> -----Original Message-----
> From: Lopez Thomas [mailto:
[hidden email]]
> Sent: Thursday, May 26, 2005 9:46 AM
> To:
[hidden email]
> Subject: [dev-crypto] Generate certificates
>
> Hi, I need your help.
>
> I want to generate cer and specialy i hava problem to
> generate the private key.
> I join my code sources.
>
> How can you help me?
>
> Rgds,
> Thomas.
>
> My code:
>
> //package org.bouncycastle.jce;
> package interbat.crypto.x509;
>
> import java.io.ByteArrayInputStream;
> import java.io.ByteArrayOutputStream;
> import java.io.IOException;
> import java.math.BigInteger;
> import java.security.InvalidKeyException;
> import java.security.NoSuchAlgorithmException;
> import java.security.NoSuchProviderException;
> import java.security.PrivateKey;
> import java.security.PublicKey;
> import java.security.SecureRandom;
> import java.security.Signature;
> import java.security.SignatureException; import
> java.security.cert.X509Certificate;
> import java.util.Date;
> import java.util.Hashtable;
> import java.util.Vector;
>
> import org.bouncycastle.asn1.*;
> import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
> import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
> import org.bouncycastle.asn1.x509.TBSCertificateStructure;
> import org.bouncycastle.asn1.x509.Time;
> import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
> import org.bouncycastle.asn1.x509.X509CertificateStructure;
> import org.bouncycastle.asn1.x509.X509Extension;
> import org.bouncycastle.asn1.x509.X509Extensions;
> import org.bouncycastle.asn1.x509.X509Name;
> import org.bouncycastle.crypto.util.PrivateKeyFactory;
> import org.bouncycastle.jce.provider.X509CertificateObject;
>
> /**
> * class to produce an X.509 Version 3 certificate.
> */
> public class X509
> {
> private V3TBSCertificateGenerator tbsGen;
> private DERObjectIdentifier sigOID;
> private AlgorithmIdentifier sigAlgId;
> private String signatureAlgorithm;
> private Hashtable extensions = null;
> private Vector extOrdering = null;
>
> private static Hashtable algorithms = new Hashtable();
>
> static
> {
> algorithms.put("MD2WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
> algorithms.put("MD2WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
> algorithms.put("MD5WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
> algorithms.put("MD5WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
> algorithms.put("SHA1WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
> algorithms.put("SHA1WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
> algorithms.put("RIPEMD160WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
> algorithms.put("RIPEMD160WITHRSA", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
> algorithms.put("SHA1WITHDSA", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
> algorithms.put("DSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
> algorithms.put("SHA1WITHECDSA", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
> algorithms.put("ECDSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
> }
>
> public static void main(String[] args) {
> // TODO Auto-generated method stub
> try{
> PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE
> KEY----- \n du
> bruit \n-----END RSA PRIVATE KEY----- ";
> }catch(Exception e){
>
> }
> X509Certificate cer =
> generateX509Certificate(pKey,"interbat",null);
>
> //generateX509Certificate("1234","INTERBAT");
>
>
> }
>
>
> public void X509V3CertificateGenerator()
> {
> tbsGen = new V3TBSCertificateGenerator();
> }
>
> /**
> * reset the generator
> */
> public void reset()
> {
> tbsGen = new V3TBSCertificateGenerator();
> extensions = null;
> extOrdering = null;
> }
>
> /**
> * set the serial number for the certificate.
> */
> public void setSerialNumber(
> BigInteger serialNumber)
> {
> tbsGen.setSerialNumber(new DERInteger(serialNumber));
> }
>
> /**
> * Set the issuer distinguished name - the issuer is the
> entity whose private key is used to sign the
> * certificate.
> */
> public void setIssuerDN(
> X509Name issuer)
> {
> tbsGen.setIssuer(issuer);
> }
>
> public void setNotBefore(
> Date date)
> {
> tbsGen.setStartDate(new Time(date));
> }
>
> public void setNotAfter(
> Date date)
> {
> tbsGen.setEndDate(new Time(date));
> }
>
> /**
> * Set the subject distinguished name. The subject
> describes the entity associated with the public key.
> */
> public void setSubjectDN(
> X509Name subject)
> {
> tbsGen.setSubject(subject);
> }
>
> public void setPublicKey(
> PublicKey key)
> {
> try
> {
> tbsGen.setSubjectPublicKeyInfo(new
> SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
> new
> ByteArrayInputStream(key.getEncoded())).readObject()));
> }
> catch (Exception e)
> {
> throw new IllegalArgumentException("unable to
> process key - " + e.toString());
> }
> }
>
> public void setSignatureAlgorithm(
> String signatureAlgorithm)
> {
> this.signatureAlgorithm = signatureAlgorithm;
>
> sigOID =
> (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
>
> if (sigOID == null)
> {
> throw new IllegalArgumentException("Unknown
> signature type requested");
> }
>
> sigAlgId = new AlgorithmIdentifier(this.sigOID, new
> DERNull());
>
> tbsGen.setSignature(sigAlgId);
> }
>
> /**
> * add a given extension field for the standard
> extensions tag (tag 3)
> */
> public void addExtension(
> String OID,
> boolean critical,
> DEREncodable value)
> {
> this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
> }
>
> /**
> * add a given extension field for the standard
> extensions tag (tag 3)
> */
> public void addExtension(
> DERObjectIdentifier OID,
> boolean critical,
> DEREncodable value)
> {
> if (extensions == null)
> {
> extensions = new Hashtable();
> extOrdering = new Vector();
> }
>
> ByteArrayOutputStream bOut = new ByteArrayOutputStream();
> DEROutputStream dOut = new DEROutputStream(bOut);
>
> try
> {
> dOut.writeObject(value);
> }
> catch (IOException e)
> {
> throw new IllegalArgumentException("error
> encoding value: "
> + e);
> }
>
> this.addExtension(OID, critical, bOut.toByteArray());
> }
>
> /**
> * add a given extension field for the standard
> extensions tag (tag 3)
> * The value parameter becomes the contents of the octet
> string associated
> * with the extension.
> */
> public void addExtension(
> String OID,
> boolean critical,
> byte[] value)
> {
> this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
> }
>
> /**
> * add a given extension field for the standard
> extensions tag (tag 3)
> */
> public void addExtension(
> DERObjectIdentifier OID,
> boolean critical,
> byte[] value)
> {
> if (extensions == null)
> {
> extensions = new Hashtable();
> extOrdering = new Vector();
> }
>
> extensions.put(OID, new X509Extension(critical, new
> DEROctetString(value)));
> extOrdering.addElement(OID);
> }
>
> /**
> * generate an X509 certificate, based on the current
> issuer and subject
> * using the default provider "BC".
> */
> public X509Certificate generateX509Certificate(
> PrivateKey key)
> throws SecurityException, SignatureException,
> InvalidKeyException
> {
> try
> {
> return generateX509Certificate(key, "BC", null);
> }
> catch (NoSuchProviderException e)
> {
> throw new SecurityException("BC provider not installed!");
> }
> }
>
> /**
> * generate an X509 certificate, based on the current
> issuer and subject
> * using the default provider "BC", and the passed in
> source of randomness
> * (if required).
> */
> public X509Certificate generateX509Certificate(
> PrivateKey key,
> SecureRandom random)
> throws SecurityException, SignatureException,
> InvalidKeyException
> {
> try
> {
> return generateX509Certificate(key, "BC", random);
> }
> catch (NoSuchProviderException e)
> {
> throw new SecurityException("BC provider not installed!");
> }
> }
>
> /**
> * generate an X509 certificate, based on the current
> issuer and subject,
> * using the passed in provider for the signing.
> */
> public X509Certificate generateX509Certificate(
> PrivateKey key,
> String provider)
> throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
> {
> return generateX509Certificate(key, provider, null);
> }
> /**
> * generate an X509 certificate, based on the current
> issuer and subject,
> * using the passed in provider for the signing and the
> supplied source
> * of randomness, if required.
> */
> public X509Certificate generateX509Certificate(
> PrivateKey key,
> String provider,
> SecureRandom random)
> throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
> {
> Signature sig = null;
>
> if (sigOID == null)
> {
> throw new IllegalStateException("no signature
> algorithm specified");
> }
>
> try
> {
> sig = Signature.getInstance(sigOID.getId(), provider);
> }
> catch (NoSuchAlgorithmException ex)
> {
> try
> {
> sig =
> Signature.getInstance(signatureAlgorithm, provider);
> }
> catch (NoSuchAlgorithmException e)
> {
> throw new SecurityException("exception creating
> signature: " + e.toString());
> }
> }
>
> if (random != null)
> {
> sig.initSign(key, random);
> }
> else
> {
> sig.initSign(key);
> }
>
> if (extensions != null)
> {
> tbsGen.setExtensions(new
> X509Extensions(extOrdering, extensions));
> }
>
> TBSCertificateStructure tbsCert =
> tbsGen.generateTBSCertificate();
>
> try
> {
> ByteArrayOutputStream bOut = new
> ByteArrayOutputStream();
> DEROutputStream dOut = new DEROutputStream(bOut);
>
> dOut.writeObject(tbsCert);
>
> sig.update(bOut.toByteArray());
> }
> catch (Exception e)
> {
> throw new SecurityException("exception encoding
> TBS cert - "
> + e);
> }
>
> ASN1EncodableVector v = new ASN1EncodableVector();
>
> v.add(tbsCert);
> v.add(sigAlgId);
> v.add(new DERBitString(sig.sign()));
>
> return new X509CertificateObject(new
> X509CertificateStructure(new DERSequence(v)));
> }
> }
>
>
>
>
Locked
