Generate certificates

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Generate certificates

Lopez Thomas
Hi, I need your help.

I want to generate cer and specialy i hava problem to generate the
private key.
I join my code sources.

How can you help me?

Rgds,
Thomas.

My code:

//package org.bouncycastle.jce;
package interbat.crypto.x509;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;

import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.X509CertificateObject;

/**
 * class to produce an X.509 Version 3 certificate.
 */
public class X509
{
    private V3TBSCertificateGenerator   tbsGen;
    private DERObjectIdentifier         sigOID;
    private AlgorithmIdentifier         sigAlgId;
    private String                      signatureAlgorithm;
    private Hashtable                   extensions = null;
    private Vector                      extOrdering = null;

    private static Hashtable            algorithms = new Hashtable();

    static
    {
        algorithms.put("MD2WITHRSAENCRYPTION", new
DERObjectIdentifier("1.2.840.113549.1.1.2"));
        algorithms.put("MD2WITHRSA", new
DERObjectIdentifier("1.2.840.113549.1.1.2"));
        algorithms.put("MD5WITHRSAENCRYPTION", new
DERObjectIdentifier("1.2.840.113549.1.1.4"));
        algorithms.put("MD5WITHRSA", new
DERObjectIdentifier("1.2.840.113549.1.1.4"));
        algorithms.put("SHA1WITHRSAENCRYPTION", new
DERObjectIdentifier("1.2.840.113549.1.1.5"));
        algorithms.put("SHA1WITHRSA", new
DERObjectIdentifier("1.2.840.113549.1.1.5"));
        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new
DERObjectIdentifier("1.3.36.3.3.1.2"));
        algorithms.put("RIPEMD160WITHRSA", new
DERObjectIdentifier("1.3.36.3.3.1.2"));
        algorithms.put("SHA1WITHDSA", new
DERObjectIdentifier("1.2.840.10040.4.3"));
        algorithms.put("DSAWITHSHA1", new
DERObjectIdentifier("1.2.840.10040.4.3"));
        algorithms.put("SHA1WITHECDSA", new
DERObjectIdentifier("1.2.840.10045.4.1"));
        algorithms.put("ECDSAWITHSHA1", new
DERObjectIdentifier("1.2.840.10045.4.1"));
    }

    public static void main(String[] args) {
        // TODO Auto-generated method stub
        try{
        PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE KEY-----    \n du
bruit \n-----END RSA PRIVATE KEY----- ";
        }catch(Exception e){
           
        }
        X509Certificate cer =  
generateX509Certificate(pKey,"interbat",null);      
       
        //generateX509Certificate("1234","INTERBAT");
       
       
    }
   
   
    public void X509V3CertificateGenerator()
    {
        tbsGen = new V3TBSCertificateGenerator();
    }

    /**
     * reset the generator
     */
    public void reset()
    {
        tbsGen = new V3TBSCertificateGenerator();
        extensions = null;
        extOrdering = null;
    }

    /**
     * set the serial number for the certificate.
     */
    public void setSerialNumber(
        BigInteger      serialNumber)
    {
        tbsGen.setSerialNumber(new DERInteger(serialNumber));
    }

    /**
     * Set the issuer distinguished name - the issuer is the entity
whose private key is used to sign the
     * certificate.
     */
    public void setIssuerDN(
        X509Name   issuer)
    {
        tbsGen.setIssuer(issuer);
    }

    public void setNotBefore(
        Date    date)
    {
        tbsGen.setStartDate(new Time(date));
    }

    public void setNotAfter(
        Date    date)
    {
        tbsGen.setEndDate(new Time(date));
    }

    /**
     * Set the subject distinguished name. The subject describes the
entity associated with the public key.
     */
    public void setSubjectDN(
        X509Name   subject)
    {
        tbsGen.setSubject(subject);
    }

    public void setPublicKey(
        PublicKey       key)
    {
        try
        {
            tbsGen.setSubjectPublicKeyInfo(new
SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
                                new
ByteArrayInputStream(key.getEncoded())).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key -
" + e.toString());
        }
    }

    public void setSignatureAlgorithm(
        String  signatureAlgorithm)
    {
        this.signatureAlgorithm = signatureAlgorithm;

        sigOID =
(DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());

        if (sigOID == null)
        {
            throw new IllegalArgumentException("Unknown signature type
requested");
        }

        sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());

        tbsGen.setSignature(sigAlgId);
    }

    /**
     * add a given extension field for the standard extensions tag (tag 3)
     */
    public void addExtension(
        String          OID,
        boolean         critical,
        DEREncodable    value)
    {
        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    }

    /**
     * add a given extension field for the standard extensions tag (tag 3)
     */
    public void addExtension(
        DERObjectIdentifier OID,
        boolean             critical,
        DEREncodable        value)
    {
        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        DEROutputStream         dOut = new DEROutputStream(bOut);

        try
        {
            dOut.writeObject(value);
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("error encoding value: "
+ e);
        }

        this.addExtension(OID, critical, bOut.toByteArray());
    }

    /**
     * add a given extension field for the standard extensions tag (tag 3)
     * The value parameter becomes the contents of the octet string
associated
     * with the extension.
     */
    public void addExtension(
        String          OID,
        boolean         critical,
        byte[]          value)
    {
        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    }

    /**
     * add a given extension field for the standard extensions tag (tag 3)
     */
    public void addExtension(
        DERObjectIdentifier OID,
        boolean             critical,
        byte[]              value)
    {
        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        extensions.put(OID, new X509Extension(critical, new
DEROctetString(value)));
        extOrdering.addElement(OID);
    }

    /**
     * generate an X509 certificate, based on the current issuer and subject
     * using the default provider "BC".
     */
    public X509Certificate generateX509Certificate(
        PrivateKey      key)
        throws SecurityException, SignatureException, InvalidKeyException
    {
        try
        {
            return generateX509Certificate(key, "BC", null);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    }

    /**
     * generate an X509 certificate, based on the current issuer and subject
     * using the default provider "BC", and the passed in source of
randomness
     * (if required).
     */
    public X509Certificate generateX509Certificate(
        PrivateKey      key,
        SecureRandom    random)
        throws SecurityException, SignatureException, InvalidKeyException
    {
        try
        {
            return generateX509Certificate(key, "BC", random);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    }

    /**
     * generate an X509 certificate, based on the current issuer and
subject,
     * using the passed in provider for the signing.
     */
    public X509Certificate generateX509Certificate(
        PrivateKey      key,
        String          provider)
        throws NoSuchProviderException, SecurityException,
SignatureException, InvalidKeyException
    {
        return generateX509Certificate(key, provider, null);
    }
    /**
     * generate an X509 certificate, based on the current issuer and
subject,
     * using the passed in provider for the signing and the supplied source
     * of randomness, if required.
     */
    public X509Certificate generateX509Certificate(
        PrivateKey      key,
        String          provider,
        SecureRandom    random)
        throws NoSuchProviderException, SecurityException,
SignatureException, InvalidKeyException
    {
        Signature sig = null;

        if (sigOID == null)
        {
            throw new IllegalStateException("no signature algorithm
specified");
        }

        try
        {
            sig = Signature.getInstance(sigOID.getId(), provider);
        }
        catch (NoSuchAlgorithmException ex)
        {
            try
            {
                sig = Signature.getInstance(signatureAlgorithm, provider);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new SecurityException("exception creating
signature: " + e.toString());
            }
        }

        if (random != null)
        {
            sig.initSign(key, random);
        }
        else
        {
            sig.initSign(key);
        }

        if (extensions != null)
        {
            tbsGen.setExtensions(new X509Extensions(extOrdering,
extensions));
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

            dOut.writeObject(tbsCert);

            sig.update(bOut.toByteArray());
        }
        catch (Exception e)
        {
            throw new SecurityException("exception encoding TBS cert - "
+ e);
        }

        ASN1EncodableVector  v = new ASN1EncodableVector();

        v.add(tbsCert);
        v.add(sigAlgId);
        v.add(new DERBitString(sig.sign()));

        return new X509CertificateObject(new
X509CertificateStructure(new DERSequence(v)));
    }
}



Reply | Threaded
Open this post in threaded view
|

RE: Generate certificates

MACKO Roman
Hi,

why do not use org.bouncycastle.x509.X509V3CertificateGenerator class to
generate X.509 Certificate version 3?

You can generate private and public keys by
java.security.KeyPairGenerator class that
is provided by JDK

roman

> -----Original Message-----
> From: Lopez Thomas [mailto:[hidden email]]
> Sent: Thursday, May 26, 2005 9:46 AM
> To: [hidden email]
> Subject: [dev-crypto] Generate certificates
>
> Hi, I need your help.
>
> I want to generate cer and specialy i hava problem to
> generate the private key.
> I join my code sources.
>
> How can you help me?
>
> Rgds,
> Thomas.
>
> My code:
>
> //package org.bouncycastle.jce;
> package interbat.crypto.x509;
>
> import java.io.ByteArrayInputStream;
> import java.io.ByteArrayOutputStream;
> import java.io.IOException;
> import java.math.BigInteger;
> import java.security.InvalidKeyException;
> import java.security.NoSuchAlgorithmException;
> import java.security.NoSuchProviderException;
> import java.security.PrivateKey;
> import java.security.PublicKey;
> import java.security.SecureRandom;
> import java.security.Signature;
> import java.security.SignatureException; import
> java.security.cert.X509Certificate;
> import java.util.Date;
> import java.util.Hashtable;
> import java.util.Vector;
>
> import org.bouncycastle.asn1.*;
> import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
> import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
> import org.bouncycastle.asn1.x509.TBSCertificateStructure;
> import org.bouncycastle.asn1.x509.Time;
> import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
> import org.bouncycastle.asn1.x509.X509CertificateStructure;
> import org.bouncycastle.asn1.x509.X509Extension;
> import org.bouncycastle.asn1.x509.X509Extensions;
> import org.bouncycastle.asn1.x509.X509Name;
> import org.bouncycastle.crypto.util.PrivateKeyFactory;
> import org.bouncycastle.jce.provider.X509CertificateObject;
>
> /**
>  * class to produce an X.509 Version 3 certificate.
>  */
> public class X509
> {
>     private V3TBSCertificateGenerator   tbsGen;
>     private DERObjectIdentifier         sigOID;
>     private AlgorithmIdentifier         sigAlgId;
>     private String                      signatureAlgorithm;
>     private Hashtable                   extensions = null;
>     private Vector                      extOrdering = null;
>
>     private static Hashtable            algorithms = new Hashtable();
>
>     static
>     {
>         algorithms.put("MD2WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
>         algorithms.put("MD2WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
>         algorithms.put("MD5WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
>         algorithms.put("MD5WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
>         algorithms.put("SHA1WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
>         algorithms.put("SHA1WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
>         algorithms.put("RIPEMD160WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
>         algorithms.put("RIPEMD160WITHRSA", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
>         algorithms.put("SHA1WITHDSA", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
>         algorithms.put("DSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
>         algorithms.put("SHA1WITHECDSA", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
>         algorithms.put("ECDSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
>     }
>
>     public static void main(String[] args) {
>         // TODO Auto-generated method stub
>         try{
>         PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE
> KEY-----    \n du
> bruit \n-----END RSA PRIVATE KEY----- ";
>         }catch(Exception e){
>            
>         }
>         X509Certificate cer =  
> generateX509Certificate(pKey,"interbat",null);      
>        
>         //generateX509Certificate("1234","INTERBAT");
>        
>        
>     }
>    
>    
>     public void X509V3CertificateGenerator()
>     {
>         tbsGen = new V3TBSCertificateGenerator();
>     }
>
>     /**
>      * reset the generator
>      */
>     public void reset()
>     {
>         tbsGen = new V3TBSCertificateGenerator();
>         extensions = null;
>         extOrdering = null;
>     }
>
>     /**
>      * set the serial number for the certificate.
>      */
>     public void setSerialNumber(
>         BigInteger      serialNumber)
>     {
>         tbsGen.setSerialNumber(new DERInteger(serialNumber));
>     }
>
>     /**
>      * Set the issuer distinguished name - the issuer is the
> entity whose private key is used to sign the
>      * certificate.
>      */
>     public void setIssuerDN(
>         X509Name   issuer)
>     {
>         tbsGen.setIssuer(issuer);
>     }
>
>     public void setNotBefore(
>         Date    date)
>     {
>         tbsGen.setStartDate(new Time(date));
>     }
>
>     public void setNotAfter(
>         Date    date)
>     {
>         tbsGen.setEndDate(new Time(date));
>     }
>
>     /**
>      * Set the subject distinguished name. The subject
> describes the entity associated with the public key.
>      */
>     public void setSubjectDN(
>         X509Name   subject)
>     {
>         tbsGen.setSubject(subject);
>     }
>
>     public void setPublicKey(
>         PublicKey       key)
>     {
>         try
>         {
>             tbsGen.setSubjectPublicKeyInfo(new
> SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
>                                 new
> ByteArrayInputStream(key.getEncoded())).readObject()));
>         }
>         catch (Exception e)
>         {
>             throw new IllegalArgumentException("unable to
> process key - " + e.toString());
>         }
>     }
>
>     public void setSignatureAlgorithm(
>         String  signatureAlgorithm)
>     {
>         this.signatureAlgorithm = signatureAlgorithm;
>
>         sigOID =
> (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
>
>         if (sigOID == null)
>         {
>             throw new IllegalArgumentException("Unknown
> signature type requested");
>         }
>
>         sigAlgId = new AlgorithmIdentifier(this.sigOID, new
> DERNull());
>
>         tbsGen.setSignature(sigAlgId);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         String          OID,
>         boolean         critical,
>         DEREncodable    value)
>     {
>         this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         DERObjectIdentifier OID,
>         boolean             critical,
>         DEREncodable        value)
>     {
>         if (extensions == null)
>         {
>             extensions = new Hashtable();
>             extOrdering = new Vector();
>         }
>
>         ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
>         DEROutputStream         dOut = new DEROutputStream(bOut);
>
>         try
>         {
>             dOut.writeObject(value);
>         }
>         catch (IOException e)
>         {
>             throw new IllegalArgumentException("error
> encoding value: "
> + e);
>         }
>
>         this.addExtension(OID, critical, bOut.toByteArray());
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      * The value parameter becomes the contents of the octet
> string associated
>      * with the extension.
>      */
>     public void addExtension(
>         String          OID,
>         boolean         critical,
>         byte[]          value)
>     {
>         this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         DERObjectIdentifier OID,
>         boolean             critical,
>         byte[]              value)
>     {
>         if (extensions == null)
>         {
>             extensions = new Hashtable();
>             extOrdering = new Vector();
>         }
>
>         extensions.put(OID, new X509Extension(critical, new
> DEROctetString(value)));
>         extOrdering.addElement(OID);
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject
>      * using the default provider "BC".
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key)
>         throws SecurityException, SignatureException,
> InvalidKeyException
>     {
>         try
>         {
>             return generateX509Certificate(key, "BC", null);
>         }
>         catch (NoSuchProviderException e)
>         {
>             throw new SecurityException("BC provider not installed!");
>         }
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject
>      * using the default provider "BC", and the passed in
> source of randomness
>      * (if required).
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         SecureRandom    random)
>         throws SecurityException, SignatureException,
> InvalidKeyException
>     {
>         try
>         {
>             return generateX509Certificate(key, "BC", random);
>         }
>         catch (NoSuchProviderException e)
>         {
>             throw new SecurityException("BC provider not installed!");
>         }
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject,
>      * using the passed in provider for the signing.
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         String          provider)
>         throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
>     {
>         return generateX509Certificate(key, provider, null);
>     }
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject,
>      * using the passed in provider for the signing and the
> supplied source
>      * of randomness, if required.
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         String          provider,
>         SecureRandom    random)
>         throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
>     {
>         Signature sig = null;
>
>         if (sigOID == null)
>         {
>             throw new IllegalStateException("no signature
> algorithm specified");
>         }
>
>         try
>         {
>             sig = Signature.getInstance(sigOID.getId(), provider);
>         }
>         catch (NoSuchAlgorithmException ex)
>         {
>             try
>             {
>                 sig =
> Signature.getInstance(signatureAlgorithm, provider);
>             }
>             catch (NoSuchAlgorithmException e)
>             {
>                 throw new SecurityException("exception creating
> signature: " + e.toString());
>             }
>         }
>
>         if (random != null)
>         {
>             sig.initSign(key, random);
>         }
>         else
>         {
>             sig.initSign(key);
>         }
>
>         if (extensions != null)
>         {
>             tbsGen.setExtensions(new
> X509Extensions(extOrdering, extensions));
>         }
>
>         TBSCertificateStructure tbsCert =
> tbsGen.generateTBSCertificate();
>
>         try
>         {
>             ByteArrayOutputStream   bOut = new
> ByteArrayOutputStream();
>             DEROutputStream         dOut = new DEROutputStream(bOut);
>
>             dOut.writeObject(tbsCert);
>
>             sig.update(bOut.toByteArray());
>         }
>         catch (Exception e)
>         {
>             throw new SecurityException("exception encoding
> TBS cert - "
> + e);
>         }
>
>         ASN1EncodableVector  v = new ASN1EncodableVector();
>
>         v.add(tbsCert);
>         v.add(sigAlgId);
>         v.add(new DERBitString(sig.sign()));
>
>         return new X509CertificateObject(new
> X509CertificateStructure(new DERSequence(v)));
>     }
> }
>
>
>
>