static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); return newSelfSignedCertificate(fqdn, key, cert); }
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); return newSelfSignedCertificate(fqdn, key, cert); }
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); return newSelfSignedCertificate(fqdn, key, cert); }
public void createSelfSignedCertificate( File certificatePath, File privateKeyPath, String hostName ) throws GeneralSecurityException, IOException, OperatorCreationException { installCleanupHook( certificatePath, privateKeyPath ); KeyPairGenerator keyGen = KeyPairGenerator.getInstance( DEFAULT_ENCRYPTION ); keyGen.initialize( 2048, random ); KeyPair keypair = keyGen.generateKeyPair(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name( "CN=" + hostName ); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger( 64, random ), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic() ); // Subject alternative name (part of SNI extension, used for hostname verification) GeneralNames subjectAlternativeName = new GeneralNames( new GeneralName( GeneralName.dNSName, hostName ) ); builder.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeName ); PrivateKey privateKey = keypair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder( "SHA512WithRSAEncryption" ).build( privateKey ); X509CertificateHolder certHolder = builder.build( signer ); X509Certificate cert = new JcaX509CertificateConverter().setProvider( PROVIDER ).getCertificate( certHolder ); //check so that cert is valid cert.verify( keypair.getPublic() ); //write to disk writePem( "CERTIFICATE", cert.getEncoded(), certificatePath ); writePem( "PRIVATE KEY", privateKey.getEncoded(), privateKeyPath ); // Mark as done so we don't clean up certificates cleanupRequired = false; }
new JcaX509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, keyPair.getPublic());
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( //
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, issueDate, notAfter, builder.build(), keyPair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder(signatureAlgorithm)
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER, subject, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
X500Name subject = name.build(); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, new Date(System.currentTimeMillis() + ONE_DAY), subject, keyPair.getPublic());
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
/** * Create a certificate to use by a Certificate Authority, signed by a self signed certificate. */ private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception { // signers name X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK"); // subjects name - the same as we are self signed. X500Name subjectName = issuerName; // serial BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE)); // create the certificate - version 3 X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); X509Certificate cert = signCertificate(builder, privateKey); cert.checkValidity(new Date()); cert.verify(publicKey); return cert; }
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST"); Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); List<GeneralName> generalNames = new ArrayList<>(); if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); } if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) }; }
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, HOSTNAME); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)); }
PublicKey pubKey = keyPair.getPublic(); X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder( issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
certificateHolder = new JcaX509v3CertificateBuilder(caRootCertificate, serialNumber, certificateInfo.getNotBefore(),
certificateHolder = new JcaX509v3CertificateBuilder( issuer, serial,
X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils(); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic()) .addExtension(Extension.authorityKeyIdentifier, false,
private X509v3CertificateBuilder createCertBuilder(KeyPair keyPair) { X500Name subject = new X500NameBuilder(BCStyle.INSTANCE) .addRDN(BCStyle.CN, commonName) .build(); Calendar notBefore = new GregorianCalendar(); notBefore.add(Calendar.DAY_OF_MONTH, -1); Calendar notAfter = new GregorianCalendar(); notAfter.add(Calendar.YEAR, 10); return new JcaX509v3CertificateBuilder( subject, new BigInteger(160, rand), notBefore.getTime(), notAfter.getTime(), subject, keyPair.getPublic()); }
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); return newSelfSignedCertificate(fqdn, key, cert); }
@Override public X509Certificate createSignedCertificate(PublicKey publicKey, PrivateKey privateKey, String commonName, List<ASN1Encodable> sans) throws CertificateException, IOException, OperatorCreationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { BigInteger serial = getSerial(); X500Name subject = getSubject(commonName); X500Name issuer = subject; X509v3CertificateBuilder x509v3CertificateBuilder = new JcaX509v3CertificateBuilder(issuer, serial, getValidDateFrom(), getValidDateTo(), subject, publicKey); buildExtensions(x509v3CertificateBuilder, publicKey); return createCertificate(privateKey, x509v3CertificateBuilder); }