1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
/**
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.security.wycheproof;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
/** Certificate utilities */
public class CertificateUtil {
public static X509Certificate createCertificate(
KeyPair keyPair, X500Principal subject, X500Principal issuer)
throws OperatorCreationException, CertificateException, IOException {
// Make the certificate valid for two days.
long millisPerDay = 24 * 60 * 60 * 1000;
long now = System.currentTimeMillis();
Date start = new Date(now - millisPerDay);
Date end = new Date(now + millisPerDay);
// Assign a random serial number.
byte[] serialBytes = new byte[16];
new SecureRandom().nextBytes(serialBytes);
BigInteger serialNumber = new BigInteger(1, serialBytes);
// Create the certificate builder
X509v3CertificateBuilder x509cg =
new X509v3CertificateBuilder(
X500Name.getInstance(issuer.getEncoded()),
serialNumber,
start,
end,
X500Name.getInstance(subject.getEncoded()),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
// Choose a signature algorithm matching the key format.
String keyAlgorithm = keyPair.getPrivate().getAlgorithm();
String signatureAlgorithm;
if (keyAlgorithm.equals("RSA")) {
signatureAlgorithm = "SHA256withRSA";
} else if (keyAlgorithm.equals("EC")) {
signatureAlgorithm = "SHA256withECDSA";
} else {
throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
}
// Sign the certificate and generate it.
X509CertificateHolder x509holder =
x509cg.build(
new JcaContentSignerBuilder(signatureAlgorithm)
.build(keyPair.getPrivate()));
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate x509c =
(X509Certificate)
certFactory.generateCertificate(
new ByteArrayInputStream(x509holder.getEncoded()));
return x509c;
}
}
|
