private X509Certificate createTypeOneX509Certificate(Date startDate, String principalDn, KeyPair keyPair) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal principal = new X500Principal(principalDn); certGen.setSerialNumber(serialNumber()); certGen.setIssuerDN(principal); certGen.setNotBefore(startDate); DateTime now = new DateTime(new Date()); certGen.setNotAfter(now.plusYears(YEARS).toDate()); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(new SystemEnvironment().get(GO_SSL_CERTS_ALGORITHM)); try { return certGen.generate(keyPair.getPrivate(), "BC"); } catch (Exception e) { throw bomb(e); } }
long notAfter = this.notAfter != -1L ? this.notAfter : notBefore + DEFAULT_DURATION_MILLIS; BigInteger serialNumber = this.serialNumber != null ? this.serialNumber : BigInteger.ONE; X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serialNumber); generator.setIssuerDN(signedByPrincipal); generator.setNotBefore(new Date(notBefore)); generator.setNotAfter(new Date(notAfter)); generator.setSubjectDN(subject); generator.setPublicKey(heldKeyPair.getPublic()); generator.setSignatureAlgorithm(signedByKeyPair.getPrivate() instanceof RSAPrivateKey ? "SHA256WithRSAEncryption" : "SHA256withECDSA"); generator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(maxIntermediateCas)); encodableAltNames[i] = new GeneralName(tag, altName); generator.addExtension(X509Extensions.SubjectAlternativeName, true, new DERSequence(encodableAltNames)); X509Certificate certificate = generator.generate(signedByKeyPair.getPrivate()); return new HeldCertificate(heldKeyPair, certificate); } catch (GeneralSecurityException e) {
private static X509Store createStore(X509Util.Implementation impl, X509StoreParameters parameters) { X509StoreSpi spi = (X509StoreSpi)impl.getEngine(); spi.engineInit(parameters); return new X509Store(impl.getProvider(), spi); }
private static X509StreamParser createParser(X509Util.Implementation impl) { X509StreamParserSpi spi = (X509StreamParserSpi)impl.getEngine(); return new X509StreamParser(impl.getProvider(), spi); }
public static X509Store getInstance(String type, X509StoreParameters parameters) throws NoSuchStoreException { try { X509Util.Implementation impl = X509Util.getImplementation("X509Store", type); return createStore(impl, parameters); } catch (NoSuchAlgorithmException e) { throw new NoSuchStoreException(e.getMessage()); } }
/** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing. * @deprecated use generate() */ public X509Certificate generateX509Certificate( PrivateKey key, String provider) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException { return generateX509Certificate(key, provider, null); }
/** * * @return the PublicKey if the last certificate in the CertPath * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized */ public PublicKey getSubjectPublicKey() { doChecks(); return subjectPublicKey; }
/** * generate an X509 certificate, based on the current issuer and subject * using the passed in provider for the signing. */ public X509CRL generate( PrivateKey key, String provider) throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { return generate(key, provider, null); }
/** * Return an iterator of the signature names supported by the generator. * * @return an iterator containing recognised names. */ public Iterator getSignatureAlgNames() { return X509Util.getAlgNames(); }
public Collection getMatches(Selector selector) { return _spi.engineGetMatches(selector); } }
public boolean match(Object obj) { if (!(obj instanceof X509Certificate)) { return false; } return match((Certificate)obj); } }
/** * @deprecated */ public void addAddionalStore(Store store) { addAdditionalStore(store); }
public X509Certificate generateCertificate(KeyPair keyPair){ X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed cert.setPublicKey(keyPair.getPublic()); cert.setNotBefore(<date>); cert.setNotAfter(<date>); cert.setSignatureAlgorithm("SHA1WithRSAEncryption"); PrivateKey signingKey = keyPair.getPrivate(); return cert.generate(signingKey, "BC"); }
/** * Create a self-signed X.509 Certificate. * * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" * @return the self-signed certificate */ public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException { Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000l); BigInteger sn = new BigInteger(64, new SecureRandom()); KeyPair keyPair = pair; X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(dn); certGen.setSerialNumber(sn); certGen.setIssuerDN(dnName); certGen.setNotBefore(from); certGen.setNotAfter(to); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(algorithm); X509Certificate cert = certGen.generate(pair.getPrivate()); return cert; }
/** * Returns an List of notification messages for the certificate at the given index in the CertPath. * If index == -1 then the list of global notifications is returned with notifications not specific to a certificate. * @param index the index of the certificate in the CertPath * @return List of notification messages for the certificate * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized */ public List getNotifications(int index) { doChecks(); return notifications[index + 1]; }
/** * Return an iterator of the signature names supported by the generator. * * @return an iterator containing recognised names. */ public Iterator getSignatureAlgNames() { return X509Util.getAlgNames(); } }
BigInteger serialNumber = BigInteger.valueOf( System.currentTimeMillis() ); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal issuerName = new X500Principal( issuerDN ); X500Principal subjectName = new X500Principal( subjectDN ); certGen.setSerialNumber( serialNumber ); certGen.setIssuerDN( issuerName ); certGen.setNotBefore( startDate ); certGen.setNotAfter( expiryDate ); certGen.setSubjectDN( subjectName ); certGen.setPublicKey( publicKey ); certGen.setSignatureAlgorithm( "SHA1With" + keyAlgo ); X509Certificate cert = certGen.generate( privateKey, "BC" ); entry.put( USER_CERTIFICATE_AT, cert.getEncoded() ); LOG.debug( "X509 Certificate: {}", cert );
/** * * @return the TrustAnchor for the CertPath, <b>null</b> if no valid TrustAnchor was found. * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized */ public TrustAnchor getTrustAnchor() { doChecks(); return trustAnchor; }
BigInteger serialNumber = BigInteger.valueOf( System.currentTimeMillis() ); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal( CERTIFICATE_PRINCIPAL_DN ); certGen.setSerialNumber( serialNumber ); certGen.setIssuerDN( dnName ); certGen.setNotBefore( startDate ); certGen.setNotAfter( expiryDate ); certGen.setSubjectDN( dnName ); certGen.setPublicKey( publicKey ); certGen.setSignatureAlgorithm( "SHA1With" + ALGORITHM ); X509Certificate cert = certGen.generate( privateKey, "BC" ); entry.put( USER_CERTIFICATE_AT, cert.getEncoded() ); LOG.debug( "X509 Certificate: {}", cert );
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal(issuer)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal(subject)); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), "BC"); }