Package org.bouncycastle.x509

Examples of org.bouncycastle.x509.X509V3CertificateGenerator

239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
    order.addElement(X509Name.EmailAddress);

    //
    // create the certificate - version 3
    //
    final X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
    v3CertGen.reset();

    v3CertGen
            .setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    v3CertGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60
            * 60 * 24 * 30));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 100
            * (1000L * 60 * 60 * 24 * 30)));
    v3CertGen.setSubjectDN(new X509Principal(order, attrs));
    v3CertGen.setPublicKey(pubKey);
    v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

    //
    // add the extensions
    //
    v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(pubKey));

    v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));

    v3CertGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(0));

    // X509Certificate cert = v3CertGen.generateX509Certificate(caPrivKey);
    final X509Certificate cert = v3CertGen.generate(caPriKey, "BC");
    cert.checkValidity(new Date());
    cert.verify(caCert.getPublicKey());

    // cert.verify(caCert.getPublicKey());
    // cert.getEncoded();
View Full Code Here
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
   * see: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation
   *
   * @throws Exception
   */
  public void generate() throws Exception {
    X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();

    certGenerator.reset();

/*
    Sets up the subject distinguished name.
    The issuer should be the same for all self signed CAs as this then allows selection of acceptable certificates
    by the server
*/
    certGenerator.setIssuerDN(new X509Name(BouncyKeygenService.issuer));


    Vector<DERObjectIdentifier> subjectDnOids = new Vector<DERObjectIdentifier>();
    Vector<String> subjectDnValues = new Vector<String>();

    subjectDnOids.add(X509Name.O);
    subjectDnValues.add("FOAF+SSL");
    subjectDnOids.add(X509Name.OU);
    subjectDnValues.add("The Community Of Self Signers");

    //DNs have to be unique, so we put a webID here. The first one
    String webId = sans.getFirst();
    subjectDnOids.add(X509Name.UID);

    subjectDnValues.add(webId);
    subjectDnOids.add(X509Name.CN);
    subjectDnValues.add(CN);

    X509Name DName = new X509Name(subjectDnOids, subjectDnValues);
    certGenerator.setSubjectDN(DName);

/*
    Sets up the validity dates.
*/
    certGenerator.setNotBefore(getStartDate());
    certGenerator.setNotAfter(getEndDate());

/*
    set a random number for the serial number
*/
    certGenerator.setSerialNumber(service.nextRandom());

/*
      Sets the public-key to embed in this certificate.
*/
    certGenerator.setPublicKey(getSubjectPublicKey().getPublicKey());

    /*
          * Sets the signature algorithm.
          */
//        String pubKeyAlgorithm = service.caPubKey.getAlgorithm();
//        if (pubKeyAlgorithm.equals("DSA")) {
//            certGenerator.setSignatureAlgorithm("SHA1WithDSA");
//        } else if (pubKeyAlgorithm.equals("RSA")) {
    certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
//        } else {
//            RuntimeException re = new RuntimeException(
//                    "Algorithm not recognised: " + pubKeyAlgorithm);
//            LOGGER.error(re.getMessage(), re);
//            throw re;
//        }

/*
     Adds the Basic Constraint (CA: false) extension.
*/
    certGenerator.addExtension(X509Extension.basicConstraints, true,
        new BasicConstraints(false));

/*
    Adds the Key Usage extension.
*/
    certGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(
        KeyUsage.digitalSignature | KeyUsage.nonRepudiation
            | KeyUsage.keyEncipherment | KeyUsage.keyAgreement
            | KeyUsage.keyCertSign));

/*
      Adds the Netscape certificate type extension.
      sslClient: the certificate is selectable by the client
      the certificate can be used for mime encryption.
      (perhaps the above should be settable. It is not clear that most certs should be used that way, as their life
    span could be very short)
*/
    certGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
        false, new NetscapeCertType(NetscapeCertType.sslClient
            | NetscapeCertType.smime));

    /*
          * Adds the authority key identifier extension.
          * Bruno pointed out that this is not needed, as the authority's key is never checked in this setup!
          * so I am commenting it out, to be removed at a later date.
          *

        AuthorityKeyIdentifierStructure authorityKeyIdentifier;
        try {
            authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(
                service.certificate.getPublicKey());
        } catch (InvalidKeyException e) {
            throw new Exception("failed to parse CA cert. This should never happen", e);
        }

        certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier,
               false, authorityKeyIdentifier);
        */

/*
    Adds the subject key identifier extension.
*/
    SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(
        getSubjectPublicKey().getPublicKey());
    certGenerator.addExtension(X509Extension.subjectKeyIdentifier, false,
        subjectKeyIdentifier);

/*
    Adds the subject alternative-name extension (critical).
*/
    if (sans.size() == 0) {
      throw new Exception("WebId not set!");
    }
    if (sans.size() == 1) {
      GeneralNames subjectAltNames = new GeneralNames(new GeneralName(
          GeneralName.uniformResourceIdentifier, webId));

      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, subjectAltNames);
    } else {
      // BouncyCastle has a pretty inflexible API. It would have made more sense to just
      // pass an array of Names to the constructor.
      GeneralName[] names = new GeneralName[sans.size()];
      Iterator<String> sanIt = sans.iterator();
      int i = 0;
      while (sanIt.hasNext()) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, sanIt.next());
        i++;
      }
      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, new DERSequence(names));

    }

/*
    Creates and sign this certificate with the private key corresponding
    to the public key of the FOAF+SSL DN
*/
    cert = certGenerator.generate(service.privateKey);

/*
    Checks that this certificate has indeed been correctly signed.
*/
    cert.verify(service.certificate.getPublicKey());
 
View Full Code Here
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
      CertificateNotYetValidException,
      CertificateException,
      NoSuchAlgorithmException,
      NoSuchProviderException
  {
    X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
       
    v3CertGen.setSubjectDN(new X500Principal(subject));
    v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO);
    v3CertGen.setPublicKey(newPubKey);
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 30L * 60 * 60 * 24 * 30 * 12));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30 *12));
    v3CertGen.setIssuerDN(caCert.getSubjectX500Principal());
   
    // Firefox actually tracks serial numbers within a CA and refuses to validate if it sees duplicates
    // This is not a secure serial number generator, (duh!) but it's good enough for our purposes.
    v3CertGen.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));

    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(false) );
   
    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(newPubKey));
   
   
    v3CertGen.addExtension(
        X509Extensions.AuthorityKeyIdentifier,
        false,
        new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));

//     Firefox 2 disallows these extensions in an SSL server cert.  IE7 doesn't care.
//    v3CertGen.addExtension(
//        X509Extensions.KeyUsage,
//        false,
//        new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature ) );
   
   
    DEREncodableVector typicalSSLServerExtendedKeyUsages = new DEREncodableVector();
   
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.clientAuth));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.netscapeServerGatedCrypto));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.msServerGatedCrypto));
   
    v3CertGen.addExtension(
        X509Extensions.ExtendedKeyUsage,
        false,
        new DERSequence(typicalSSLServerExtendedKeyUsages));
 
//  Disabled by default.  Left in comments in case this is desired.
//
//    v3CertGen.addExtension(
//        X509Extensions.AuthorityInfoAccess,
//        false,
//        new AuthorityInformationAccess(new DERObjectIdentifier(OID_ID_AD_CAISSUERS),
//            new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + subject + "/aia")));
   
//    v3CertGen.addExtension(
//        X509Extensions.CRLDistributionPoints,
//        false,
//        new CRLDistPoint(new DistributionPoint[] {}));
   
   
   
    X509Certificate cert = v3CertGen.generate(caPrivateKey, "BC");
   
    return cert;
  }
View Full Code Here
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
    if(criticalCustomExtensions == null)
    {
      criticalCustomExtensions = new HashMap<String, DEREncodable>();
    }
   
    X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
   
    v3CertGen.setSubjectDN(originalCert.getSubjectX500Principal());
    v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO); // needs to be the same as the signing cert, not the copied cert
    v3CertGen.setPublicKey(newPubKey);
    v3CertGen.setNotAfter(originalCert.getNotAfter());
    v3CertGen.setNotBefore(originalCert.getNotBefore());
    v3CertGen.setIssuerDN(caCert.getSubjectX500Principal());
    v3CertGen.setSerialNumber(originalCert.getSerialNumber());
   
    // copy other extensions:
    Set<String> critExts = originalCert.getCriticalExtensionOIDs();
   
    // get extensions returns null, not an empty set!
    if(critExts != null) {
      for (String oid : critExts) {
        if(!clientCertOidsNeverToCopy.contains(oid)
            && !extensionOidsNotToCopy.contains(oid)
            && !criticalCustomExtensions.containsKey(oid)) {
          v3CertGen.copyAndAddExtension(new DERObjectIdentifier(oid), true, originalCert);
        }
      }
    }
    Set<String> nonCritExs = originalCert.getNonCriticalExtensionOIDs();

    if(nonCritExs != null) {
      for(String oid: nonCritExs) {

        if(!clientCertOidsNeverToCopy.contains(oid)
            && !extensionOidsNotToCopy.contains(oid)
            && !noncriticalCustomExtensions.containsKey(oid)){
          v3CertGen.copyAndAddExtension(new DERObjectIdentifier(oid), false, originalCert);
        }
      }
    }

    for(Map.Entry<String, DEREncodable> customExtension: criticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), true, customExtension.getValue());
    }
   
    for(Map.Entry<String, DEREncodable> customExtension: noncriticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), false, customExtension.getValue());
    }
   
    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(newPubKey));
   
   
    v3CertGen.addExtension(
        X509Extensions.AuthorityKeyIdentifier,
        false,
        new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
   
    X509Certificate cert = v3CertGen.generate(caPrivateKey, "BC");
   
    // For debugging purposes.
    //cert.checkValidity(new Date());
    //cert.verify(caCert.getPublicKey());
   
View Full Code Here
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
   */
  public static X509Certificate createTypicalMasterCert(final KeyPair keyPair)
  throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException
  {
   
    X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
   
    X509Principal issuer=new X509Principal("O=CyberVillians.com,OU=CyberVillians Certification Authority,C=US");
   
    // Create
    v3CertGen.setSerialNumber(BigInteger.valueOf(1));
    v3CertGen.setIssuerDN(issuer);
    v3CertGen.setSubjectDN(issuer);
   
    //Set validity period
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 12 /* months */ *(1000L * 60 * 60 * 24 * 30)));
    v3CertGen.setNotAfter (new Date(System.currentTimeMillis() + 12 /* months */ *(1000L * 60 * 60 * 24 * 30)));
   
    //Set signature algorithm & public key
    v3CertGen.setPublicKey(keyPair.getPublic());
    v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO);
   
    // Add typical extensions for signing cert
    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(keyPair.getPublic()));
   
    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(0));
   
    v3CertGen.addExtension(
        X509Extensions.KeyUsage,
        false,
        new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign) );
   
    DEREncodableVector typicalCAExtendedKeyUsages = new DEREncodableVector();
   
    typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
    typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning));
    typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown));
   
    v3CertGen.addExtension(
        X509Extensions.ExtendedKeyUsage,
        false,
        new DERSequence(typicalCAExtendedKeyUsages));
   
    X509Certificate cert = v3CertGen.generate(keyPair.getPrivate(), "BC");
   
    cert.checkValidity(new Date());
   
    cert.verify(keyPair.getPublic());
   
View Full Code Here
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
        //

        //
        // create the certificate - version 3
        //
        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X509Principal(attrs));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal(attrs));
        certGen.setPublicKey(pubKey);
        certGen.setSignatureAlgorithm("SHA1withDSA");

        try
        {
            X509Certificate cert = certGen.generateX509Certificate(privKey);

            cert.checkValidity(new Date());

            cert.verify(pubKey);
View Full Code Here
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
        }

        //
        // create the certificate - version 3
        //
        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X509Principal(order, attrs));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal(order, attrs));
        certGen.setPublicKey(pubKey);
        certGen.setSignatureAlgorithm("ECDSAwithSHA1");

        try
        {
            X509Certificate cert = certGen.generateX509Certificate(privKey);

            cert.checkValidity(new Date());

            cert.verify(pubKey);

            ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
            CertificateFactory      fact = CertificateFactory.getInstance("X.509", "BC");

            cert = (X509Certificate)fact.generateCertificate(bIn);

            //
            // try with point compression turned off
            //
            ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
           
            certGen.setPublicKey(pubKey);
           
            cert = certGen.generateX509Certificate(privKey);

            cert.checkValidity(new Date());

            cert.verify(pubKey);
View Full Code Here
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
        //

        //
        // create the certificate - version 3
        //
        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X509Principal(attrs));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal(attrs));
        certGen.setPublicKey(pubKey);
        certGen.setSignatureAlgorithm("GOST3411withGOST3410");

        X509Certificate cert = certGen.generateX509Certificate(privKey);

        cert.checkValidity(new Date());

        //
        // check verifies in general
View Full Code Here
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
        values.addElement("feedback-crypto@bouncycastle.org");
   
        //
        // create base certificate - version 3
        //
        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
   
        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X509Principal(attrs));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal(attrs));
        certGen.setPublicKey(pubKey);
        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
        certGen.addExtension("2.5.29.15", true,
            new X509KeyUsage(X509KeyUsage.encipherOnly));
        certGen.addExtension("2.5.29.37", true,
            new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
        certGen.addExtension("2.5.29.17", true,
            new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
   
        X509Certificate baseCert = certGen.generateX509Certificate(privKey);
       
        //
        // copy certificate
        //
        certGen = new X509V3CertificateGenerator();
       
        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X509Principal(attrs));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal(attrs));
        certGen.setPublicKey(pubKey);
        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");

        certGen.copyAndAddExtension(new DERObjectIdentifier("2.5.29.15"), true, baseCert);
        certGen.copyAndAddExtension("2.5.29.37", false, baseCert);
       
        X509Certificate cert = certGen.generateX509Certificate(privKey);
       
        cert.checkValidity(new Date());
   
        cert.verify(pubKey);
   
        if (!areEqual(baseCert.getExtensionValue("2.5.29.15"), cert.getExtensionValue("2.5.29.15")))
        {
            fail("2.5.29.15 differs");
        }
       
        if (!areEqual(baseCert.getExtensionValue("2.5.29.37"), cert.getExtensionValue("2.5.29.37")))
        {
            fail("2.5.29.37 differs");
        }
       
        //
        // exception test
        //
        try
        {
            certGen.copyAndAddExtension("2.5.99.99", true, baseCert);
           
            fail("exception not thrown on dud extension copy");
        }
        catch (CertificateParsingException e)
        {
View Full Code Here
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
    }
   
    public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
        throws Exception
    {
        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
        certGen.setPublicKey(intKey);
        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
   
        certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
        certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
        certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

        return certGen.generateX509Certificate(caKey, "BC");
    }
View Full Code Here
TOP

Related Classes of org.bouncycastle.x509.X509V3CertificateGenerator

  • com.drighetto.essai.bouncycastle.certificate.CertificateGenerator
  • cybervillains.ca.CertificateCreator
  • org.bouncycastle.asn1.ASN1Encodable
  • org.bouncycastle.asn1.ASN1EncodableVector
  • org.bouncycastle.asn1.ASN1GeneralizedTime
  • org.bouncycastle.asn1.ASN1InputStream
  • org.bouncycastle.asn1.ASN1Integer
  • org.bouncycastle.asn1.ASN1ObjectIdentifier
  • org.bouncycastle.asn1.ASN1Primitive
  • org.bouncycastle.asn1.ASN1Sequence
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.