| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.felix.deploymentadmin.itest.util; |
| |
| import java.math.BigInteger; |
| import java.security.KeyPair; |
| import java.security.KeyPairGenerator; |
| import java.security.PrivateKey; |
| import java.security.PublicKey; |
| import java.security.cert.X509Certificate; |
| import java.util.Date; |
| import java.util.Random; |
| |
| import org.bouncycastle.asn1.ASN1InputStream; |
| import org.bouncycastle.asn1.DEROctetString; |
| import org.bouncycastle.asn1.x500.X500Name; |
| import org.bouncycastle.asn1.x509.BasicConstraints; |
| import org.bouncycastle.asn1.x509.Extension; |
| import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; |
| import org.bouncycastle.cert.X509CertificateHolder; |
| import org.bouncycastle.cert.X509v3CertificateBuilder; |
| import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; |
| import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; |
| |
| /** |
| * @author <a href="mailto:dev@felix.apache.org">Felix Project Team</a> |
| */ |
| public class CertificateUtil { |
| |
| public enum KeyType { |
| RSA, DSA, EC; |
| } |
| |
| public static class SignerInfo { |
| private final KeyPair m_keyPair; |
| private final X509Certificate m_cert; |
| |
| public SignerInfo(KeyPair keyPair, X509Certificate cert) { |
| m_keyPair = keyPair; |
| m_cert = cert; |
| } |
| |
| public X509Certificate getCert() { |
| return m_cert; |
| } |
| |
| public PrivateKey getPrivate() { |
| return m_keyPair.getPrivate(); |
| } |
| |
| public PublicKey getPublic() { |
| return m_keyPair.getPublic(); |
| } |
| } |
| |
| public static SignerInfo createSelfSignedCert(String commonName, KeyType type) throws Exception { |
| KeyPairGenerator kpGen; |
| switch (type) { |
| case RSA: |
| kpGen = KeyPairGenerator.getInstance("RSA"); |
| kpGen.initialize(1024); |
| break; |
| case DSA: |
| kpGen = KeyPairGenerator.getInstance("DSA"); |
| break; |
| case EC: |
| kpGen = KeyPairGenerator.getInstance("EC"); |
| break; |
| default: |
| throw new IllegalArgumentException("Invalid key type!"); |
| } |
| |
| KeyPair keyPair = kpGen.generateKeyPair(); |
| X509Certificate cert = createSelfSignedCert(commonName, keyPair); |
| |
| return new SignerInfo(keyPair, cert); |
| } |
| |
| private static X509Certificate createSelfSignedCert(String commonName, KeyPair keypair) throws Exception { |
| PublicKey publicKey = keypair.getPublic(); |
| String keyAlg = DPSigner.getSignatureAlgorithm(publicKey); |
| |
| X500Name issuer = new X500Name(commonName); |
| BigInteger serial = BigInteger.probablePrime(16, new Random()); |
| Date notBefore = new Date(System.currentTimeMillis() - 1000); |
| Date notAfter = new Date(notBefore.getTime() + 6000); |
| |
| SubjectPublicKeyInfo pubKeyInfo; |
| try (ASN1InputStream is = new ASN1InputStream(publicKey.getEncoded())) { |
| pubKeyInfo = SubjectPublicKeyInfo.getInstance(is.readObject()); |
| } |
| |
| X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo); |
| builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(false)))); |
| |
| X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(keyAlg).build(keypair.getPrivate())); |
| return new JcaX509CertificateConverter().getCertificate(certHolder); |
| } |
| |
| /** |
| * Creates a new CertificateUtil instance. |
| */ |
| private CertificateUtil() { |
| // Nop |
| } |
| |
| } |