Hi, I need your help.
I want to generate cer and specialy i hava problem to generate the private key. I join my code sources. How can you help me? Rgds, Thomas. My code: //package org.bouncycastle.jce; package interbat.crypto.x509; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; import java.security.SignatureException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Hashtable; import java.util.Vector; import org.bouncycastle.asn1.*; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.TBSCertificateStructure; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; import org.bouncycastle.asn1.x509.X509CertificateStructure; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.crypto.util.PrivateKeyFactory; import org.bouncycastle.jce.provider.X509CertificateObject; /** * class to produce an X.509 Version 3 certificate. */ public class X509 { private V3TBSCertificateGenerator tbsGen; private DERObjectIdentifier sigOID; private AlgorithmIdentifier sigAlgId; private String signatureAlgorithm; private Hashtable extensions = null; private Vector extOrdering = null; private static Hashtable algorithms = new Hashtable(); static { algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1")); algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1")); } public static void main(String[] args) { // TODO Auto-generated method stub try{ PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE KEY----- \n du bruit \n-----END RSA PRIVATE KEY----- "; }catch(Exception e){ } X509Certificate cer = generateX509Certificate(pKey,"interbat",null); //generateX509Certificate("1234","INTERBAT"); } public void X509V3CertificateGenerator() { tbsGen = new V3TBSCertificateGenerator(); } /** * reset the generator */ public void reset() { tbsGen = new V3TBSCertificateGenerator(); extensions = null; extOrdering = null; } /** * set the serial number for the certificate. */ public void setSerialNumber( BigInteger serialNumber) { tbsGen.setSerialNumber(new DERInteger(serialNumber)); } /** * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the * certificate. */ public void setIssuerDN( X509Name issuer) { tbsGen.setIssuer(issuer); } public void setNotBefore( Date date) { tbsGen.setStartDate(new Time(date)); } public void setNotAfter( Date date) { tbsGen.setEndDate(new Time(date)); } /** * Set the subject distinguished name. The subject describes the entity associated with the public key. */ public void setSubjectDN( X509Name subject) { tbsGen.setSubject(subject); } public void setPublicKey( PublicKey key) { try { tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream( new ByteArrayInputStream(key.getEncoded())).readObject())); } catch (Exception e) { throw new IllegalArgumentException("unable to process key - " + e.toString()); } } public void setSignatureAlgorithm( String signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase()); if (sigOID == null) { throw new IllegalArgumentException("Unknown signature type requested"); } sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull()); tbsGen.setSignature(sigAlgId); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( String OID, boolean critical, DEREncodable value) { this.addExtension(new DERObjectIdentifier(OID), critical, value); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( DERObjectIdentifier OID, boolean critical, DEREncodable value) { if (extensions == null) { extensions = new Hashtable(); extOrdering = new Vector(); } ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); try { dOut.writeObject(value); } catch (IOException e) { throw new IllegalArgumentException("error encoding value: " + e); } this.addExtension(OID, critical, bOut.toByteArray()); } /** * add a given extension field for the standard extensions tag (tag 3) * The value parameter becomes the contents of the octet string associated * with the extension. */ public void addExtension( String OID, boolean critical, byte[] value) { this.addExtension(new DERObjectIdentifier(OID), critical, value); } /** * add a given extension field for the standard extensions tag (tag 3) */ public void addExtension( DERObjectIdentifier OID, boolean critical, byte[] value) { if (extensions == null) { extensions = new Hashtable(); extOrdering = new Vector(); } extensions.put(OID, new X509Extension(critical, new DEROctetString(value))); extOrdering.addElement(OID); } /** * generate an X509 certificate, based on the current issuer and subject * using the default provider "BC". */ public X509Certificate generateX509Certificate( PrivateKey key) throws SecurityException, SignatureException, InvalidKeyException { try { return generateX509Certificate(key, "BC", null); } catch (NoSuchProviderException e) { throw new SecurityException("BC provider not installed!"); } } /** * generate an X509 certificate, based on the current issuer and subject * using the default provider "BC", and the passed in source of randomness * (if required). */ public X509Certificate generateX509Certificate( PrivateKey key, SecureRandom random) throws SecurityException, SignatureException, InvalidKeyException { try { return generateX509Certificate(key, "BC", random); } catch (NoSuchProviderException e) { throw new SecurityException("BC provider not installed!"); } } /** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing. */ public X509Certificate generateX509Certificate( PrivateKey key, String provider) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException { return generateX509Certificate(key, provider, null); } /** * generate an X509 certificate, based on the current issuer and subject, * using the passed in provider for the signing and the supplied source * of randomness, if required. */ public X509Certificate generateX509Certificate( PrivateKey key, String provider, SecureRandom random) throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException { Signature sig = null; if (sigOID == null) { throw new IllegalStateException("no signature algorithm specified"); } try { sig = Signature.getInstance(sigOID.getId(), provider); } catch (NoSuchAlgorithmException ex) { try { sig = Signature.getInstance(signatureAlgorithm, provider); } catch (NoSuchAlgorithmException e) { throw new SecurityException("exception creating signature: " + e.toString()); } } if (random != null) { sig.initSign(key, random); } else { sig.initSign(key); } if (extensions != null) { tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); } TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(tbsCert); sig.update(bOut.toByteArray()); } catch (Exception e) { throw new SecurityException("exception encoding TBS cert - " + e); } ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(sig.sign())); return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); } } |
Hi,
why do not use org.bouncycastle.x509.X509V3CertificateGenerator class to generate X.509 Certificate version 3? You can generate private and public keys by java.security.KeyPairGenerator class that is provided by JDK roman > -----Original Message----- > From: Lopez Thomas [mailto:[hidden email]] > Sent: Thursday, May 26, 2005 9:46 AM > To: [hidden email] > Subject: [dev-crypto] Generate certificates > > Hi, I need your help. > > I want to generate cer and specialy i hava problem to > generate the private key. > I join my code sources. > > How can you help me? > > Rgds, > Thomas. > > My code: > > //package org.bouncycastle.jce; > package interbat.crypto.x509; > > import java.io.ByteArrayInputStream; > import java.io.ByteArrayOutputStream; > import java.io.IOException; > import java.math.BigInteger; > import java.security.InvalidKeyException; > import java.security.NoSuchAlgorithmException; > import java.security.NoSuchProviderException; > import java.security.PrivateKey; > import java.security.PublicKey; > import java.security.SecureRandom; > import java.security.Signature; > import java.security.SignatureException; import > java.security.cert.X509Certificate; > import java.util.Date; > import java.util.Hashtable; > import java.util.Vector; > > import org.bouncycastle.asn1.*; > import org.bouncycastle.asn1.x509.AlgorithmIdentifier; > import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; > import org.bouncycastle.asn1.x509.TBSCertificateStructure; > import org.bouncycastle.asn1.x509.Time; > import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; > import org.bouncycastle.asn1.x509.X509CertificateStructure; > import org.bouncycastle.asn1.x509.X509Extension; > import org.bouncycastle.asn1.x509.X509Extensions; > import org.bouncycastle.asn1.x509.X509Name; > import org.bouncycastle.crypto.util.PrivateKeyFactory; > import org.bouncycastle.jce.provider.X509CertificateObject; > > /** > * class to produce an X.509 Version 3 certificate. > */ > public class X509 > { > private V3TBSCertificateGenerator tbsGen; > private DERObjectIdentifier sigOID; > private AlgorithmIdentifier sigAlgId; > private String signatureAlgorithm; > private Hashtable extensions = null; > private Vector extOrdering = null; > > private static Hashtable algorithms = new Hashtable(); > > static > { > algorithms.put("MD2WITHRSAENCRYPTION", new > DERObjectIdentifier("1.2.840.113549.1.1.2")); > algorithms.put("MD2WITHRSA", new > DERObjectIdentifier("1.2.840.113549.1.1.2")); > algorithms.put("MD5WITHRSAENCRYPTION", new > DERObjectIdentifier("1.2.840.113549.1.1.4")); > algorithms.put("MD5WITHRSA", new > DERObjectIdentifier("1.2.840.113549.1.1.4")); > algorithms.put("SHA1WITHRSAENCRYPTION", new > DERObjectIdentifier("1.2.840.113549.1.1.5")); > algorithms.put("SHA1WITHRSA", new > DERObjectIdentifier("1.2.840.113549.1.1.5")); > algorithms.put("RIPEMD160WITHRSAENCRYPTION", new > DERObjectIdentifier("1.3.36.3.3.1.2")); > algorithms.put("RIPEMD160WITHRSA", new > DERObjectIdentifier("1.3.36.3.3.1.2")); > algorithms.put("SHA1WITHDSA", new > DERObjectIdentifier("1.2.840.10040.4.3")); > algorithms.put("DSAWITHSHA1", new > DERObjectIdentifier("1.2.840.10040.4.3")); > algorithms.put("SHA1WITHECDSA", new > DERObjectIdentifier("1.2.840.10045.4.1")); > algorithms.put("ECDSAWITHSHA1", new > DERObjectIdentifier("1.2.840.10045.4.1")); > } > > public static void main(String[] args) { > // TODO Auto-generated method stub > try{ > PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE > KEY----- \n du > bruit \n-----END RSA PRIVATE KEY----- "; > }catch(Exception e){ > > } > X509Certificate cer = > generateX509Certificate(pKey,"interbat",null); > > //generateX509Certificate("1234","INTERBAT"); > > > } > > > public void X509V3CertificateGenerator() > { > tbsGen = new V3TBSCertificateGenerator(); > } > > /** > * reset the generator > */ > public void reset() > { > tbsGen = new V3TBSCertificateGenerator(); > extensions = null; > extOrdering = null; > } > > /** > * set the serial number for the certificate. > */ > public void setSerialNumber( > BigInteger serialNumber) > { > tbsGen.setSerialNumber(new DERInteger(serialNumber)); > } > > /** > * Set the issuer distinguished name - the issuer is the > entity whose private key is used to sign the > * certificate. > */ > public void setIssuerDN( > X509Name issuer) > { > tbsGen.setIssuer(issuer); > } > > public void setNotBefore( > Date date) > { > tbsGen.setStartDate(new Time(date)); > } > > public void setNotAfter( > Date date) > { > tbsGen.setEndDate(new Time(date)); > } > > /** > * Set the subject distinguished name. The subject > describes the entity associated with the public key. > */ > public void setSubjectDN( > X509Name subject) > { > tbsGen.setSubject(subject); > } > > public void setPublicKey( > PublicKey key) > { > try > { > tbsGen.setSubjectPublicKeyInfo(new > SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream( > new > ByteArrayInputStream(key.getEncoded())).readObject())); > } > catch (Exception e) > { > throw new IllegalArgumentException("unable to > process key - " + e.toString()); > } > } > > public void setSignatureAlgorithm( > String signatureAlgorithm) > { > this.signatureAlgorithm = signatureAlgorithm; > > sigOID = > (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase()); > > if (sigOID == null) > { > throw new IllegalArgumentException("Unknown > signature type requested"); > } > > sigAlgId = new AlgorithmIdentifier(this.sigOID, new > DERNull()); > > tbsGen.setSignature(sigAlgId); > } > > /** > * add a given extension field for the standard > extensions tag (tag 3) > */ > public void addExtension( > String OID, > boolean critical, > DEREncodable value) > { > this.addExtension(new DERObjectIdentifier(OID), > critical, value); > } > > /** > * add a given extension field for the standard > extensions tag (tag 3) > */ > public void addExtension( > DERObjectIdentifier OID, > boolean critical, > DEREncodable value) > { > if (extensions == null) > { > extensions = new Hashtable(); > extOrdering = new Vector(); > } > > ByteArrayOutputStream bOut = new ByteArrayOutputStream(); > DEROutputStream dOut = new DEROutputStream(bOut); > > try > { > dOut.writeObject(value); > } > catch (IOException e) > { > throw new IllegalArgumentException("error > encoding value: " > + e); > } > > this.addExtension(OID, critical, bOut.toByteArray()); > } > > /** > * add a given extension field for the standard > extensions tag (tag 3) > * The value parameter becomes the contents of the octet > string associated > * with the extension. > */ > public void addExtension( > String OID, > boolean critical, > byte[] value) > { > this.addExtension(new DERObjectIdentifier(OID), > critical, value); > } > > /** > * add a given extension field for the standard > extensions tag (tag 3) > */ > public void addExtension( > DERObjectIdentifier OID, > boolean critical, > byte[] value) > { > if (extensions == null) > { > extensions = new Hashtable(); > extOrdering = new Vector(); > } > > extensions.put(OID, new X509Extension(critical, new > DEROctetString(value))); > extOrdering.addElement(OID); > } > > /** > * generate an X509 certificate, based on the current > issuer and subject > * using the default provider "BC". > */ > public X509Certificate generateX509Certificate( > PrivateKey key) > throws SecurityException, SignatureException, > InvalidKeyException > { > try > { > return generateX509Certificate(key, "BC", null); > } > catch (NoSuchProviderException e) > { > throw new SecurityException("BC provider not installed!"); > } > } > > /** > * generate an X509 certificate, based on the current > issuer and subject > * using the default provider "BC", and the passed in > source of randomness > * (if required). > */ > public X509Certificate generateX509Certificate( > PrivateKey key, > SecureRandom random) > throws SecurityException, SignatureException, > InvalidKeyException > { > try > { > return generateX509Certificate(key, "BC", random); > } > catch (NoSuchProviderException e) > { > throw new SecurityException("BC provider not installed!"); > } > } > > /** > * generate an X509 certificate, based on the current > issuer and subject, > * using the passed in provider for the signing. > */ > public X509Certificate generateX509Certificate( > PrivateKey key, > String provider) > throws NoSuchProviderException, SecurityException, > SignatureException, InvalidKeyException > { > return generateX509Certificate(key, provider, null); > } > /** > * generate an X509 certificate, based on the current > issuer and subject, > * using the passed in provider for the signing and the > supplied source > * of randomness, if required. > */ > public X509Certificate generateX509Certificate( > PrivateKey key, > String provider, > SecureRandom random) > throws NoSuchProviderException, SecurityException, > SignatureException, InvalidKeyException > { > Signature sig = null; > > if (sigOID == null) > { > throw new IllegalStateException("no signature > algorithm specified"); > } > > try > { > sig = Signature.getInstance(sigOID.getId(), provider); > } > catch (NoSuchAlgorithmException ex) > { > try > { > sig = > Signature.getInstance(signatureAlgorithm, provider); > } > catch (NoSuchAlgorithmException e) > { > throw new SecurityException("exception creating > signature: " + e.toString()); > } > } > > if (random != null) > { > sig.initSign(key, random); > } > else > { > sig.initSign(key); > } > > if (extensions != null) > { > tbsGen.setExtensions(new > X509Extensions(extOrdering, extensions)); > } > > TBSCertificateStructure tbsCert = > tbsGen.generateTBSCertificate(); > > try > { > ByteArrayOutputStream bOut = new > ByteArrayOutputStream(); > DEROutputStream dOut = new DEROutputStream(bOut); > > dOut.writeObject(tbsCert); > > sig.update(bOut.toByteArray()); > } > catch (Exception e) > { > throw new SecurityException("exception encoding > TBS cert - " > + e); > } > > ASN1EncodableVector v = new ASN1EncodableVector(); > > v.add(tbsCert); > v.add(sigAlgId); > v.add(new DERBitString(sig.sign())); > > return new X509CertificateObject(new > X509CertificateStructure(new DERSequence(v))); > } > } > > > > |
Free forum by Nabble | Edit this page |