Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.bouncycastle.x509;
  
 import java.util.Date;
 
 
class to produce an X.509 Version 3 certificate.

Deprecated:
use org.bouncycastle.cert.X509v3CertificateBuilder.
 
 {
     private V3TBSCertificateGenerator   tbsGen;
     private ASN1ObjectIdentifier        sigOID;
     private AlgorithmIdentifier         sigAlgId;
     private String                      signatureAlgorithm;
     private X509ExtensionsGenerator     extGenerator;
 
     public X509V3CertificateGenerator()
     {
          = new V3TBSCertificateGenerator();
          = new X509ExtensionsGenerator();
     }

    
reset the generator
 
     public void reset()
     {
          = new V3TBSCertificateGenerator();
         .reset();
     }

    
set the serial number for the certificate.
 
     public void setSerialNumber(
         BigInteger      serialNumber)
     {
         if (serialNumber.compareTo(.) <= 0)
         {
             throw new IllegalArgumentException("serial number must be a positive integer");
         }
         
         .setSerialNumber(new ASN1Integer(serialNumber));
     }

    
Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the certificate.
 
     public void setIssuerDN(
         X500Principal   issuer)
     {
         try
         {
             .setIssuer(new X509Principal(issuer.getEncoded()));
         }
         catch (IOException e)
         {
             throw new IllegalArgumentException("can't process principal: " + e);
         }
     }
    
    
Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the certificate.
    public void setIssuerDN(
        X509Name   issuer)
    {
        .setIssuer(issuer);
    }
    public void setNotBefore(
        Date    date)
    {
        .setStartDate(new Time(date));
    }
    public void setNotAfter(
        Date    date)
    {
        .setEndDate(new Time(date));
    }

    
Set the subject distinguished name. The subject describes the entity associated with the public key.
    public void setSubjectDN(
        X500Principal   subject)
    {
        try
        {
            .setSubject(new X509Principal(subject.getEncoded()));
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("can't process principal: " + e);
        }
    }
    
    
Set the subject distinguished name. The subject describes the entity associated with the public key.
    public void setSubjectDN(
        X509Name   subject)
    {
        .setSubject(subject);
    }
    public void setPublicKey(
        PublicKey       key)
        throws IllegalArgumentException
    {
        try
        {
            .setSubjectPublicKeyInfo(
                       SubjectPublicKeyInfo.getInstance(new ASN1InputStream(key.getEncoded()).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key - " + e.toString());
        }
    }

    
Set the signature algorithm. This can be either a name or an OID, names are treated as case insensitive.

Parameters:
signatureAlgorithm string representation of the algorithm name.
    public void setSignatureAlgorithm(
        String  signatureAlgorithm)
    {
        this. = signatureAlgorithm;
        try
        {
             = X509Util.getAlgorithmOID(signatureAlgorithm);
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm);
        }
         = X509Util.getSigAlgID(signatureAlgorithm);
        .setSignature();
    }

    
Set the subject unique ID - note: it is very rare that it is correct to do this.
    public void setSubjectUniqueID(boolean[] uniqueID)
    {
        .setSubjectUniqueID(booleanToBitString(uniqueID));
    }

    
Set the issuer unique ID - note: it is very rare that it is correct to do this.
    public void setIssuerUniqueID(boolean[] uniqueID)
    {
        .setIssuerUniqueID(booleanToBitString(uniqueID));
    }
    private DERBitString booleanToBitString(boolean[] id)
    {
        byte[] bytes = new byte[(id.length + 7) / 8];
        for (int i = 0; i != id.lengthi++)
        {
            bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0;
        }
        int pad = id.length % 8;
        if (pad == 0)
        {
            return new DERBitString(bytes);
        }
        else
        {
            return new DERBitString(bytes, 8 - pad);
        }
    }
    
    
add a given extension field for the standard extensions tag (tag 3)
    public void addExtension(
        String          oid,
        boolean         critical,
        ASN1Encodable    value)
    {
        this.addExtension(new ASN1ObjectIdentifier(oid), criticalvalue);
    }

    
add a given extension field for the standard extensions tag (tag 3)
    public void addExtension(
        ASN1ObjectIdentifier oid,
        boolean             critical,
        ASN1Encodable        value)
    {
        .addExtension(new ASN1ObjectIdentifier(oid.getId()), critical,  value);
    }

    
add a given extension field for the standard extensions tag (tag 3) The value parameter becomes the contents of the octet string associated with the extension.
    public void addExtension(
        String          oid,
        boolean         critical,
        byte[]          value)
    {
        this.addExtension(new ASN1ObjectIdentifier(oid), criticalvalue);
    }

    
add a given extension field for the standard extensions tag (tag 3)
    public void addExtension(
        ASN1ObjectIdentifier oid,
        boolean             critical,
        byte[]              value)
    {
        .addExtension(new ASN1ObjectIdentifier(oid.getId()), criticalvalue);
    }

    
add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.

Throws:
java.security.cert.CertificateParsingException if the extension cannot be extracted.
    public void copyAndAddExtension(
        String          oid,
        boolean         critical,
        X509Certificate cert
        throws CertificateParsingException
    {
        byte[] extValue = cert.getExtensionValue(oid);
        
        if (extValue == null)
        {
            throw new CertificateParsingException("extension " + oid + " not present");
        }
        
        try
        {
            ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);
    
            this.addExtension(oidcriticalvalue);
        }
        catch (IOException e)
        {
            throw new CertificateParsingException(e.toString());
        }
    }

    
add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.

Throws:
java.security.cert.CertificateParsingException if the extension cannot be extracted.
    public void copyAndAddExtension(
        ASN1ObjectIdentifier oid,
        boolean             critical,
        X509Certificate     cert)
        throws CertificateParsingException
    {
        this.copyAndAddExtension(oid.getId(), criticalcert);
    }

    
generate an X509 certificate, based on the current issuer and subject using the default provider "BC".

Deprecated:
use generate(key, "BC")
        PrivateKey      key)
    {
        try
        {
            return generateX509Certificate(key"BC"null);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    }

    
generate an X509 certificate, based on the current issuer and subject using the default provider "BC", and the passed in source of randomness (if required).

Deprecated:
use generate(key, random, "BC")
        PrivateKey      key,
        SecureRandom    random)
    {
        try
        {
            return generateX509Certificate(key"BC"random);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    }

    
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing.

Deprecated:
use generate()
        PrivateKey      key,
        String          provider)
    {
        return generateX509Certificate(keyprovidernull);
    }

    
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing and the supplied source of randomness, if required.

Deprecated:
use generate()
        PrivateKey      key,
        String          provider,
        SecureRandom    random)
    {
        try
        {
            return generate(keyproviderrandom);
        }
        catch (NoSuchProviderException e)
        {
            throw e;
        }
        catch (SignatureException e)
        {
            throw e;
        }
        catch (InvalidKeyException e)
        {
            throw e;
        }
        catch (GeneralSecurityException e)
        {
            throw new SecurityException("exception: " + e);
        }
    }

    
generate an X509 certificate, based on the current issuer and subject using the default provider.

Note: this differs from the deprecated method in that the default provider is used - not "BC".

    public X509Certificate generate(
        PrivateKey      key)
    {
        return generate(key, (SecureRandom)null);
    }

    
generate an X509 certificate, based on the current issuer and subject using the default provider, and the passed in source of randomness (if required).

Note: this differs from the deprecated method in that the default provider is used - not "BC".

    public X509Certificate generate(
        PrivateKey      key,
        SecureRandom    random)
    {
        TBSCertificate tbsCert = generateTbsCert();
        byte[] signature;
        try
        {
            signature = X509Util.calculateSignature(keyrandomtbsCert);
        }
        catch (IOException e)
        {
            throw new ExtCertificateEncodingException("exception encoding TBS cert"e);
        }
        try
        {
            return generateJcaObject(tbsCertsignature);
        }
        catch (CertificateParsingException e)
        {
            throw new ExtCertificateEncodingException("exception producing certificate object"e);
        }
    }

    
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing.
    public X509Certificate generate(
        PrivateKey      key,
        String          provider)
    {
        return generate(keyprovidernull);
    }

    
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing and the supplied source of randomness, if required.
    public X509Certificate generate(
        PrivateKey      key,
        String          provider,
        SecureRandom    random)
    {
        TBSCertificate tbsCert = generateTbsCert();
        byte[] signature;
        try
        {
            signature = X509Util.calculateSignature(providerkeyrandomtbsCert);
        }
        catch (IOException e)
        {
            throw new ExtCertificateEncodingException("exception encoding TBS cert"e);
        }
        try
        {
            return generateJcaObject(tbsCertsignature);
        }
        catch (CertificateParsingException e)
        {
            throw new ExtCertificateEncodingException("exception producing certificate object"e);
        }
    }
    {
        if (!.isEmpty())
        {
            .setExtensions(.generate());
        }
        return .generateTBSCertificate();
    }
    private X509Certificate generateJcaObject(TBSCertificate tbsCertbyte[] signature)
        throws CertificateParsingException
    {
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(tbsCert);
        v.add();
        v.add(new DERBitString(signature));
        return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
    }

    
Return an iterator of the signature names supported by the generator.

Returns:
an iterator containing recognised names.
    {
        return X509Util.getAlgNames();
    }
New to GrepCode? Check out our FAQ X