Wednesday 12 July 2017

How to generate Certificate in Java


How to create a certificate from Keypair of issuer and subject?

Create w a two X500Name objects one for isuer and one for subject.



1
2
3
4
5
6
7
8
9
X500Name issuer = new X500Name(IETFUtils.rDNsFromString("C=rootca,OU=rootca,O=Thawate", RFC4519Style.INSTANCE));
X500Name subject = new X500Name(IETFUtils.rDNsFromString("C=company,OU=12345,O=Organization", RFC4519Style.INSTANCE));X509CertificateObject cert1 = generateCert("company", companyKeypair, false, caKeypair.getPublic(), caKeypair.getPrivate(),issuer,subject);
Certificate[] certChain = new Certificate[1];  
certChain[0] = (Certificate) cert1;  
ks.setKeyEntry("identity", (Key)companyKeypair.getPrivate(), ksPass, certChain);

call below method as shown above.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
 private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey,X500Name issuer,X500Name subject)
      throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
    Calendar startDate = Calendar.getInstance();
    Calendar endDate = Calendar.getInstance();
    endDate.add(Calendar.DAY_OF_YEAR, 10);

    BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
    
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), subject, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
      certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder("MD5withRSA").build(signerPrivateKey));
    return new X509CertificateObject(cert.toASN1Structure());
  }
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)