KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > util > jce > X509V1CertificateGenerator


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17
18 package org.apache.geronimo.util.jce;
19
20 import java.io.ByteArrayInputStream JavaDoc;
21 import java.io.ByteArrayOutputStream JavaDoc;
22 import java.math.BigInteger JavaDoc;
23 import java.security.InvalidKeyException JavaDoc;
24 import java.security.NoSuchAlgorithmException JavaDoc;
25 import java.security.NoSuchProviderException JavaDoc;
26 import java.security.PrivateKey JavaDoc;
27 import java.security.PublicKey JavaDoc;
28 import java.security.SecureRandom JavaDoc;
29 import java.security.Signature JavaDoc;
30 import java.security.SignatureException JavaDoc;
31 import java.security.cert.X509Certificate JavaDoc;
32 import java.util.Date JavaDoc;
33 import java.util.Hashtable JavaDoc;
34
35 import org.apache.geronimo.util.asn1.ASN1EncodableVector;
36 import org.apache.geronimo.util.asn1.ASN1InputStream;
37 import org.apache.geronimo.util.asn1.ASN1Sequence;
38 import org.apache.geronimo.util.asn1.DERBitString;
39 import org.apache.geronimo.util.asn1.DERInteger;
40 import org.apache.geronimo.util.asn1.DERNull;
41 import org.apache.geronimo.util.asn1.DERObjectIdentifier;
42 import org.apache.geronimo.util.asn1.DEROutputStream;
43 import org.apache.geronimo.util.asn1.DERSequence;
44 import org.apache.geronimo.util.asn1.x509.AlgorithmIdentifier;
45 import org.apache.geronimo.util.asn1.x509.SubjectPublicKeyInfo;
46 import org.apache.geronimo.util.asn1.x509.TBSCertificateStructure;
47 import org.apache.geronimo.util.asn1.x509.Time;
48 import org.apache.geronimo.util.asn1.x509.V1TBSCertificateGenerator;
49 import org.apache.geronimo.util.asn1.x509.X509CertificateStructure;
50 import org.apache.geronimo.util.asn1.x509.X509Name;
51 import org.apache.geronimo.util.jce.provider.X509CertificateObject;
52
53 /**
54  * class to produce an X.509 Version 1 certificate.
55  *
56  * @deprecated use the equivalent class in org.apache.geronimo.util.x509
57  */
58 public class X509V1CertificateGenerator
59 {
60     private V1TBSCertificateGenerator tbsGen;
61     private DERObjectIdentifier sigOID;
62     private AlgorithmIdentifier sigAlgId;
63     private String JavaDoc signatureAlgorithm;
64
65     private static Hashtable JavaDoc algorithms = new Hashtable JavaDoc();
66
67     static
68     {
69         algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
70         algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
71         algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
72         algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
73         algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
74         algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
75         algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
76         algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
77         algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
78         algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
79         algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
80         algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
81     }
82
83     public X509V1CertificateGenerator()
84     {
85         tbsGen = new V1TBSCertificateGenerator();
86     }
87
88     /**
89      * reset the generator
90      */
91     public void reset()
92     {
93         tbsGen = new V1TBSCertificateGenerator();
94     }
95
96     /**
97      * set the serial number for the certificate.
98      */
99     public void setSerialNumber(
100         BigInteger JavaDoc serialNumber)
101     {
102         tbsGen.setSerialNumber(new DERInteger(serialNumber));
103     }
104
105     /**
106      * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
107      * certificate.
108      */
109     public void setIssuerDN(
110         X509Name issuer)
111     {
112         tbsGen.setIssuer(issuer);
113     }
114
115     public void setNotBefore(
116         Date JavaDoc date)
117     {
118         tbsGen.setStartDate(new Time(date));
119     }
120
121     public void setNotAfter(
122         Date JavaDoc date)
123     {
124         tbsGen.setEndDate(new Time(date));
125     }
126
127     /**
128      * Set the subject distinguished name. The subject describes the entity associated with the public key.
129      */
130     public void setSubjectDN(
131         X509Name subject)
132     {
133         tbsGen.setSubject(subject);
134     }
135
136     public void setPublicKey(
137         PublicKey JavaDoc key)
138     {
139         try
140         {
141             tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
142                                 new ByteArrayInputStream JavaDoc(key.getEncoded())).readObject()));
143         }
144         catch (Exception JavaDoc e)
145         {
146             throw new IllegalArgumentException JavaDoc("unable to process key - " + e.toString());
147         }
148     }
149
150     public void setSignatureAlgorithm(
151         String JavaDoc signatureAlgorithm)
152     {
153         this.signatureAlgorithm = signatureAlgorithm;
154
155         sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
156
157         if (sigOID == null)
158         {
159             throw new IllegalArgumentException JavaDoc("Unknown signature type requested");
160         }
161
162         sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());
163
164         tbsGen.setSignature(sigAlgId);
165     }
166
167     /**
168      * generate an X509 certificate, based on the current issuer and subject
169      * using the default provider "BC".
170      */
171     public X509Certificate JavaDoc generateX509Certificate(
172         PrivateKey JavaDoc key)
173         throws SecurityException JavaDoc, SignatureException JavaDoc, InvalidKeyException JavaDoc
174     {
175         try
176         {
177             return generateX509Certificate(key, null, null);
178         }
179         catch (NoSuchProviderException JavaDoc e)
180         {
181             throw new SecurityException JavaDoc("JCE provider not installed!");
182         }
183     }
184
185     /**
186      * generate an X509 certificate, based on the current issuer and subject
187      * using the default provider and the passed in source of randomness
188      */
189     public X509Certificate JavaDoc generateX509Certificate(
190         PrivateKey JavaDoc key,
191         SecureRandom JavaDoc random)
192         throws SecurityException JavaDoc, SignatureException JavaDoc, InvalidKeyException JavaDoc
193     {
194         try
195         {
196             return generateX509Certificate(key, null, random);
197         }
198         catch (NoSuchProviderException JavaDoc e)
199         {
200             throw new SecurityException JavaDoc("JCE provider not installed!");
201         }
202     }
203
204     /**
205      * generate an X509 certificate, based on the current issuer and subject,
206      * using the passed in provider for the signing, and the passed in source
207      * of randomness (if required).
208      */
209     public X509Certificate JavaDoc generateX509Certificate(
210         PrivateKey JavaDoc key,
211         String JavaDoc provider)
212         throws NoSuchProviderException JavaDoc, SecurityException JavaDoc, SignatureException JavaDoc, InvalidKeyException JavaDoc
213     {
214         return generateX509Certificate(key, provider, null);
215     }
216
217     /**
218      * generate an X509 certificate, based on the current issuer and subject,
219      * using the passed in provider for the signing, and the passed in source
220      * of randomness (if required).
221      */
222     public X509Certificate JavaDoc generateX509Certificate(
223         PrivateKey JavaDoc key,
224         String JavaDoc provider,
225         SecureRandom JavaDoc random)
226         throws NoSuchProviderException JavaDoc, SecurityException JavaDoc, SignatureException JavaDoc, InvalidKeyException JavaDoc
227     {
228         Signature JavaDoc sig = null;
229
230         try
231         {
232             if (provider == null) {
233                 sig = Signature.getInstance(sigOID.getId());
234             }
235             else {
236                 sig = Signature.getInstance(sigOID.getId(), provider);
237             }
238         }
239         catch (NoSuchAlgorithmException JavaDoc ex)
240         {
241             try
242             {
243                 if (provider == null) {
244                     sig = Signature.getInstance(signatureAlgorithm);
245                 }
246                 else {
247                     sig = Signature.getInstance(signatureAlgorithm, provider);
248                 }
249             }
250             catch (NoSuchAlgorithmException JavaDoc e)
251             {
252                 throw new SecurityException JavaDoc("exception creating signature: " + e.toString());
253             }
254         }
255
256         if (random != null)
257         {
258             sig.initSign(key, random);
259         }
260         else
261         {
262             sig.initSign(key);
263         }
264
265         TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
266
267         try
268         {
269             ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
270             DEROutputStream dOut = new DEROutputStream(bOut);
271
272             dOut.writeObject(tbsCert);
273
274             sig.update(bOut.toByteArray());
275         }
276         catch (Exception JavaDoc e)
277         {
278             throw new SecurityException JavaDoc("exception encoding TBS cert - " + e);
279         }
280
281         ASN1EncodableVector v = new ASN1EncodableVector();
282
283         v.add(tbsCert);
284         v.add(sigAlgId);
285         v.add(new DERBitString(sig.sign()));
286
287         return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
288     }
289 }
290
Popular Tags