Geek Answers Handbook

Creating an X509 Certificate Using Bouncy Castle Java

I am looking for an example or tutorial for generating X509 certificates using BC in Java.

Many examples of using / using legacy APIs. I looked at BC, but it does not show which class does what or not the proper documentation / example does.

Please, if you have an idea about this, give me a tutorial in which I can use BC to create X509 certificates. [Generation and recording of public and private keys in files]

+8
java cryptography x509certificate bouncycastle
source share
2 answers

X509v3CertificateBuilder seems to be a class. There are several examples of using the new API on the bouncycastle wiki site .

+6
source share

Creating KeyPairGenerator:

private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier, int bitCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator kpg = KeyPairGenerator.getInstance( algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME); kpg.initialize(bitCount); return kpg; }

Creating keyPair:

 private KeyPair createKeyPair(String encryptionType, int byteCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount); KeyPair keyPair = keyPairGenerator.genKeyPair(); return keyPair; } KeyPair keyPair = createKeyPair("RSA", 4096);

Converting things to PEM (can be written to a file):

  private String convertCertificateToPEM(X509Certificate signedCertificate) throws IOException { StringWriter signedCertificatePEMDataStringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(signedCertificatePEMDataStringWriter); pemWriter.writeObject(signedCertificate); pemWriter.close(); return signedCertificatePEMDataStringWriter.toString(); }

Creating an X509 Certificate:

 X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( serverCertificate, new BigInteger("1"), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 30L * 365L * 24L * 60L * 60L * 1000L), jcaPKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey() /*).addExtension( new ASN1ObjectIdentifier("2.5.29.35"), false, new AuthorityKeyIdentifier(keyPair.getPublic().getEncoded())*/ ).addExtension( new ASN1ObjectIdentifier("2.5.29.19"), false, new BasicConstraints(false) // true if it is allowed to sign other certs ).addExtension( new ASN1ObjectIdentifier("2.5.29.15"), true, new X509KeyUsage( X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));

Conclusion:

  ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(signingKeyPair.getPrivate()); X509CertificateHolder x509CertificateHolder = certificateBuilder.build(sigGen); org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure = x509CertificateHolder.toASN1Structure(); return eeX509CertificateStructure; } private X509Certificate readCertificateFromASN1Certificate( org.spongycastle.asn1.x509.Certificate eeX509CertificateStructure, CertificateFactory certificateFactory) throws IOException, CertificateException { // // Read Certificate InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); X509Certificate signedCertificate = (X509Certificate) certificateFactory.generateCertificate(is1); return signedCertificate; }

CertificateFactory:

  certificateFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+7
source share

More articles:


All Articles