diff options
Diffstat (limited to 'src/main/java/se/lublin/humla/net/HumlaCertificateGenerator.java')
-rw-r--r-- | src/main/java/se/lublin/humla/net/HumlaCertificateGenerator.java | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/src/main/java/se/lublin/humla/net/HumlaCertificateGenerator.java b/src/main/java/se/lublin/humla/net/HumlaCertificateGenerator.java new file mode 100644 index 0000000..a7996c9 --- /dev/null +++ b/src/main/java/se/lublin/humla/net/HumlaCertificateGenerator.java @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2014 Andrew Comminos + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package se.lublin.humla.net; + +import org.spongycastle.asn1.x500.X500Name; +import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.X509v3CertificateBuilder; +import org.spongycastle.cert.jcajce.JcaX509CertificateConverter; +import org.spongycastle.jce.provider.BouncyCastleProvider; +import org.spongycastle.operator.ContentSigner; +import org.spongycastle.operator.OperatorCreationException; +import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; + +import java.io.IOException; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Calendar; +import java.util.Date; + +public class HumlaCertificateGenerator { + private static final String ISSUER = "CN=Humla Client"; + private static final Integer YEARS_VALID = 20; + + public static X509Certificate generateCertificate(OutputStream output) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, NoSuchProviderException, IOException { + BouncyCastleProvider provider = new BouncyCastleProvider(); // Use SpongyCastle provider, supports creating X509 certs + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048, new SecureRandom()); + + KeyPair keyPair = generator.generateKeyPair(); + + SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); + ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build(keyPair.getPrivate()); + + Date startDate = new Date(); + Calendar calendar = Calendar.getInstance(); + calendar.setTime(startDate); + calendar.add(Calendar.YEAR, YEARS_VALID); + Date endDate = calendar.getTime(); + + X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(ISSUER), + BigInteger.ONE, + startDate, endDate, new X500Name(ISSUER), + publicKeyInfo); + + X509CertificateHolder certificateHolder = certBuilder.build(signer); + + X509Certificate certificate = new JcaX509CertificateConverter().setProvider(provider).getCertificate(certificateHolder); + + KeyStore keyStore = KeyStore.getInstance("PKCS12", provider); + keyStore.load(null, null); + keyStore.setKeyEntry("Humla Key", keyPair.getPrivate(), null, new X509Certificate[] { certificate }); + + keyStore.store(output, "".toCharArray()); + + return certificate; + } +} |