116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giropackage org.bouncycastle.x509; 216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 34caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giroimport java.io.ByteArrayInputStream; 416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.io.IOException; 516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.math.BigInteger; 616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.GeneralSecurityException; 716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.InvalidKeyException; 816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.NoSuchAlgorithmException; 916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.NoSuchProviderException; 1016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.PrivateKey; 1116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.PublicKey; 1216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.SecureRandom; 1316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.SignatureException; 1416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.cert.CertificateEncodingException; 1516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.cert.X509Certificate; 1616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.util.Date; 1716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.util.Iterator; 1816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 1916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport javax.security.auth.x500.X500Principal; 2016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 2116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.ASN1EncodableVector; 224caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giroimport org.bouncycastle.asn1.ASN1Encoding; 2316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.ASN1Integer; 2453b61f9fe9d58034fcc7021137e92460f91b70ceSergio Giroimport org.bouncycastle.asn1.ASN1ObjectIdentifier; 2516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.DERBitString; 2616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.DERSequence; 2716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 2816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 2916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.TBSCertificate; 3016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.Time; 3116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; 3216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.X509Name; 334caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giroimport org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory; 344caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giroimport org.bouncycastle.jcajce.util.BCJcaJceHelper; 354caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giroimport org.bouncycastle.jcajce.util.JcaJceHelper; 3616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.jce.X509Principal; 3716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 3816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro/** 3916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * class to produce an X.509 Version 1 certificate. 4016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder. 4116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 4216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giropublic class X509V1CertificateGenerator 4316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro{ 444caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro private final JcaJceHelper bcHelper = new BCJcaJceHelper(); // needed to force provider loading 454caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro private final CertificateFactory certificateFactory = new CertificateFactory(); 464caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro 4716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private V1TBSCertificateGenerator tbsGen; 4853b61f9fe9d58034fcc7021137e92460f91b70ceSergio Giro private ASN1ObjectIdentifier sigOID; 4916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private AlgorithmIdentifier sigAlgId; 5016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private String signatureAlgorithm; 5116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 5216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509V1CertificateGenerator() 5316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 5416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen = new V1TBSCertificateGenerator(); 5516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 5616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 5716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 5816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * reset the generator 5916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 6016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void reset() 6116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 6216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen = new V1TBSCertificateGenerator(); 6316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 6416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 6516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 6616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * set the serial number for the certificate. 6716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 6816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSerialNumber( 6916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro BigInteger serialNumber) 7016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 7116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro if (serialNumber.compareTo(BigInteger.ZERO) <= 0) 7216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 7316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("serial number must be a positive integer"); 7416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 7516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 7616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); 7716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 7816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 7916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 8016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 8116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * certificate. 8216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 8316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setIssuerDN( 8416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X500Principal issuer) 8516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 8616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 8716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 8816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); 8916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 9016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 9116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 9216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("can't process principal: " + e); 9316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 9416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 9516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 9616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 9716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 9816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * certificate. 9916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 10016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setIssuerDN( 10116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X509Name issuer) 10216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 10316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setIssuer(issuer); 10416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 10516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 10616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setNotBefore( 10716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro Date date) 10816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 10916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setStartDate(new Time(date)); 11016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 11116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 11216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setNotAfter( 11316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro Date date) 11416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 11516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setEndDate(new Time(date)); 11616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 11716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 11816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 11916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the subject distinguished name. The subject describes the entity associated with the public key. 12016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 12116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSubjectDN( 12216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X500Principal subject) 12316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 12416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 12516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 12616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSubject(new X509Principal(subject.getEncoded())); 12716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 12816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 12916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 13016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("can't process principal: " + e); 13116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 13216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 13316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 13416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 13516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the subject distinguished name. The subject describes the entity associated with the public key. 13616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 13716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSubjectDN( 13816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X509Name subject) 13916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 14016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSubject(subject); 14116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 14216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 14316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setPublicKey( 14416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PublicKey key) 14516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 14616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 14716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 148bdb7b3d37025690a0434040b4e0d0623d9fa74afSergio Giro tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(key.getEncoded())); 14916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 15016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (Exception e) 15116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 15216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("unable to process key - " + e.toString()); 15316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 15416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 15516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 15616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 15716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the signature algorithm. This can be either a name or an OID, names 15816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * are treated as case insensitive. 15916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * 16016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @param signatureAlgorithm string representation of the algorithm name. 16116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 16216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSignatureAlgorithm( 16316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String signatureAlgorithm) 16416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 16516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro this.signatureAlgorithm = signatureAlgorithm; 16616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 16716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 16816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 16916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); 17016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 17116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (Exception e) 17216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 17316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("Unknown signature type requested"); 17416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 17516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 17616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); 17716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 17816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSignature(sigAlgId); 17916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 18016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 18116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 18216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 18316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider "BC". 18416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate(key, "BC") 18516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 18616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 18716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key) 18816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws SecurityException, SignatureException, InvalidKeyException 18916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 19016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 19116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 19216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, "BC", null); 19316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 19416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 19516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 19616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("BC provider not installed!"); 19716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 19816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 19916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 20016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 20116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 20216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider "BC" and the passed in source of randomness 20316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate(key, random, "BC") 20416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 20516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 20616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 20716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 20816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws SecurityException, SignatureException, InvalidKeyException 20916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 21016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 21116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 21216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, "BC", random); 21316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 21416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 21516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 21616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("BC provider not installed!"); 21716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 21816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 21916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 22016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 22116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 22216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 22316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 22416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate() 22516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 22616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 22716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 22816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider) 22916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 23016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 23116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, provider, null); 23216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 23316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 23416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 23516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 23616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 23716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 23816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate() 23916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 24016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 24116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 24216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider, 24316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 24416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 24516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 24616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 24716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 24816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, provider, random); 24916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 25016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 25116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 25216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 25316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 25416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (SignatureException e) 25516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 25616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 25716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 25816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (InvalidKeyException e) 25916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 26016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 26116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 26216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (GeneralSecurityException e) 26316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 26416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("exception: " + e); 26516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 26616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 26716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 26816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 26916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 27016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider. 27116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <p> 27216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <b>Note:</b> this differs from the deprecated method in that the default provider is 27316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * used - not "BC". 27416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * </p> 27516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 27616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 27716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key) 27816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 27916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 28016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, (SecureRandom)null); 28116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 28216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 28316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 28416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 28516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider and the passed in source of randomness 28616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <p> 28716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <b>Note:</b> this differs from the deprecated method in that the default provider is 28816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * used - not "BC". 28916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * </p> 29016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 29116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 29216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 29316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 29416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 29516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 29616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 29716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro byte[] signature; 29816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 29916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 30016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 30116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert); 30216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 30316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 30416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 30516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 30616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 30716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 30816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateJcaObject(tbsCert, signature); 30916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 31016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 31116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 31216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 31316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 31416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 31516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 31616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 31716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 31816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider) 31916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 32016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 32116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, provider, null); 32216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 32316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 32416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 32516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 32616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 32716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 32816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 32916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 33016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 33116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider, 33216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 33316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 33416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 33516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 33616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro byte[] signature; 33716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 33816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 33916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 34016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert); 34116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 34216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 34316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 34416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 34516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 34616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 34716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateJcaObject(tbsCert, signature); 34816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 34916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 35016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) 35116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException 35216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 35316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro ASN1EncodableVector v = new ASN1EncodableVector(); 35416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 35516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(tbsCert); 35616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(sigAlgId); 35716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(new DERBitString(signature)); 35816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 35916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 36016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 3614caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro return (X509Certificate)certificateFactory.engineGenerateCertificate( 3624caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER))); 36316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 3644caba4cfca3316673ae4e330e8a47932bed8a53aSergio Giro catch (Exception e) 36516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 36616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception producing certificate object", e); 36716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 36816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 36916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 37016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 37116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Return an iterator of the signature names supported by the generator. 37216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * 37316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @return an iterator containing recognised names. 37416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 37516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public Iterator getSignatureAlgNames() 37616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 37716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return X509Util.getAlgNames(); 37816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 37916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro} 380