1121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrompackage org.bouncycastle.x509; 2121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 3121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.io.ByteArrayInputStream; 4121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.io.IOException; 5121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.math.BigInteger; 6121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.GeneralSecurityException; 7121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.InvalidKeyException; 8121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.NoSuchAlgorithmException; 9121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.NoSuchProviderException; 10121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.PrivateKey; 11121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.PublicKey; 12121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.SecureRandom; 13121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.SignatureException; 14121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.cert.CertificateEncodingException; 15121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.cert.CertificateParsingException; 16121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.security.cert.X509Certificate; 17121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.util.Date; 18121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstromimport java.util.Iterator; 19121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 206e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport javax.security.auth.x500.X500Principal; 216e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom 226e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.ASN1EncodableVector; 236e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.ASN1InputStream; 244c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstromimport org.bouncycastle.asn1.ASN1Integer; 256e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.ASN1Sequence; 266e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.DERBitString; 276e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.DERObjectIdentifier; 286e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.DERSequence; 296e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 3070c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstromimport org.bouncycastle.asn1.x509.Certificate; 316e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 324c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstromimport org.bouncycastle.asn1.x509.TBSCertificate; 336e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.x509.Time; 346e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; 356e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.asn1.x509.X509Name; 366e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.jce.X509Principal; 376e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstromimport org.bouncycastle.jce.provider.X509CertificateObject; 386e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom 39121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom/** 40121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * class to produce an X.509 Version 1 certificate. 416e736056d64d0e33b26cf9f7c4e351b496241fdeBrian Carlstrom * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder. 42121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 43121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrompublic class X509V1CertificateGenerator 44121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom{ 45121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom private V1TBSCertificateGenerator tbsGen; 46121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom private DERObjectIdentifier sigOID; 47121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom private AlgorithmIdentifier sigAlgId; 48121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom private String signatureAlgorithm; 49121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 50121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509V1CertificateGenerator() 51121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 52121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen = new V1TBSCertificateGenerator(); 53121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 54121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 55121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 56121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * reset the generator 57121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 58121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void reset() 59121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 60121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen = new V1TBSCertificateGenerator(); 61121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 62121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 63121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 64121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * set the serial number for the certificate. 65121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 66121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setSerialNumber( 67121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom BigInteger serialNumber) 68121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 69121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom if (serialNumber.compareTo(BigInteger.ZERO) <= 0) 70121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 71121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new IllegalArgumentException("serial number must be a positive integer"); 72121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 73121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 744c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstrom tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); 75121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 76121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 77121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 78121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 79121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * certificate. 80121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 81121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setIssuerDN( 82121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom X500Principal issuer) 83121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 84121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 85121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 86121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); 87121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 88121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (IOException e) 89121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 90121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new IllegalArgumentException("can't process principal: " + e); 91121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 92121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 93121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 94121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 95121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 96121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * certificate. 97121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 98121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setIssuerDN( 99121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom X509Name issuer) 100121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 101121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setIssuer(issuer); 102121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 103121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 104121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setNotBefore( 105121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom Date date) 106121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 107121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setStartDate(new Time(date)); 108121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 109121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 110121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setNotAfter( 111121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom Date date) 112121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 113121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setEndDate(new Time(date)); 114121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 115121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 116121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 117121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Set the subject distinguished name. The subject describes the entity associated with the public key. 118121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 119121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setSubjectDN( 120121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom X500Principal subject) 121121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 122121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 123121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 124121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setSubject(new X509Principal(subject.getEncoded())); 125121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 126121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (IOException e) 127121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 128121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new IllegalArgumentException("can't process principal: " + e); 129121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 130121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 131121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 132121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 133121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Set the subject distinguished name. The subject describes the entity associated with the public key. 134121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 135121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setSubjectDN( 136121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom X509Name subject) 137121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 138121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setSubject(subject); 139121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 140121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 141121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setPublicKey( 142121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PublicKey key) 143121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 144121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 145121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 146121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( 147121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom new ByteArrayInputStream(key.getEncoded())).readObject())); 148121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 149121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (Exception e) 150121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 151121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new IllegalArgumentException("unable to process key - " + e.toString()); 152121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 153121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 154121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 155121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 156121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Set the signature algorithm. This can be either a name or an OID, names 157121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * are treated as case insensitive. 158121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * 159121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @param signatureAlgorithm string representation of the algorithm name. 160121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 161121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public void setSignatureAlgorithm( 162121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom String signatureAlgorithm) 163121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 164121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom this.signatureAlgorithm = signatureAlgorithm; 165121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 166121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 167121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 168121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); 169121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 170121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (Exception e) 171121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 172121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new IllegalArgumentException("Unknown signature type requested"); 173121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 174121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 175121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); 176121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 177121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom tbsGen.setSignature(sigAlgId); 178121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 179121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 180121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 181121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject 182121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the default provider "BC". 183121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @deprecated use generate(key, "BC") 184121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 185121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generateX509Certificate( 186121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key) 187121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws SecurityException, SignatureException, InvalidKeyException 188121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 189121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 190121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 191121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generateX509Certificate(key, "BC", null); 192121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 193121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (NoSuchProviderException e) 194121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 195121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new SecurityException("BC provider not installed!"); 196121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 197121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 198121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 199121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 200121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject 201121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the default provider "BC" and the passed in source of randomness 202121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @deprecated use generate(key, random, "BC") 203121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 204121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generateX509Certificate( 205121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 206121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom SecureRandom random) 207121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws SecurityException, SignatureException, InvalidKeyException 208121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 209121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 210121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 211121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generateX509Certificate(key, "BC", random); 212121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 213121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (NoSuchProviderException e) 214121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 215121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new SecurityException("BC provider not installed!"); 216121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 217121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 218121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 219121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 220121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject, 221121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the passed in provider for the signing, and the passed in source 222121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * of randomness (if required). 223121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @deprecated use generate() 224121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 225121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generateX509Certificate( 226121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 227121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom String provider) 228121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 229121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 230121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generateX509Certificate(key, provider, null); 231121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 232121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 233121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 234121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject, 235121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the passed in provider for the signing, and the passed in source 236121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * of randomness (if required). 237121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @deprecated use generate() 238121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 239121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generateX509Certificate( 240121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 241121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom String provider, 242121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom SecureRandom random) 243121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 244121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 245121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 246121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 247121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generate(key, provider, random); 248121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 249121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (NoSuchProviderException e) 250121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 251121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw e; 252121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 253121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (SignatureException e) 254121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 255121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw e; 256121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 257121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (InvalidKeyException e) 258121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 259121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw e; 260121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 261121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (GeneralSecurityException e) 262121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 263121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new SecurityException("exception: " + e); 264121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 265121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 266121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 267121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 268121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject 269121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the default provider. 270121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * <p> 271121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * <b>Note:</b> this differs from the deprecated method in that the default provider is 272121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * used - not "BC". 273121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * </p> 274121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 275121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generate( 276121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key) 277121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 278121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 279121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generate(key, (SecureRandom)null); 280121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 281121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 282121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 283121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject 284121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the default provider and the passed in source of randomness 285121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * <p> 286121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * <b>Note:</b> this differs from the deprecated method in that the default provider is 287121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * used - not "BC". 288121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * </p> 289121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 290121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generate( 291121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 292121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom SecureRandom random) 293121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 294121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 2954c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstrom TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 296121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom byte[] signature; 297121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 298121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 299121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 300121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert); 301121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 302121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (IOException e) 303121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 304121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 305121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 306121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 307121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generateJcaObject(tbsCert, signature); 308121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 309121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 310121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 311121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject, 312121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the passed in provider for the signing, and the passed in source 313121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * of randomness (if required). 314121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 315121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generate( 316121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 317121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom String provider) 318121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 319121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 320121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generate(key, provider, null); 321121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 322121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 323121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 324121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * generate an X509 certificate, based on the current issuer and subject, 325121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * using the passed in provider for the signing, and the passed in source 326121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * of randomness (if required). 327121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 328121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public X509Certificate generate( 329121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom PrivateKey key, 330121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom String provider, 331121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom SecureRandom random) 332121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 333121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 3344c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstrom TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 335121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom byte[] signature; 336121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 337121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 338121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 339121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert); 340121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 341121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (IOException e) 342121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 343121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 344121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 345121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 346121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return generateJcaObject(tbsCert, signature); 347121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 348121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 3494c111300c39cb2e27f07fc2ae3b00e23ed4443b2Brian Carlstrom private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) 350121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throws CertificateEncodingException 351121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 352121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom ASN1EncodableVector v = new ASN1EncodableVector(); 353121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 354121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom v.add(tbsCert); 355121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom v.add(sigAlgId); 356121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom v.add(new DERBitString(signature)); 357121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 358121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom try 359121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 36070c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); 361121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 362121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom catch (CertificateParsingException e) 363121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 364121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom throw new ExtCertificateEncodingException("exception producing certificate object", e); 365121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 366121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 367121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom 368121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom /** 369121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * Return an iterator of the signature names supported by the generator. 370121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * 371121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom * @return an iterator containing recognised names. 372121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom */ 373121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom public Iterator getSignatureAlgNames() 374121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom { 375121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom return X509Util.getAlgNames(); 376121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom } 377121a1852494f154e2a8c29a75c1429b7c3636b49Brian Carlstrom} 378