Generate certificates

> -----Original Message-----
> From: Lopez Thomas [mailto:[hidden email]]
> Sent: Thursday, May 26, 2005 9:46 AM
> To: [hidden email]
> Subject: [dev-crypto] Generate certificates
>
> Hi, I need your help.
>
> I want to generate cer and specialy i hava problem to
> generate the private key.
> I join my code sources.
>
> How can you help me?
>
> Rgds,
> Thomas.
>
> My code:
>
> //package org.bouncycastle.jce;
> package interbat.crypto.x509;
>
> import java.io.ByteArrayInputStream;
> import java.io.ByteArrayOutputStream;
> import java.io.IOException;
> import java.math.BigInteger;
> import java.security.InvalidKeyException;
> import java.security.NoSuchAlgorithmException;
> import java.security.NoSuchProviderException;
> import java.security.PrivateKey;
> import java.security.PublicKey;
> import java.security.SecureRandom;
> import java.security.Signature;
> import java.security.SignatureException; import
> java.security.cert.X509Certificate;
> import java.util.Date;
> import java.util.Hashtable;
> import java.util.Vector;
>
> import org.bouncycastle.asn1.*;
> import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
> import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
> import org.bouncycastle.asn1.x509.TBSCertificateStructure;
> import org.bouncycastle.asn1.x509.Time;
> import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
> import org.bouncycastle.asn1.x509.X509CertificateStructure;
> import org.bouncycastle.asn1.x509.X509Extension;
> import org.bouncycastle.asn1.x509.X509Extensions;
> import org.bouncycastle.asn1.x509.X509Name;
> import org.bouncycastle.crypto.util.PrivateKeyFactory;
> import org.bouncycastle.jce.provider.X509CertificateObject;
>
> /**
>  * class to produce an X.509 Version 3 certificate.
>  */
> public class X509
> {
>     private V3TBSCertificateGenerator   tbsGen;
>     private DERObjectIdentifier         sigOID;
>     private AlgorithmIdentifier         sigAlgId;
>     private String                      signatureAlgorithm;
>     private Hashtable                   extensions = null;
>     private Vector                      extOrdering = null;
>
>     private static Hashtable            algorithms = new Hashtable();
>
>     static
>     {
>         algorithms.put("MD2WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
>         algorithms.put("MD2WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.2"));
>         algorithms.put("MD5WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
>         algorithms.put("MD5WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.4"));
>         algorithms.put("SHA1WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
>         algorithms.put("SHA1WITHRSA", new
> DERObjectIdentifier("1.2.840.113549.1.1.5"));
>         algorithms.put("RIPEMD160WITHRSAENCRYPTION", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
>         algorithms.put("RIPEMD160WITHRSA", new
> DERObjectIdentifier("1.3.36.3.3.1.2"));
>         algorithms.put("SHA1WITHDSA", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
>         algorithms.put("DSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10040.4.3"));
>         algorithms.put("SHA1WITHECDSA", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
>         algorithms.put("ECDSAWITHSHA1", new
> DERObjectIdentifier("1.2.840.10045.4.1"));
>     }
>
>     public static void main(String[] args) {
>         // TODO Auto-generated method stub
>         try{
>         PrivateKey pKey = ;//" -----BEGIN RSA PRIVATE
> KEY-----    \n du
> bruit \n-----END RSA PRIVATE KEY----- ";
>         }catch(Exception e){
>            
>         }
>         X509Certificate cer =  
> generateX509Certificate(pKey,"interbat",null);      
>        
>         //generateX509Certificate("1234","INTERBAT");
>        
>        
>     }
>    
>    
>     public void X509V3CertificateGenerator()
>     {
>         tbsGen = new V3TBSCertificateGenerator();
>     }
>
>     /**
>      * reset the generator
>      */
>     public void reset()
>     {
>         tbsGen = new V3TBSCertificateGenerator();
>         extensions = null;
>         extOrdering = null;
>     }
>
>     /**
>      * set the serial number for the certificate.
>      */
>     public void setSerialNumber(
>         BigInteger      serialNumber)
>     {
>         tbsGen.setSerialNumber(new DERInteger(serialNumber));
>     }
>
>     /**
>      * Set the issuer distinguished name - the issuer is the
> entity whose private key is used to sign the
>      * certificate.
>      */
>     public void setIssuerDN(
>         X509Name   issuer)
>     {
>         tbsGen.setIssuer(issuer);
>     }
>
>     public void setNotBefore(
>         Date    date)
>     {
>         tbsGen.setStartDate(new Time(date));
>     }
>
>     public void setNotAfter(
>         Date    date)
>     {
>         tbsGen.setEndDate(new Time(date));
>     }
>
>     /**
>      * Set the subject distinguished name. The subject
> describes the entity associated with the public key.
>      */
>     public void setSubjectDN(
>         X509Name   subject)
>     {
>         tbsGen.setSubject(subject);
>     }
>
>     public void setPublicKey(
>         PublicKey       key)
>     {
>         try
>         {
>             tbsGen.setSubjectPublicKeyInfo(new
> SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
>                                 new
> ByteArrayInputStream(key.getEncoded())).readObject()));
>         }
>         catch (Exception e)
>         {
>             throw new IllegalArgumentException("unable to
> process key - " + e.toString());
>         }
>     }
>
>     public void setSignatureAlgorithm(
>         String  signatureAlgorithm)
>     {
>         this.signatureAlgorithm = signatureAlgorithm;
>
>         sigOID =
> (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
>
>         if (sigOID == null)
>         {
>             throw new IllegalArgumentException("Unknown
> signature type requested");
>         }
>
>         sigAlgId = new AlgorithmIdentifier(this.sigOID, new
> DERNull());
>
>         tbsGen.setSignature(sigAlgId);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         String          OID,
>         boolean         critical,
>         DEREncodable    value)
>     {
>         this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         DERObjectIdentifier OID,
>         boolean             critical,
>         DEREncodable        value)
>     {
>         if (extensions == null)
>         {
>             extensions = new Hashtable();
>             extOrdering = new Vector();
>         }
>
>         ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
>         DEROutputStream         dOut = new DEROutputStream(bOut);
>
>         try
>         {
>             dOut.writeObject(value);
>         }
>         catch (IOException e)
>         {
>             throw new IllegalArgumentException("error
> encoding value: "
> + e);
>         }
>
>         this.addExtension(OID, critical, bOut.toByteArray());
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      * The value parameter becomes the contents of the octet
> string associated
>      * with the extension.
>      */
>     public void addExtension(
>         String          OID,
>         boolean         critical,
>         byte[]          value)
>     {
>         this.addExtension(new DERObjectIdentifier(OID),
> critical, value);
>     }
>
>     /**
>      * add a given extension field for the standard
> extensions tag (tag 3)
>      */
>     public void addExtension(
>         DERObjectIdentifier OID,
>         boolean             critical,
>         byte[]              value)
>     {
>         if (extensions == null)
>         {
>             extensions = new Hashtable();
>             extOrdering = new Vector();
>         }
>
>         extensions.put(OID, new X509Extension(critical, new
> DEROctetString(value)));
>         extOrdering.addElement(OID);
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject
>      * using the default provider "BC".
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key)
>         throws SecurityException, SignatureException,
> InvalidKeyException
>     {
>         try
>         {
>             return generateX509Certificate(key, "BC", null);
>         }
>         catch (NoSuchProviderException e)
>         {
>             throw new SecurityException("BC provider not installed!");
>         }
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject
>      * using the default provider "BC", and the passed in
> source of randomness
>      * (if required).
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         SecureRandom    random)
>         throws SecurityException, SignatureException,
> InvalidKeyException
>     {
>         try
>         {
>             return generateX509Certificate(key, "BC", random);
>         }
>         catch (NoSuchProviderException e)
>         {
>             throw new SecurityException("BC provider not installed!");
>         }
>     }
>
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject,
>      * using the passed in provider for the signing.
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         String          provider)
>         throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
>     {
>         return generateX509Certificate(key, provider, null);
>     }
>     /**
>      * generate an X509 certificate, based on the current
> issuer and subject,
>      * using the passed in provider for the signing and the
> supplied source
>      * of randomness, if required.
>      */
>     public X509Certificate generateX509Certificate(
>         PrivateKey      key,
>         String          provider,
>         SecureRandom    random)
>         throws NoSuchProviderException, SecurityException,
> SignatureException, InvalidKeyException
>     {
>         Signature sig = null;
>
>         if (sigOID == null)
>         {
>             throw new IllegalStateException("no signature
> algorithm specified");
>         }
>
>         try
>         {
>             sig = Signature.getInstance(sigOID.getId(), provider);
>         }
>         catch (NoSuchAlgorithmException ex)
>         {
>             try
>             {
>                 sig =
> Signature.getInstance(signatureAlgorithm, provider);
>             }
>             catch (NoSuchAlgorithmException e)
>             {
>                 throw new SecurityException("exception creating
> signature: " + e.toString());
>             }
>         }
>
>         if (random != null)
>         {
>             sig.initSign(key, random);
>         }
>         else
>         {
>             sig.initSign(key);
>         }
>
>         if (extensions != null)
>         {
>             tbsGen.setExtensions(new
> X509Extensions(extOrdering, extensions));
>         }
>
>         TBSCertificateStructure tbsCert =
> tbsGen.generateTBSCertificate();
>
>         try
>         {
>             ByteArrayOutputStream   bOut = new
> ByteArrayOutputStream();
>             DEROutputStream         dOut = new DEROutputStream(bOut);
>
>             dOut.writeObject(tbsCert);
>
>             sig.update(bOut.toByteArray());
>         }
>         catch (Exception e)
>         {
>             throw new SecurityException("exception encoding
> TBS cert - "
> + e);
>         }
>
>         ASN1EncodableVector  v = new ASN1EncodableVector();
>
>         v.add(tbsCert);
>         v.add(sigAlgId);
>         v.add(new DERBitString(sig.sign()));
>
>         return new X509CertificateObject(new
> X509CertificateStructure(new DERSequence(v)));
>     }
> }
>
>
>
>