment)); //certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); //certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "[email protected]"))); X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen); CertificateFactory certificateFactory = CertificateFactory.class.newInstance(); InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded()); X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream); inputStream.close(); return x509Certificate; } public static KeyPair genRSAKeyPair() throws Exception { return KeyPairUtil.genKeyPair(KeyPairType.RSA, "BC"); } }