BigInteger serialNumber = this.serialNumber != null ? this.serialNumber : BigInteger.ONE; X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serialNumber); generator.setIssuerDN(signedByPrincipal); generator.setNotBefore(new Date(notBefore));
public X509Certificate generateCertificate(KeyPair keyPair){ X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed cert.setPublicKey(keyPair.getPublic()); cert.setNotBefore(<date>); cert.setNotAfter(<date>); cert.setSignatureAlgorithm("SHA1WithRSAEncryption"); PrivateKey signingKey = keyPair.getPrivate(); return cert.generate(signingKey, "BC"); }
// generate a key pair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(4096, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // build a certificate generator X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("cn=example"); // add some options certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(new X509Name("dc=name")); certGen.setIssuerDN(dnName); // use the same // yesterday certGen.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000)); // in 2 years certGen.setNotAfter(new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000)); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); // finally, sign the certificate with the private key of the same KeyPair X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
public boolean createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity) { try { final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyStoreConstant.DEFAULT_KEY_ALG); keyPairGenerator.initialize(KeyStoreConstant.DEFAULT_KEY_SIZE); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(KeyStoreConstant.DEFAULT_SIGN_ALG); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[]{x509Cert}); final FileOutputStream fOutputStream = new FileOutputStream(workingDir + keyStoreName); ctlKeyStore.store( fOutputStream, keyStorePwd.toCharArray()); LOG.info("{} is created", keyStoreName); return true; } catch (NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating key", e); return false; } }
X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setPublicKey(pair.getPublic()); gen.setSerialNumber(new BigInteger(Long.toString(System .currentTimeMillis() / 1000))); Hashtable<ASN1ObjectIdentifier, String> attrs = new Hashtable<ASN1ObjectIdentifier, String>();
certGenerator.setSerialNumber(BigInteger.valueOf(Math.abs(new Random().nextLong()))); certGenerator.setIssuerDN(new X509Name(dn)); certGenerator.setSubjectDN(new X509Name(dn));
protected Certificate generateCertificate(KeyPair keyPair, String alias) throws GeneralSecurityException { //test that Bouncy Castle provider is present and add it if it's not if( Security.getProvider(org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // X509Name nameInfo = new X509Name(false,"CN=" + alias); certificateGenerator.setSignatureAlgorithm("MD5WithRSA"); certificateGenerator.setSerialNumber(new java.math.BigInteger("1")); X509Principal nameInfo = new X509Principal("CN=" + alias); certificateGenerator.setIssuerDN(nameInfo); certificateGenerator.setSubjectDN(nameInfo); // note: same as issuer for self signed certificateGenerator.setNotBefore(new Date()); Calendar c = Calendar.getInstance(); c.add(Calendar.DATE, CLIENT_CERT_EXPIRATION_DAYS); certificateGenerator.setNotAfter(c.getTime()); certificateGenerator.setPublicKey(keyPair.getPublic()); return certificateGenerator.generate(keyPair.getPrivate(), org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME); }
X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setPublicKey(pair.getPublic()); gen.setSerialNumber(new BigInteger(Long.toString(System .currentTimeMillis() / 1000))); Hashtable<ASN1ObjectIdentifier, String> attrs = new Hashtable<ASN1ObjectIdentifier, String>();
/** * Generates a certificate for {@code hostName} containing {@code keyPair}'s * public key, signed by {@code keyPair}'s private key. */ @SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies. private X509Certificate selfSignedCertificate(KeyPair keyPair) throws GeneralSecurityException { X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); X500Principal issuer = new X500Principal("CN=" + hostName); X500Principal subject = new X500Principal("CN=" + hostName); generator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); generator.setIssuerDN(issuer); generator.setNotBefore(new Date(notBefore)); generator.setNotAfter(new Date(notAfter)); generator.setSubjectDN(subject); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
public KeyStore createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity, final String keyAlg, final int keySize, final String signAlg) { try { final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg); keyPairGenerator.initialize(keySize); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(signAlg); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[]{x509Cert}); LOG.info("{} is created", keyStoreName); return ctlKeyStore; } catch (final NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating keystore", e); return null; } }
public void createFakedCertificate() throws CertificateHandlerException { try { Logging.getInstance().log(getClass(), "Faking the found certificate", Logging.DEBUG); KeyPairGenerator kpg = KeyPairGenerator.getInstance( originalPublicKey.getAlgorithm() ); kpg.initialize( ( (RSAPublicKey) certificate.getPublicKey() ).getModulus().bitLength() ); fakedKeyPair = kpg.generateKeyPair(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSubjectDN(certificate.getSubjectX500Principal()); v3CertGen.setIssuerDN(certificate.getIssuerX500Principal()); v3CertGen.setNotAfter(certificate.getNotAfter()); v3CertGen.setNotBefore(certificate.getNotBefore()); v3CertGen.setSerialNumber(new BigInteger(64, new Random())); v3CertGen.setSignatureAlgorithm(certificate.getSigAlgName()); v3CertGen.setPublicKey(fakedKeyPair.getPublic()); fakedCertificate = v3CertGen.generate(fakedKeyPair.getPrivate()); } catch (CertificateEncodingException | SecurityException | SignatureException | InvalidKeyException | NoSuchAlgorithmException e ) { throw new CertificateHandlerException( e ); } }
X509V3CertificateGenerator serverCertGen = new X509V3CertificateGenerator(); X500Principal serverSubjectName = new X500Principal("CN=OrganizationName"); serverCertGen.setSerialNumber(new BigInteger("123456789"));
generator.setSerialNumber(new BigInteger(serialNumber)); generator.setIssuerDN(signedByPrincipal); generator.setNotBefore(new Date(now));
public X509Certificate x509ReqToX509(PKCS10CertificationRequest csr, int days, PrivateKey pKey) { Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.add(Calendar.DATE, days); Date notAfter = cal.getTime(); BigInteger serialNumber = generateCertSerialNumber(); // No implemented here X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(csr.getCertificationRequestInfo().getSubject()); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(notBefore); certGen.setNotAfter(notAfter); certGen.setPublicKey(csr.getPublicKey()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(pKey, "BC"); }
v3CertGen.setSerialNumber(BigInteger.valueOf(serialNo++)); v3CertGen.setIssuerDN(new X509Name(issDN)); v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) { try { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber( serialNumber != null ? serialNumber : // must be positive BigInteger.valueOf(srand.nextLong()).abs().add(BigInteger.ONE)); v3CertGen.setIssuerDN(issuerPrincipal); v3CertGen.setNotBefore(validityStartDate); v3CertGen.setNotAfter(validityEndDate); v3CertGen.setSignatureAlgorithm(signatureAlgorithm); v3CertGen.setSubjectDN(subject); v3CertGen.setPublicKey(keyToCertify); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyToCertify)); if (authorityKeyIdentifier!=null) v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); X509Certificate pkCertificate = v3CertGen.generate(issuerKey.getPrivate(), "BC"); return pkCertificate; } catch (Exception e) { throw Exceptions.propagate(e); } }
@SuppressWarnings("deprecation") public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) { try { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber( serialNumber != null ? serialNumber : // must be positive BigInteger.valueOf(srand.nextLong()).abs().add(BigInteger.ONE)); v3CertGen.setIssuerDN(issuerPrincipal); v3CertGen.setNotBefore(validityStartDate); v3CertGen.setNotAfter(validityEndDate); v3CertGen.setSignatureAlgorithm(signatureAlgorithm); v3CertGen.setSubjectDN(subject); v3CertGen.setPublicKey(keyToCertify); JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils(); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyToCertify)); if (authorityKeyIdentifier!=null) v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); X509Certificate pkCertificate = v3CertGen.generate(issuerKey.getPrivate(), "BC"); return pkCertificate; } catch (Exception e) { throw Exceptions.propagate(e); } }
private X509Certificate generateX509V3Certificate(final KeyPair keyPair, final X500Principal subject, final X500Principal issuer, final Date notBefore, final Date notAfter, final BigInteger serialNumber, final GeneralNames generalNames, final boolean isCA) throws GeneralSecurityException { Security.addProvider(new BouncyCastleProvider()); X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serialNumber); generator.setIssuerDN(issuer); generator.setSubjectDN(subject); generator.setNotBefore(notBefore); generator.setNotAfter(notAfter); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); generator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isCA)); generator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160)); generator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); if (generalNames != null) { generator.addExtension(X509Extensions.SubjectAlternativeName, false, generalNames); } return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
@Override public X509Certificate generateX509Certificate( PrivateKey privateKey, DistinguishedName issuerDN, BigInteger serialNumber, DistinguishedName subjectDN, PublicKey publicKey, Duration validity, List<X509ExtensionHolder> x509Extensions ) { try { X509V3CertificateGenerator x509v3Generator = new X509V3CertificateGenerator(); DateTime now = new DateTime(); x509v3Generator.setSerialNumber( serialNumber ); x509v3Generator.setSubjectDN( subjectDN.toX500Principal() ); x509v3Generator.setIssuerDN( issuerDN.toX500Principal() ); x509v3Generator.setNotBefore( now.minus( Time.CLOCK_SKEW ).toDate() ); x509v3Generator.setNotAfter( now.plus( validity ).minus( Time.CLOCK_SKEW ).toDate() ); x509v3Generator.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); x509v3Generator.setPublicKey( publicKey ); for ( X509ExtensionHolder eachExtensionHolder : x509Extensions ) { x509v3Generator.addExtension( eachExtensionHolder.getDerOID(), eachExtensionHolder.isCritical(), eachExtensionHolder.getValue() ); } return x509v3Generator.generate( privateKey, cryptoContext.providerName() ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to generate X509Certificate", ex ); } catch ( IllegalStateException ex ) { throw new CryptoFailure( "Unable to generate X509Certificate", ex ); } }
certGen.setSerialNumber(serialNumber); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate);