FileDocCategorySizeDatePackage
X509V3CertificateGenerator.javaAPI DocAzureus 3.0.3.410432Tue Jun 08 05:13:00 BST 2004org.bouncycastle.jce

X509V3CertificateGenerator

public class X509V3CertificateGenerator extends Object
class to produce an X.509 Version 3 certificate.

Fields Summary
private org.bouncycastle.asn1.x509.V3TBSCertificateGenerator
tbsGen
private DERObjectIdentifier
sigOID
private org.bouncycastle.asn1.x509.AlgorithmIdentifier
sigAlgId
private String
signatureAlgorithm
private Hashtable
extensions
private Vector
extOrdering
private static Hashtable
algorithms
Constructors Summary
public X509V3CertificateGenerator()


    
    
		algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
		algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
		algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
		algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
		algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
		algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
		algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
		algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
		algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
		algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
		algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
		algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
    
        tbsGen = new V3TBSCertificateGenerator();
    
Methods Summary
public voidaddExtension(java.lang.String OID, boolean critical, DEREncodable value)
add a given extension field for the standard extensions tag (tag 3)

        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    
public voidaddExtension(DERObjectIdentifier OID, boolean critical, DEREncodable value)
add a given extension field for the standard extensions tag (tag 3)

        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        DEROutputStream         dOut = new DEROutputStream(bOut);

        try
        {
            dOut.writeObject(value);
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("error encoding value: " + e);
        }

        this.addExtension(OID, critical, bOut.toByteArray());
    
public voidaddExtension(java.lang.String OID, boolean critical, byte[] value)
add a given extension field for the standard extensions tag (tag 3) The value parameter becomes the contents of the octet string associated with the extension.

        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    
public voidaddExtension(DERObjectIdentifier OID, boolean critical, byte[] value)
add a given extension field for the standard extensions tag (tag 3)

        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
        extOrdering.addElement(OID);
    
public java.security.cert.X509CertificategenerateX509Certificate(java.security.PrivateKey key)
generate an X509 certificate, based on the current issuer and subject using the default provider "BC".

        try
        {
            return generateX509Certificate(key, "BC", null);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    
public java.security.cert.X509CertificategenerateX509Certificate(java.security.PrivateKey key, java.security.SecureRandom random)
generate an X509 certificate, based on the current issuer and subject using the default provider "BC", and the passed in source of randomness (if required).

        try
        {
            return generateX509Certificate(key, "BC", random);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    
public java.security.cert.X509CertificategenerateX509Certificate(java.security.PrivateKey key, java.lang.String provider)
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing.

        return generateX509Certificate(key, provider, null);
    
public java.security.cert.X509CertificategenerateX509Certificate(java.security.PrivateKey key, java.lang.String provider, java.security.SecureRandom random)
generate an X509 certificate, based on the current issuer and subject, using the passed in provider for the signing and the supplied source of randomness, if required.

        Signature sig = null;

        if (sigOID == null)
        {
            throw new IllegalStateException("no signature algorithm specified");
        }

        try
        {
            sig = Signature.getInstance(sigOID.getId(), provider);
        }
        catch (NoSuchAlgorithmException ex)
        {
            try
            {
                sig = Signature.getInstance(signatureAlgorithm, provider);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new SecurityException("exception creating signature: " + e.toString());
            }
        }

        if (random != null)
        {
            sig.initSign(key, random);
        }
        else
        {
            sig.initSign(key);
        }

        if (extensions != null)
        {
            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

            dOut.writeObject(tbsCert);

            sig.update(bOut.toByteArray());
        }
        catch (Exception e)
        {
            throw new SecurityException("exception encoding TBS cert - " + e);
        }

        ASN1EncodableVector  v = new ASN1EncodableVector();

        v.add(tbsCert);
        v.add(sigAlgId);
        v.add(new DERBitString(sig.sign()));

        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
    
public voidreset()
reset the generator

        tbsGen = new V3TBSCertificateGenerator();
        extensions = null;
        extOrdering = null;
    
public voidsetIssuerDN(org.bouncycastle.asn1.x509.X509Name issuer)
Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the certificate.

        tbsGen.setIssuer(issuer);
    
public voidsetNotAfter(java.util.Date date)

        tbsGen.setEndDate(new Time(date));
    
public voidsetNotBefore(java.util.Date date)

        tbsGen.setStartDate(new Time(date));
    
public voidsetPublicKey(java.security.PublicKey key)

        try
        {
            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
                                new ByteArrayInputStream(key.getEncoded())).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key - " + e.toString());
        }
    
public voidsetSerialNumber(java.math.BigInteger serialNumber)
set the serial number for the certificate.

        tbsGen.setSerialNumber(new DERInteger(serialNumber));
    
public voidsetSignatureAlgorithm(java.lang.String signatureAlgorithm)

        this.signatureAlgorithm = signatureAlgorithm;

        sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());

        if (sigOID == null)
        {
            throw new IllegalArgumentException("Unknown signature type requested");
        }

        sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());

        tbsGen.setSignature(sigAlgId);
    
public voidsetSubjectDN(org.bouncycastle.asn1.x509.X509Name subject)
Set the subject distinguished name. The subject describes the entity associated with the public key.

        tbsGen.setSubject(subject);