Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.felix.deploymentadmin.itest.util; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Random; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; /** * @author <a href="mailto:dev@felix.apache.org">Felix Project Team</a> */ public class CertificateUtil { public enum KeyType { RSA, DSA, EC; } public static class SignerInfo { private final KeyPair m_keyPair; private final X509Certificate m_cert; public SignerInfo(KeyPair keyPair, X509Certificate cert) { m_keyPair = keyPair; m_cert = cert; } public X509Certificate getCert() { return m_cert; } public PrivateKey getPrivate() { return m_keyPair.getPrivate(); } public PublicKey getPublic() { return m_keyPair.getPublic(); } } public static SignerInfo createSelfSignedCert(String commonName, KeyType type) throws Exception { KeyPairGenerator kpGen; switch (type) { case RSA: kpGen = KeyPairGenerator.getInstance("RSA"); kpGen.initialize(1024); break; case DSA: kpGen = KeyPairGenerator.getInstance("DSA"); break; case EC: kpGen = KeyPairGenerator.getInstance("EC"); break; default: throw new IllegalArgumentException("Invalid key type!"); } KeyPair keyPair = kpGen.generateKeyPair(); X509Certificate cert = createSelfSignedCert(commonName, keyPair); return new SignerInfo(keyPair, cert); } private static X509Certificate createSelfSignedCert(String commonName, KeyPair keypair) throws Exception { PublicKey publicKey = keypair.getPublic(); String keyAlg = DPSigner.getSignatureAlgorithm(publicKey); X500Name issuer = new X500Name(commonName); BigInteger serial = BigInteger.probablePrime(16, new Random()); Date notBefore = new Date(System.currentTimeMillis() - 1000); Date notAfter = new Date(notBefore.getTime() + 6000); SubjectPublicKeyInfo pubKeyInfo; try (ASN1InputStream is = new ASN1InputStream(publicKey.getEncoded())) { pubKeyInfo = SubjectPublicKeyInfo.getInstance(is.readObject()); } X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo); builder.addExtension( new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(false)))); X509CertificateHolder certHolder = builder .build(new JcaContentSignerBuilder(keyAlg).build(keypair.getPrivate())); return new JcaX509CertificateConverter().getCertificate(certHolder); } /** * Creates a new CertificateUtil instance. */ private CertificateUtil() { // Nop } }