source: axis/MakeFedid.java @ cedf721

import java.io.*;
import java.math.*;
import java.util.*;

import java.security.*;
import java.security.cert.*;
import javax.security.auth.x500.*;

import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.x509.*;
import org.bouncycastle.openssl.*;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

class MakeFedid {

    /**
     * Make a self-signed certificate binding the keypair to CN for one year.
     * Cribbed from jabac.
     * @param cn the String with the name in it
     * @param kp the KeyPair to bind
     * @throws InvalidKeyException if none of the Identities can sign the
     *                              certificate
     * @throws NoSuchAlgorithmException if the credential uses an unknown
     *                              signature algorithm
     * @throws NoSuchProviderException if the provider of the signature
     *                              algorithm is unavailable
     * @throws SignatureException if the signature creation fails
     */
    public static X509Certificate makeID(String cn, KeyPair kp) throws
            CertificateException, NoSuchAlgorithmException,InvalidKeyException,
            NoSuchProviderException, SignatureException, IOException {
        X509V1CertificateGenerator gen = new X509V1CertificateGenerator();

        gen.setIssuerDN(new X500Principal("CN=" + cn));
        gen.setSubjectDN(new X500Principal("CN=" + cn));
        gen.setNotAfter(new Date(System.currentTimeMillis() 
                    + 3600 * 1000 * 24 * 365));
        gen.setNotBefore(new Date(System.currentTimeMillis()));
        gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        gen.setPublicKey(kp.getPublic());
        gen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        return (X509Certificate) gen.generate(kp.getPrivate(), "BC");
    }

    /**
     * Read a key pair from a Reader attached to PEM data.  Reads until it
     * finds a KeyPair, as the PEM may have multiple objects in it.
     * @param r the reader
     * @return the KeyPair encoded (if any)
     */
    public static KeyPair getKeys(Reader r) throws 
            CertificateException, NoSuchAlgorithmException,InvalidKeyException,
            NoSuchProviderException, SignatureException, IOException {
        PEMReader pr = new PEMReader(r);
        Object c = null;

        while ( ( c= pr.readObject()) != null ){
            if (c instanceof KeyPair) return (KeyPair) c;
        }
        return null;
    }

    /**
     * Write the PEM cert and keypair to the given writer.
     * @param w a Writer to write on
     * @throws IOException if writing fails
     */
    public static void writeID(Writer w, X509Certificate cert, KeyPair kp) 
            throws IOException {
        PEMWriter pw = new PEMWriter(w);

        pw.writeObject(kp);
        pw.writeObject(cert);
        pw.flush();
    }

    /**
     * Load the BouncyCastle provider, necessary for some of the crypto.
     */
    static void loadBouncyCastle() {
        AccessController.doPrivileged(new PrivilegedAction<Object>() {
            public Object run() {
                Security.addProvider(new BouncyCastleProvider());
                return null;
            }
        });
    }


    /**
     * Convert the PEM cert in the first file to a self signed one in the
     * second argument, having the CN in the last argument.  This is harmless
     * if the first cert was self signed.
     */
    public static void main(String args[]) 
            throws GeneralSecurityException, IOException {
        String inFile = (args.length > 0) ? args[0] : "./test.pem";
        String outFile = (args.length > 1) ? args[1] : "./testout.pem";
        String cn = (args.length > 2) ? args[2] : "dummy";

        loadBouncyCastle();

        KeyPair kp = getKeys(new FileReader(new File(inFile)));
        X509Certificate cert = makeID(cn, kp);
        writeID(new FileWriter(new File(outFile)), cert, kp);
    }
}