X509Certificate certificate = generator.generate(signedByKeyPair.getPrivate()); return new HeldCertificate(heldKeyPair, certificate); } catch (GeneralSecurityException e) {
public X509Certificate generateCertificate(KeyPair keyPair){ X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed cert.setPublicKey(keyPair.getPublic()); cert.setNotBefore(<date>); cert.setNotAfter(<date>); cert.setSignatureAlgorithm("SHA1WithRSAEncryption"); PrivateKey signingKey = keyPair.getPrivate(); return cert.generate(signingKey, "BC"); }
/** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing. */ public X509Certificate generate( PrivateKey key, String provider) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { return generate(key, provider, null); }
/** * generate an X509 certificate, based on the current issuer and subject * using the default provider. * <p> * <b>Note:</b> this differs from the deprecated method in that the default provider is * used - not "BC". * </p> */ public X509Certificate generate( PrivateKey key) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { return generate(key, (SecureRandom)null); }
return generate(key, provider, random);
// generate a key pair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(4096, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // build a certificate generator X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("cn=example"); // add some options certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(new X509Name("dc=name")); certGen.setIssuerDN(dnName); // use the same // yesterday certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000)); // in 2 years certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000)); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); // finally, sign the certificate with the private key of the same KeyPair X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
+ VALIDITY_PERIOD)); gen.setSignatureAlgorithm("SHA1WithECDSA"); cert = gen.generate(pair.getPrivate(), "BC");
+ VALIDITY_PERIOD)); gen.setSignatureAlgorithm("SHA1WithECDSA"); cert = gen.generate(pair.getPrivate(), "BC");
protected Certificate generateCertificate(KeyPair keyPair, String alias) throws GeneralSecurityException { //test that Bouncy Castle provider is present and add it if it's not if( Security.getProvider(org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // X509Name nameInfo = new X509Name(false,"CN=" + alias); certificateGenerator.setSignatureAlgorithm("MD5WithRSA"); certificateGenerator.setSerialNumber(new java.math.BigInteger("1")); X509Principal nameInfo = new X509Principal("CN=" + alias); certificateGenerator.setIssuerDN(nameInfo); certificateGenerator.setSubjectDN(nameInfo); // note: same as issuer for self signed certificateGenerator.setNotBefore(new Date()); Calendar c = Calendar.getInstance(); c.add(Calendar.DATE, CLIENT_CERT_EXPIRATION_DAYS); certificateGenerator.setNotAfter(c.getTime()); certificateGenerator.setPublicKey(keyPair.getPublic()); return certificateGenerator.generate(keyPair.getPrivate(), org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME); }
certGenerator.setPublicKey(publicKey); certGenerator.setSignatureAlgorithm("SHA1withRSA"); X509Certificate certificate = (X509Certificate)certGenerator.generate(privateKey, "BC"); return certificate;
public void createFakedCertificate() throws CertificateHandlerException { try { Logging.getInstance().log(getClass(), "Faking the found certificate", Logging.DEBUG); KeyPairGenerator kpg = KeyPairGenerator.getInstance( originalPublicKey.getAlgorithm() ); kpg.initialize( ( (RSAPublicKey) certificate.getPublicKey() ).getModulus().bitLength() ); fakedKeyPair = kpg.generateKeyPair(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSubjectDN(certificate.getSubjectX500Principal()); v3CertGen.setIssuerDN(certificate.getIssuerX500Principal()); v3CertGen.setNotAfter(certificate.getNotAfter()); v3CertGen.setNotBefore(certificate.getNotBefore()); v3CertGen.setSerialNumber(new BigInteger(64, new Random())); v3CertGen.setSignatureAlgorithm(certificate.getSigAlgName()); v3CertGen.setPublicKey(fakedKeyPair.getPublic()); fakedCertificate = v3CertGen.generate(fakedKeyPair.getPrivate()); } catch (CertificateEncodingException | SecurityException | SignatureException | InvalidKeyException | NoSuchAlgorithmException e ) { throw new CertificateHandlerException( e ); } }
v1CertGen.setSubjectDN(new X509Principal("cn=test")); // issuer and subject are the same for a CA v1CertGen.setPublicKey(keyPair.getPublic()); X509Certificate newCACert = v1CertGen.generate(localKeyPair.getPrivate(), "BC");
v1CertGen.setSubjectDN(new X509Principal("cn=test")); // issuer and subject are the same for a CA v1CertGen.setPublicKey(keyPair.getPublic()); X509Certificate newCACert = v1CertGen.generate(localKeyPair.getPrivate(), "BC");
X509Certificate newCACert = v1CertGen.generate(keyPair.getPrivate(), CryptoExtensions.getJCEProviderName());
public X509Certificate x509ReqToX509(PKCS10CertificationRequest csr, int days, PrivateKey pKey) { Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.add(Calendar.DATE, days); Date notAfter = cal.getTime(); BigInteger serialNumber = generateCertSerialNumber(); // No implemented here X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(csr.getCertificationRequestInfo().getSubject()); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(notBefore); certGen.setNotAfter(notAfter); certGen.setPublicKey(csr.getPublicKey()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(pKey, "BC"); }
public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) { try { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber( serialNumber != null ? serialNumber : // must be positive BigInteger.valueOf(srand.nextLong()).abs().add(BigInteger.ONE)); v3CertGen.setIssuerDN(issuerPrincipal); v3CertGen.setNotBefore(validityStartDate); v3CertGen.setNotAfter(validityEndDate); v3CertGen.setSignatureAlgorithm(signatureAlgorithm); v3CertGen.setSubjectDN(subject); v3CertGen.setPublicKey(keyToCertify); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyToCertify)); if (authorityKeyIdentifier!=null) v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); X509Certificate pkCertificate = v3CertGen.generate(issuerKey.getPrivate(), "BC"); return pkCertificate; } catch (Exception e) { throw Exceptions.propagate(e); } }
@SuppressWarnings("deprecation") public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) { try { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber( serialNumber != null ? serialNumber : // must be positive BigInteger.valueOf(srand.nextLong()).abs().add(BigInteger.ONE)); v3CertGen.setIssuerDN(issuerPrincipal); v3CertGen.setNotBefore(validityStartDate); v3CertGen.setNotAfter(validityEndDate); v3CertGen.setSignatureAlgorithm(signatureAlgorithm); v3CertGen.setSubjectDN(subject); v3CertGen.setPublicKey(keyToCertify); JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils(); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyToCertify)); if (authorityKeyIdentifier!=null) v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); X509Certificate pkCertificate = v3CertGen.generate(issuerKey.getPrivate(), "BC"); return pkCertificate; } catch (Exception e) { throw Exceptions.propagate(e); } }
return certGen.generate(caKey, "BC"); // note:
@Override public X509Certificate generateX509Certificate( PrivateKey privateKey, DistinguishedName issuerDN, BigInteger serialNumber, DistinguishedName subjectDN, PublicKey publicKey, Duration validity, List<X509ExtensionHolder> x509Extensions ) { try { X509V3CertificateGenerator x509v3Generator = new X509V3CertificateGenerator(); DateTime now = new DateTime(); x509v3Generator.setSerialNumber( serialNumber ); x509v3Generator.setSubjectDN( subjectDN.toX500Principal() ); x509v3Generator.setIssuerDN( issuerDN.toX500Principal() ); x509v3Generator.setNotBefore( now.minus( Time.CLOCK_SKEW ).toDate() ); x509v3Generator.setNotAfter( now.plus( validity ).minus( Time.CLOCK_SKEW ).toDate() ); x509v3Generator.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); x509v3Generator.setPublicKey( publicKey ); for ( X509ExtensionHolder eachExtensionHolder : x509Extensions ) { x509v3Generator.addExtension( eachExtensionHolder.getDerOID(), eachExtensionHolder.isCritical(), eachExtensionHolder.getValue() ); } return x509v3Generator.generate( privateKey, cryptoContext.providerName() ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to generate X509Certificate", ex ); } catch ( IllegalStateException ex ) { throw new CryptoFailure( "Unable to generate X509Certificate", ex ); } }
return certGen.generate(issuerPrivateKey);