X509V1CertificateGenerator.java revision bdb7b3d37025690a0434040b4e0d0623d9fa74af
116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giropackage org.bouncycastle.x509; 216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.io.IOException; 416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.math.BigInteger; 516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.GeneralSecurityException; 616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.InvalidKeyException; 716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.NoSuchAlgorithmException; 816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.NoSuchProviderException; 916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.PrivateKey; 1016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.PublicKey; 1116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.SecureRandom; 1216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.SignatureException; 1316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.cert.CertificateEncodingException; 1416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.cert.CertificateParsingException; 1516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.security.cert.X509Certificate; 1616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.util.Date; 1716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport java.util.Iterator; 1816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 1916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport javax.security.auth.x500.X500Principal; 2016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 2116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.ASN1EncodableVector; 2216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.ASN1Integer; 2353b61f9fe9d58034fcc7021137e92460f91b70ceSergio Giroimport org.bouncycastle.asn1.ASN1ObjectIdentifier; 2416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.DERBitString; 2516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.DERSequence; 2616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 2716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.Certificate; 2816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 2916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.TBSCertificate; 3016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.Time; 3116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; 3216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.asn1.x509.X509Name; 3316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.jce.X509Principal; 3416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giroimport org.bouncycastle.jce.provider.X509CertificateObject; 3516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 3616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro/** 3716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * class to produce an X.509 Version 1 certificate. 3816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder. 3916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 4016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giropublic class X509V1CertificateGenerator 4116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro{ 4216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private V1TBSCertificateGenerator tbsGen; 4353b61f9fe9d58034fcc7021137e92460f91b70ceSergio Giro private ASN1ObjectIdentifier sigOID; 4416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private AlgorithmIdentifier sigAlgId; 4516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private String signatureAlgorithm; 4616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 4716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509V1CertificateGenerator() 4816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 4916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen = new V1TBSCertificateGenerator(); 5016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 5116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 5216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 5316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * reset the generator 5416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 5516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void reset() 5616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 5716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen = new V1TBSCertificateGenerator(); 5816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 5916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 6016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 6116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * set the serial number for the certificate. 6216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 6316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSerialNumber( 6416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro BigInteger serialNumber) 6516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 6616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro if (serialNumber.compareTo(BigInteger.ZERO) <= 0) 6716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 6816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("serial number must be a positive integer"); 6916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 7016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 7116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); 7216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 7316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 7416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 7516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 7616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * certificate. 7716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 7816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setIssuerDN( 7916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X500Principal issuer) 8016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 8116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 8216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 8316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); 8416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 8516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 8616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 8716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("can't process principal: " + e); 8816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 8916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 9016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 9116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 9216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the 9316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * certificate. 9416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 9516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setIssuerDN( 9616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X509Name issuer) 9716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 9816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setIssuer(issuer); 9916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 10016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 10116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setNotBefore( 10216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro Date date) 10316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 10416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setStartDate(new Time(date)); 10516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 10616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 10716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setNotAfter( 10816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro Date date) 10916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 11016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setEndDate(new Time(date)); 11116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 11216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 11316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 11416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the subject distinguished name. The subject describes the entity associated with the public key. 11516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 11616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSubjectDN( 11716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X500Principal subject) 11816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 11916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 12016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 12116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSubject(new X509Principal(subject.getEncoded())); 12216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 12316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 12416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 12516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("can't process principal: " + e); 12616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 12716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 12816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 12916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 13016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the subject distinguished name. The subject describes the entity associated with the public key. 13116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 13216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSubjectDN( 13316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro X509Name subject) 13416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 13516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSubject(subject); 13616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 13716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 13816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setPublicKey( 13916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PublicKey key) 14016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 14116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 14216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 143bdb7b3d37025690a0434040b4e0d0623d9fa74afSergio Giro tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(key.getEncoded())); 14416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 14516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (Exception e) 14616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 14716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("unable to process key - " + e.toString()); 14816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 14916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 15016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 15116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 15216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Set the signature algorithm. This can be either a name or an OID, names 15316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * are treated as case insensitive. 15416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * 15516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @param signatureAlgorithm string representation of the algorithm name. 15616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 15716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public void setSignatureAlgorithm( 15816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String signatureAlgorithm) 15916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 16016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro this.signatureAlgorithm = signatureAlgorithm; 16116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 16216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 16316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 16416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); 16516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 16616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (Exception e) 16716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 16816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new IllegalArgumentException("Unknown signature type requested"); 16916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 17016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 17116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); 17216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 17316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro tbsGen.setSignature(sigAlgId); 17416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 17516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 17616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 17716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 17816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider "BC". 17916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate(key, "BC") 18016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 18116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 18216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key) 18316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws SecurityException, SignatureException, InvalidKeyException 18416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 18516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 18616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 18716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, "BC", null); 18816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 18916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 19016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 19116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("BC provider not installed!"); 19216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 19316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 19416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 19516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 19616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 19716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider "BC" and the passed in source of randomness 19816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate(key, random, "BC") 19916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 20016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 20116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 20216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 20316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws SecurityException, SignatureException, InvalidKeyException 20416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 20516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 20616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 20716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, "BC", random); 20816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 20916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 21016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 21116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("BC provider not installed!"); 21216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 21316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 21416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 21516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 21616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 21716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 21816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 21916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate() 22016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 22116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 22216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 22316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider) 22416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 22516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 22616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateX509Certificate(key, provider, null); 22716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 22816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 22916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 23016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 23116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 23216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 23316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @deprecated use generate() 23416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 23516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generateX509Certificate( 23616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 23716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider, 23816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 23916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException 24016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 24116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 24216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 24316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, provider, random); 24416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 24516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (NoSuchProviderException e) 24616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 24716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 24816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 24916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (SignatureException e) 25016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 25116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 25216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 25316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (InvalidKeyException e) 25416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 25516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw e; 25616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 25716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (GeneralSecurityException e) 25816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 25916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new SecurityException("exception: " + e); 26016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 26116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 26216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 26316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 26416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 26516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider. 26616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <p> 26716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <b>Note:</b> this differs from the deprecated method in that the default provider is 26816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * used - not "BC". 26916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * </p> 27016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 27116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 27216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key) 27316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 27416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 27516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, (SecureRandom)null); 27616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 27716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 27816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 27916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject 28016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the default provider and the passed in source of randomness 28116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <p> 28216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * <b>Note:</b> this differs from the deprecated method in that the default provider is 28316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * used - not "BC". 28416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * </p> 28516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 28616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 28716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 28816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 28916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 29016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 29116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 29216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro byte[] signature; 29316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 29416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 29516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 29616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert); 29716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 29816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 29916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 30016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 30116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 30216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 30316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateJcaObject(tbsCert, signature); 30416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 30516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 30616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 30716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 30816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 30916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 31016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 31116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 31216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 31316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider) 31416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 31516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 31616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generate(key, provider, null); 31716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 31816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 31916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 32016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * generate an X509 certificate, based on the current issuer and subject, 32116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * using the passed in provider for the signing, and the passed in source 32216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * of randomness (if required). 32316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 32416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public X509Certificate generate( 32516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro PrivateKey key, 32616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro String provider, 32716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro SecureRandom random) 32816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException 32916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 33016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); 33116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro byte[] signature; 33216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 33316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 33416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 33516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert); 33616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 33716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (IOException e) 33816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 33916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception encoding TBS cert", e); 34016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 34116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 34216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return generateJcaObject(tbsCert, signature); 34316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 34416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 34516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) 34616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throws CertificateEncodingException 34716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 34816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro ASN1EncodableVector v = new ASN1EncodableVector(); 34916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 35016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(tbsCert); 35116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(sigAlgId); 35216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro v.add(new DERBitString(signature)); 35316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 35416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro try 35516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 35616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); 35716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 35816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro catch (CertificateParsingException e) 35916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 36016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro throw new ExtCertificateEncodingException("exception producing certificate object", e); 36116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 36216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 36316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro 36416f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro /** 36516f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * Return an iterator of the signature names supported by the generator. 36616f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * 36716f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro * @return an iterator containing recognised names. 36816f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro */ 36916f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro public Iterator getSignatureAlgNames() 37016f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro { 37116f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro return X509Util.getAlgNames(); 37216f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro } 37316f9ee464b68937f45d009d9c1b0eb9b544a8deeSergio Giro} 374