import java.io.*; import java.math.*; import java.util.*; import java.security.*; import java.security.cert.*; import javax.security.auth.x500.*; import org.bouncycastle.asn1.x509.*; import org.bouncycastle.x509.*; import org.bouncycastle.openssl.*; import org.bouncycastle.jce.provider.BouncyCastleProvider; class MakeFedid { /** * Make a self-signed certificate binding the keypair to CN for one year. * Cribbed from jabac. * @param cn the String with the name in it * @param kp the KeyPair to bind * @throws InvalidKeyException if none of the Identities can sign the * certificate * @throws NoSuchAlgorithmException if the credential uses an unknown * signature algorithm * @throws NoSuchProviderException if the provider of the signature * algorithm is unavailable * @throws SignatureException if the signature creation fails */ public static X509Certificate makeID(String cn, KeyPair kp) throws CertificateException, NoSuchAlgorithmException,InvalidKeyException, NoSuchProviderException, SignatureException, IOException { X509V1CertificateGenerator gen = new X509V1CertificateGenerator(); gen.setIssuerDN(new X500Principal("CN=" + cn)); gen.setSubjectDN(new X500Principal("CN=" + cn)); gen.setNotAfter(new Date(System.currentTimeMillis() + 3600 * 1000 * 24 * 365)); gen.setNotBefore(new Date(System.currentTimeMillis())); gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen.setPublicKey(kp.getPublic()); gen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return (X509Certificate) gen.generate(kp.getPrivate(), "BC"); } /** * Read a key pair from a Reader attached to PEM data. Reads until it * finds a KeyPair, as the PEM may have multiple objects in it. * @param r the reader * @return the KeyPair encoded (if any) */ public static KeyPair getKeys(Reader r) throws CertificateException, NoSuchAlgorithmException,InvalidKeyException, NoSuchProviderException, SignatureException, IOException { PEMReader pr = new PEMReader(r); Object c = null; while ( ( c= pr.readObject()) != null ){ if (c instanceof KeyPair) return (KeyPair) c; } return null; } /** * Write the PEM cert and keypair to the given writer. * @param w a Writer to write on * @throws IOException if writing fails */ public static void writeID(Writer w, X509Certificate cert, KeyPair kp) throws IOException { PEMWriter pw = new PEMWriter(w); pw.writeObject(kp); pw.writeObject(cert); pw.flush(); } /** * Load the BouncyCastle provider, necessary for some of the crypto. */ static void loadBouncyCastle() { AccessController.doPrivileged(new PrivilegedAction() { public Object run() { Security.addProvider(new BouncyCastleProvider()); return null; } }); } /** * Convert the PEM cert in the first file to a self signed one in the * second argument, having the CN in the last argument. This is harmless * if the first cert was self signed. */ public static void main(String args[]) throws GeneralSecurityException, IOException { String inFile = (args.length > 0) ? args[0] : "./test.pem"; String outFile = (args.length > 1) ? args[1] : "./testout.pem"; String cn = (args.length > 2) ? args[2] : "dummy"; loadBouncyCastle(); KeyPair kp = getKeys(new FileReader(new File(inFile))); X509Certificate cert = makeID(cn, kp); writeID(new FileWriter(new File(outFile)), cert, kp); } }