X509CertificateHolder cert = certBuilder.build(signer);
private static X509Certificate verifyCertificate(PrivateKey caPrivateKey, PublicKey caPublicKey, JcaX509v3CertificateBuilder certificateBuilder) throws OperatorCreationException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME).build(caPrivateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(certificateBuilder.build(signer)); cert.checkValidity(new Date()); cert.verify(caPublicKey); return cert; }
X509Certificate mySelfSignedCert = converter.getCertificate(x509Builder.build(signer));
private X509Certificate generateCertificate(final KeyPair keypair) throws Exception { val dn = new X500Name("CN=" + hostname); val notBefore = new GregorianCalendar(); val notOnOrAfter = new GregorianCalendar(); notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears); val builder = new JcaX509v3CertificateBuilder( dn, new BigInteger(X509_CERT_BITS_SIZE, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic() ); val extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic())); builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames()))); val certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate())); val cert = new JcaX509CertificateConverter().getCertificate(certHldr); cert.checkValidity(new Date()); cert.verify(keypair.getPublic()); return cert; }
/** * 生成CA服务器证书 */ public static X509Certificate genCACert(String subject, Date caNotBefore, Date caNotAfter, KeyPair keyPair) throws Exception { JcaX509v3CertificateBuilder jv3Builder = new JcaX509v3CertificateBuilder(new X500Name(subject), BigInteger.valueOf(System.currentTimeMillis() + (long) (Math.random() * 10000) + 1000), caNotBefore, caNotAfter, new X500Name(subject), keyPair.getPublic()); jv3Builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer)); }
byte[] cert = certBuilder.build(signerBuilder.build(keypair.getPrivate())).getEncoded();
byte[] cert = certBuilder.build(signerBuilder.build(keypair.getPrivate())).getEncoded();
.build(new JcaContentSignerBuilder(signatureAlgorithm).build(signerPrivateKey));
private Certificate generateCert(String keyName, KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException { Calendar startDate = Calendar.getInstance(); Calendar endDate = Calendar.getInstance(); endDate.add(Calendar.YEAR, 100); BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis())); X500Name issuer = new X500Name( IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE)); JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic()); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic())); certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority)); certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey)); if (isCertAuthority) { certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign)); } X509CertificateHolder cert = certGen .build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey)); return new JcaX509CertificateConverter().getCertificate(cert); }
public X509Certificate build() { try { JcaX509v3CertificateBuilder jcaCertBuilder = new JcaX509v3CertificateBuilder( issuer, serialNumber, Date.from(notBefore), Date.from(notAfter), subject, certPublicKey); if (basicConstraintsExtension != null) { jcaCertBuilder.addExtension( Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate)); } if (!subjectAlternativeNames.isEmpty()) { GeneralNames generalNames = new GeneralNames( subjectAlternativeNames.stream() .map(SubjectAlternativeName::toGeneralName) .toArray(GeneralName[]::new)); jcaCertBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames); } ContentSigner contentSigner = new JcaContentSignerBuilder(signingAlgorithm.getAlgorithmName()) .setProvider(BouncyCastleProviderHolder.getInstance()) .build(caPrivateKey); return new JcaX509CertificateConverter() .setProvider(BouncyCastleProviderHolder.getInstance()) .getCertificate(jcaCertBuilder.build(contentSigner)); } catch (OperatorException | GeneralSecurityException e) { throw new RuntimeException(e); } catch (IOException e) { throw new UncheckedIOException(e); } }
CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()). setProvider(provider).build(pair.getPrivate()); X509CertificateHolder holder = builder.build(signer); cert = (X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509"). generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
X509CertificateHolder cert = certBuilder.build(signer);
return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer));
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException { Date notBefore = validityStart == null ? new Date() : validityStart; Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd; JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); if (extensions != null) { for (String oid : extensions.getCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid)); } for (String oid : extensions.getNonCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid)); } } try { ContentSigner certSigner = null; if (provider == null) { certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey); } else { certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey); } return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner)); } catch (CertificateException | IllegalStateException | OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
private static X509CertificateHolder createServerCert(PrivateKey rootKey, X509CertificateHolder root, KeyPair keyPair, Collection<String> names) throws Exception { X500NameBuilder sb = new X500NameBuilder(RFC4519Style.INSTANCE); sb.addRDN(RFC4519Style.name, "localhost"); JcaX509v3CertificateBuilder cb = createCert(keyPair, root.getIssuer(), sb.build()); GeneralNamesBuilder gnb = new GeneralNamesBuilder(); for (String name : names) { gnb.addName(new GeneralName(GeneralName.dNSName, name)); } cb.addExtension(Extension.subjectAlternativeName, true, gnb.build()); ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(rootKey); return cb.build(signer); }
.getCertificate(certBldr.build(signer));
.getCertificate(certBldr.build(signer));