use of org.shredzone.acme4j.util.KeyPairUtils.createKeyPair in project carapaceproxy by diennea.
the class CertificatesTestUtils method generateSampleChain.
public static Certificate[] generateSampleChain(KeyPair endUserKeypair, boolean expired) throws Exception {
Security.addProvider(new BouncyCastleProvider());
// Create self signed Root CA certificate
KeyPair rootCAKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// issuer authority
new X500Name("CN=rootCA"), // serial number of certificate
BigInteger.valueOf(new Random().nextInt()), // start of validity
new Date(), // end of certificate validity
new Date(), // subject name of certificate
new X500Name("CN=rootCA"), rootCAKeyPair.getPublic());
// public key of certificate
// Key usage restrictions
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
// Root certificate
X509Certificate rootCA = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is self signed
rootCAKeyPair.getPrivate())));
// Create Intermediate CA cert signed by Root CA
KeyPair intermedCAKeyPair = createKeyPair(DEFAULT_KEYPAIRS_SIZE);
builder = new JcaX509v3CertificateBuilder(// here rootCA is issuer authority
rootCA, BigInteger.valueOf(new Random().nextInt()), new Date(), new Date(), new X500Name("CN=IntermedCA"), intermedCAKeyPair.getPublic());
// Key usage restrictions
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
// Intermediate certificate
X509Certificate intermediateCA = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is signed by rootCA
rootCAKeyPair.getPrivate())));
// create end user cert signed by Intermediate CA
// yesterday/tomorrow
int offset = 1000 * 60 * 60 * 24;
Date expiringDate = new Date(System.currentTimeMillis() + (expired ? -offset : +offset));
builder = new JcaX509v3CertificateBuilder(// here intermedCA is issuer authority
intermediateCA, BigInteger.valueOf(new Random().nextInt()), new Date(System.currentTimeMillis() - offset), expiringDate, new X500Name("CN=endUserCert"), endUserKeypair.getPublic());
// Key usage restrictions
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
// End-user certificate
X509Certificate endUserCert = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(// private key of signing authority , here it is signed by intermedCA
intermedCAKeyPair.getPrivate())));
return new X509Certificate[] { endUserCert, intermediateCA, rootCA };
}
use of org.shredzone.acme4j.util.KeyPairUtils.createKeyPair in project carapaceproxy by diennea.
the class CertificatesTestUtils method generateSampleChainData.
public static byte[] generateSampleChainData() throws Exception {
KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
Certificate[] originalChain = generateSampleChain(endUserKeyPair, false);
return createKeystore(originalChain, endUserKeyPair.getPrivate());
}
Aggregations