Home » geronimo-2.2-source-release » org.apache.geronimo.crypto.jce » [javadoc | source]

    1   /**
    2    *  Licensed to the Apache Software Foundation (ASF) under one or more
    3    *  contributor license agreements.  See the NOTICE file distributed with
    4    *  this work for additional information regarding copyright ownership.
    5    *  The ASF licenses this file to You under the Apache License, Version 2.0
    6    *  (the "License"); you may not use this file except in compliance with
    7    *  the License.  You may obtain a copy of the License at
    8    *
    9    *     http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    *  Unless required by applicable law or agreed to in writing, software
   12    *  distributed under the License is distributed on an "AS IS" BASIS,
   13    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    *  See the License for the specific language governing permissions and
   15    *  limitations under the License.
   16    */
   17   
   18   package org.apache.geronimo.crypto.jce;
   19   
   20   import java.io.ByteArrayInputStream;
   21   import java.io.ByteArrayOutputStream;
   22   import java.math.BigInteger;
   23   import java.security.InvalidKeyException;
   24   import java.security.NoSuchAlgorithmException;
   25   import java.security.NoSuchProviderException;
   26   import java.security.PrivateKey;
   27   import java.security.PublicKey;
   28   import java.security.SecureRandom;
   29   import java.security.Signature;
   30   import java.security.SignatureException;
   31   import java.security.cert.X509Certificate;
   32   import java.util.Date;
   33   import java.util.Hashtable;
   34   
   35   import org.apache.geronimo.crypto.asn1.ASN1EncodableVector;
   36   import org.apache.geronimo.crypto.asn1.ASN1InputStream;
   37   import org.apache.geronimo.crypto.asn1.ASN1Sequence;
   38   import org.apache.geronimo.crypto.asn1.DERBitString;
   39   import org.apache.geronimo.crypto.asn1.DERInteger;
   40   import org.apache.geronimo.crypto.asn1.DERNull;
   41   import org.apache.geronimo.crypto.asn1.DERObjectIdentifier;
   42   import org.apache.geronimo.crypto.asn1.DEROutputStream;
   43   import org.apache.geronimo.crypto.asn1.DERSequence;
   44   import org.apache.geronimo.crypto.asn1.x509.AlgorithmIdentifier;
   45   import org.apache.geronimo.crypto.asn1.x509.SubjectPublicKeyInfo;
   46   import org.apache.geronimo.crypto.asn1.x509.TBSCertificateStructure;
   47   import org.apache.geronimo.crypto.asn1.x509.Time;
   48   import org.apache.geronimo.crypto.asn1.x509.V1TBSCertificateGenerator;
   49   import org.apache.geronimo.crypto.asn1.x509.X509CertificateStructure;
   50   import org.apache.geronimo.crypto.asn1.x509.X509Name;
   51   import org.apache.geronimo.crypto.jce.provider.X509CertificateObject;
   52   
   53   /**
   54    * class to produce an X.509 Version 1 certificate.
   55    *
   56    * @deprecated use the equivalent class in org.apache.geronimo.crypto.x509
   57    */
   58   public class X509V1CertificateGenerator
   59   {
   60       private V1TBSCertificateGenerator   tbsGen;
   61       private DERObjectIdentifier         sigOID;
   62       private AlgorithmIdentifier         sigAlgId;
   63       private String                      signatureAlgorithm;
   64   
   65       private static Hashtable            algorithms = new Hashtable();
   66   
   67       static
   68       {
   69           algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
   70           algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
   71           algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
   72           algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
   73           algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
   74           algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
   75           algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
   76           algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
   77           algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
   78           algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
   79           algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
   80           algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
   81       }
   82   
   83       public X509V1CertificateGenerator()
   84       {
   85           tbsGen = new V1TBSCertificateGenerator();
   86       }
   87   
   88       /**
   89        * reset the generator
   90        */
   91       public void reset()
   92       {
   93           tbsGen = new V1TBSCertificateGenerator();
   94       }
   95   
   96       /**
   97        * set the serial number for the certificate.
   98        */
   99       public void setSerialNumber(
  100           BigInteger      serialNumber)
  101       {
  102           tbsGen.setSerialNumber(new DERInteger(serialNumber));
  103       }
  104   
  105       /**
  106        * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
  107        * certificate.
  108        */
  109       public void setIssuerDN(
  110           X509Name   issuer)
  111       {
  112           tbsGen.setIssuer(issuer);
  113       }
  114   
  115       public void setNotBefore(
  116           Date    date)
  117       {
  118           tbsGen.setStartDate(new Time(date));
  119       }
  120   
  121       public void setNotAfter(
  122           Date    date)
  123       {
  124           tbsGen.setEndDate(new Time(date));
  125       }
  126   
  127       /**
  128        * Set the subject distinguished name. The subject describes the entity associated with the public key.
  129        */
  130       public void setSubjectDN(
  131           X509Name   subject)
  132       {
  133           tbsGen.setSubject(subject);
  134       }
  135   
  136       public void setPublicKey(
  137           PublicKey       key)
  138       {
  139           try
  140           {
  141               tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
  142                                   new ByteArrayInputStream(key.getEncoded())).readObject()));
  143           }
  144           catch (Exception e)
  145           {
  146               throw new IllegalArgumentException("unable to process key - " + e.getMessage(), e);
  147           }
  148       }
  149   
  150       public void setSignatureAlgorithm(
  151           String  signatureAlgorithm)
  152       {
  153           this.signatureAlgorithm = signatureAlgorithm;
  154   
  155           sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
  156   
  157           if (sigOID == null)
  158           {
  159               throw new IllegalArgumentException("Unknown signature type requested");
  160           }
  161   
  162           sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());
  163   
  164           tbsGen.setSignature(sigAlgId);
  165       }
  166   
  167       /**
  168        * generate an X509 certificate, based on the current issuer and subject
  169        * using the default provider "BC".
  170        */
  171       public X509Certificate generateX509Certificate(
  172           PrivateKey      key)
  173           throws SecurityException, SignatureException, InvalidKeyException
  174       {
  175           try
  176           {
  177               return generateX509Certificate(key, null, null);
  178           }
  179           catch (NoSuchProviderException e)
  180           {
  181               throw (SecurityException)new SecurityException("JCE provider not installed!").initCause(e);
  182           }
  183       }
  184   
  185       /**
  186        * generate an X509 certificate, based on the current issuer and subject
  187        * using the default provider and the passed in source of randomness
  188        */
  189       public X509Certificate generateX509Certificate(
  190           PrivateKey      key,
  191           SecureRandom    random)
  192           throws SecurityException, SignatureException, InvalidKeyException
  193       {
  194           try
  195           {
  196               return generateX509Certificate(key, null, random);
  197           }
  198           catch (NoSuchProviderException e)
  199           {
  200               throw (SecurityException)new SecurityException("JCE provider not installed!").initCause(e);
  201           }
  202       }
  203   
  204       /**
  205        * generate an X509 certificate, based on the current issuer and subject,
  206        * using the passed in provider for the signing, and the passed in source
  207        * of randomness (if required).
  208        */
  209       public X509Certificate generateX509Certificate(
  210           PrivateKey      key,
  211           String          provider)
  212           throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
  213       {
  214           return generateX509Certificate(key, provider, null);
  215       }
  216   
  217       /**
  218        * generate an X509 certificate, based on the current issuer and subject,
  219        * using the passed in provider for the signing, and the passed in source
  220        * of randomness (if required).
  221        */
  222       public X509Certificate generateX509Certificate(
  223           PrivateKey      key,
  224           String          provider,
  225           SecureRandom    random)
  226           throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
  227       {
  228           Signature sig = null;
  229   
  230           try
  231           {
  232               if (provider == null) {
  233                   sig = Signature.getInstance(sigOID.getId());
  234               }
  235               else {
  236                   sig = Signature.getInstance(sigOID.getId(), provider);
  237               }
  238           }
  239           catch (NoSuchAlgorithmException ex)
  240           {
  241               try
  242               {
  243                   if (provider == null) {
  244                       sig = Signature.getInstance(signatureAlgorithm);
  245                   }
  246                   else {
  247                       sig = Signature.getInstance(signatureAlgorithm, provider);
  248                   }
  249               }
  250               catch (NoSuchAlgorithmException e)
  251               {
  252                   throw (SecurityException)new SecurityException("exception creating signature: " + e.getMessage()).initCause(e);
  253               }
  254           }
  255   
  256           if (random != null)
  257           {
  258               sig.initSign(key, random);
  259           }
  260           else
  261           {
  262               sig.initSign(key);
  263           }
  264   
  265           TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
  266   
  267           try
  268           {
  269               ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
  270               DEROutputStream         dOut = new DEROutputStream(bOut);
  271   
  272               dOut.writeObject(tbsCert);
  273   
  274               sig.update(bOut.toByteArray());
  275           }
  276           catch (Exception e)
  277           {
  278               throw (SecurityException)new SecurityException("exception encoding TBS cert - " + e.getMessage()).initCause(e);
  279           }
  280   
  281           ASN1EncodableVector  v = new ASN1EncodableVector();
  282   
  283           v.add(tbsCert);
  284           v.add(sigAlgId);
  285           v.add(new DERBitString(sig.sign()));
  286   
  287           return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
  288       }
  289   }

Home » geronimo-2.2-source-release » org.apache.geronimo.crypto.jce » [javadoc | source]