Search in sources :

Example 1 with KeyPairUtils.createKeyPair

use of org.shredzone.acme4j.util.KeyPairUtils.createKeyPair in project carapaceproxy by diennea.

the class CertificatesTestUtils method generateSampleChain.

public static Certificate[] generateSampleChain(KeyPair endUserKeypair, boolean expired) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    // Create self signed Root CA certificate
    KeyPair rootCAKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// issuer authority
    new X500Name("CN=rootCA"), // serial number of certificate
    BigInteger.valueOf(new Random().nextInt()), // start of validity
    new Date(), // end of certificate validity
    new Date(), // subject name of certificate
    new X500Name("CN=rootCA"), rootCAKeyPair.getPublic());
    // public key of certificate
    // Key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    // Root certificate
    X509Certificate rootCA = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is self signed
    rootCAKeyPair.getPrivate())));
    // Create Intermediate CA cert signed by Root CA
    KeyPair intermedCAKeyPair = createKeyPair(DEFAULT_KEYPAIRS_SIZE);
    builder = new JcaX509v3CertificateBuilder(// here rootCA is issuer authority
    rootCA, BigInteger.valueOf(new Random().nextInt()), new Date(), new Date(), new X500Name("CN=IntermedCA"), intermedCAKeyPair.getPublic());
    // Key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    // Intermediate certificate
    X509Certificate intermediateCA = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is signed by rootCA
    rootCAKeyPair.getPrivate())));
    // create end user cert signed by Intermediate CA
    // yesterday/tomorrow
    int offset = 1000 * 60 * 60 * 24;
    Date expiringDate = new Date(System.currentTimeMillis() + (expired ? -offset : +offset));
    builder = new JcaX509v3CertificateBuilder(// here intermedCA is issuer authority
    intermediateCA, BigInteger.valueOf(new Random().nextInt()), new Date(System.currentTimeMillis() - offset), expiringDate, new X500Name("CN=endUserCert"), endUserKeypair.getPublic());
    // Key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
    // End-user certificate
    X509Certificate endUserCert = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is signed by intermedCA
    intermedCAKeyPair.getPrivate())));
    return new X509Certificate[] { endUserCert, intermediateCA, rootCA };
}
Also used : KeyPair(java.security.KeyPair) KeyPairUtils.createKeyPair(org.shredzone.acme4j.util.KeyPairUtils.createKeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) Random(java.util.Random) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 2 with KeyPairUtils.createKeyPair

use of org.shredzone.acme4j.util.KeyPairUtils.createKeyPair in project carapaceproxy by diennea.

the class CertificatesTestUtils method generateSampleChainData.

public static byte[] generateSampleChainData() throws Exception {
    KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
    Certificate[] originalChain = generateSampleChain(endUserKeyPair, false);
    return createKeystore(originalChain, endUserKeyPair.getPrivate());
}
Also used : KeyPair(java.security.KeyPair) KeyPairUtils.createKeyPair(org.shredzone.acme4j.util.KeyPairUtils.createKeyPair) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

KeyPair (java.security.KeyPair)2 X509Certificate (java.security.cert.X509Certificate)2 KeyPairUtils.createKeyPair (org.shredzone.acme4j.util.KeyPairUtils.createKeyPair)2 Certificate (java.security.cert.Certificate)1 Date (java.util.Date)1 Random (java.util.Random)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)1 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)1 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)1 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)1