void generatePrivateKey() { String alias = new String("private"); try { CertAndKeyGen gen = new CertAndKeyGen("RSA","SHA1WithRSA"); gen.generate(1024); privateKey = gen.getPrivateKey(); X509Certificate cert=gen.getSelfCertificate(new X500Name("CN=ROOT"), startDate, (long)30*24*3600); chain = new X509Certificate[1]; chain[0] = cert; store.setKeyEntry(alias, privateKey, password, chain); } catch (Exception e) { e.printStackTrace(); } }
/** * Generate X509 certificate for given KeyStore * @param keystore the keystore in which to store certificate * @param cn The server URL or IP * @param adminMail Administrator mail showed in certificate * @param pwd keystore password (also used for keyentry password) * @throws Exception */ public static void generateKeyFor(KeyStore keystore, String cn,String adminMail,String pwd) throws Exception{ CertAndKeyGen cakg = new CertAndKeyGen("DSA", "SHAwithDSA"); cakg.generate(KEYLENGTH); X500Name name = new X500Name( cn, //common name of a person, e.g. "Vivette Davis" System.getProperty("user.name"),//organizationUnit - small organization name, e.g. "Purchasing" "GreasySpoon",//organizationName - large organization name, e.g. "Onizuka, Inc." "Somewhere over",//localityName - locality (city) name, e.g. "Palo Alto" "Internet",//stateName - state name, e.g. "California" System.getProperty("user.country") //country - two letter country code, e.g. "CH" ); X509Certificate certificate = cakg.getSelfCertificate(name,VALIDITYINDAYS*86400); certificate.checkValidity(); //Add certificate to keystore keystore.setCertificateEntry("gs-ssl", certificate); java.security.cert.Certificate[] certs = {certificate}; keystore.setKeyEntry("gs-ssl", cakg.getPrivateKey(), pwd.toCharArray(),certs); }
public static void main(String[] args) throws Exception { byte[] data = "Hello".getBytes(); X500Name n = new X500Name("cn=Me"); CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA"); cakg.generate(1024); X509Certificate cert = cakg.getSelfCertificate(n, 1000); MessageDigest md = MessageDigest.getInstance("SHA-256"); PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{ new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)), }); Signature s = Signature.getInstance("SHA256withRSA"); s.initSign(cakg.getPrivateKey()); s.update(authed.getDerEncoding()); byte[] sig = s.sign(); SignerInfo signerInfo = new SignerInfo( n, cert.getSerialNumber(), AlgorithmId.get("SHA-256"), authed, AlgorithmId.get("SHA256withRSA"), sig, null ); PKCS7 pkcs7 = new PKCS7( new AlgorithmId[] {signerInfo.getDigestAlgorithmId()}, new ContentInfo(data), new X509Certificate[] {cert}, new SignerInfo[] {signerInfo}); if (pkcs7.verify(signerInfo, data) == null) { throw new Exception("Not verified"); } }
private void doGenKeyPair(String s, String s1, String s2, int i, String s3) throws Exception { if(s == null) s = keyAlias; if(keyStore.containsAlias(s)) { MessageFormat messageformat = new MessageFormat(rb.getString("Key pair not generated, alias <alias> already exists")); Object aobj[] = { s }; throw new Exception(messageformat.format(((Object) (aobj)))); } if(s3 == null) if(s2.equalsIgnoreCase("DSA")) s3 = "SHA1WithDSA"; else if(s2.equalsIgnoreCase("RSA")) s3 = "MD5WithRSA"; else throw new Exception(rb.getString("Cannot derive signature algorithm")); CertAndKeyGen certandkeygen = new CertAndKeyGen(s2, s3, providerName); X500Name x500name; if(s1 == null) x500name = getX500Name(); else x500name = new X500Name(s1); if(verbose) { MessageFormat messageformat1 = new MessageFormat(rb.getString("Generating keysize bit keyAlgName key pair and self-signed certificate (sigAlgName)\n\tfor: x500Name")); Object aobj1[] = { new Integer(i), s2, s3, x500name }; System.err.println(messageformat1.format(((Object) (aobj1)))); } certandkeygen.generate(i); PrivateKey privatekey = certandkeygen.getPrivateKey(); X509Certificate ax509certificate[] = new X509Certificate[1]; ax509certificate[0] = certandkeygen.getSelfCertificate(x500name, validity * 24L * 60L * 60L); if(!token && keyPass == null) { int j; for(j = 0; j < 3 && keyPass == null; j++) { MessageFormat messageformat2 = new MessageFormat(rb.getString("Enter key password for <alias>")); Object aobj2[] = { s }; System.err.println(messageformat2.format(((Object) (aobj2)))); System.err.print(rb.getString("\t(RETURN if same as keystore password): ")); System.err.flush(); keyPass = Password.readPassword(System.in); if(keyPass == null) { keyPass = storePass; continue; } if(keyPass.length < 6) { System.err.println(rb.getString("Key password is too short - must be at least 6 characters")); keyPass = null; } } if(j == 3) throw new Exception(rb.getString("Too many failures - key not added to keystore")); } keyStore.setKeyEntry(s, privatekey, keyPass, ax509certificate); }
