creating a digital certificate using java security or bouncy castle

coolcoder · #1 (**permalink**) 10-30-06, 11:53 AM

creating a digital certificate using java security or bouncy castle..

i am working in java security..
i need to create a digital certificate using java..
there r tools like keytool

but i need to do using programming in java...
1.doubt 1:

is it possible to create a digital certificate using java security packages alone?
with the present api,i am only able to parse the exisiting certificate...
& not able to create a new one...

doubt 2:

i used the bouncy castle api to create the certificate but it deosnt accept teh signature alogirthm i give...

i tried to give rsa,dsa,etc...
all didnt work out..

this is my code:

Code:

package chapter6;

import java.math.BigInteger;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.Date;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.x509.X509V1CertificateGenerator;


/**
 * Basic X.509 V1 Certificate creation.
 */
public class X509V1CreateExample
{
    public static X509Certificate generateV1Certificate(KeyPair pair)
        throws InvalidKeyException, NoSuchProviderException, SignatureException
    {
        // generate the certificate
        X509V1CertificateGenerator  certGen = new X509V1CertificateGenerator();

        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
        certGen.setPublicKey(pair.getPublic());
       
// i get error here
 certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

        return certGen.generateX509Certificate(pair.getPrivate(), "BC");
    }
    
    public static void main(
        String[]    args)
        throws Exception
    {
        // create the keys
        KeyPair          pair = Utils.generateRSAKeyPair();
        
        // generate the certificate
        X509Certificate cert = generateV1Certificate(pair);

        // show some basic validation
        cert.checkValidity(new Date());

        cert.verify(cert.getPublicKey());
        
        System.out.println("valid certificate generated");
    }
}

pls helpppppppppp meeeeeeeeee//

King Coder · #2 (**permalink**) 11-01-06, 08:11 PM

Would the XML Digital Signature API be of interest to you? From what I can tell it may be what you're after.

PinwinitO Developer · #3 (**permalink**) 08-03-09, 04:28 PM

Hi... you need add the next line:

Security.addProvider(new BouncyCastleProvider());

before:

// generate the certificate
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();

good luck...