How to create a certificate from Keypair of issuer and subject?
Create w a two X500Name objects one for isuer and one for subject.
1 2 3 4 5 6 7 8 9 | X500Name issuer = new X500Name(IETFUtils.rDNsFromString("C=rootca,OU=rootca,O=Thawate", RFC4519Style.INSTANCE)); X500Name subject = new X500Name(IETFUtils.rDNsFromString("C=company,OU=12345,O=Organization", RFC4519Style.INSTANCE));X509CertificateObject cert1 = generateCert("company", companyKeypair, false, caKeypair.getPublic(), caKeypair.getPrivate(),issuer,subject); Certificate[] certChain = new Certificate[1]; certChain[0] = (Certificate) cert1; ks.setKeyEntry("identity", (Key)companyKeypair.getPrivate(), ksPass, certChain); |
call below method as shown above.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey,X500Name issuer,X500Name subject) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException { Calendar startDate = Calendar.getInstance(); Calendar endDate = Calendar.getInstance(); endDate.add(Calendar.DAY_OF_YEAR, 10); BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis())); JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), subject, kp.getPublic()); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic())); certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority)); certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey)); if (isCertAuthority) { certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign)); } X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder("MD5withRSA").build(signerPrivateKey)); return new X509CertificateObject(cert.toASN1Structure()); } |