public static X509Certificate generateV1Certificate(final KeyPair keyPair, final String subject, final String issuer, final int validityYears, final String signatureAlgorithm) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException { final DateTime now = DateTime.now(DateTimeZone.UTC); final X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder( new X500Name(issuer), generateRandomBigInt(), now.minusDays(1).toDate(), now.plusYears(validityYears).toDate(), new X500Name(subject), keyPair.getPublic()); final ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC").build(keyPair.getPrivate()); final X509CertificateHolder certHolder = certBuilder.build(signer); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); }
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException { Date notBefore = validityStart == null ? new Date() : validityStart; Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd; JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); try { ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build( privateKey); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner)); } catch (CertificateException | IllegalStateException | OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }