001: package org.bouncycastle.ocsp.test;
002:
003: import org.bouncycastle.asn1.ASN1InputStream;
004: import org.bouncycastle.asn1.ASN1Sequence;
005: import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
006: import org.bouncycastle.asn1.x509.BasicConstraints;
007: import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
008: import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
009: import org.bouncycastle.asn1.x509.X509Extensions;
010: import org.bouncycastle.asn1.x509.X509Name;
011: import org.bouncycastle.x509.X509V3CertificateGenerator;
012:
013: import javax.crypto.KeyGenerator;
014: import java.io.ByteArrayInputStream;
015: import java.io.IOException;
016: import java.math.BigInteger;
017: import java.security.GeneralSecurityException;
018: import java.security.KeyPair;
019: import java.security.KeyPairGenerator;
020: import java.security.PrivateKey;
021: import java.security.PublicKey;
022: import java.security.SecureRandom;
023: import java.security.cert.X509Certificate;
024: import java.util.Date;
025:
026: public class OCSPTestUtil {
027:
028: public static SecureRandom rand;
029: public static KeyPairGenerator kpg, eckpg;
030: public static KeyGenerator desede128kg;
031: public static KeyGenerator desede192kg;
032: public static KeyGenerator rc240kg;
033: public static KeyGenerator rc264kg;
034: public static KeyGenerator rc2128kg;
035: public static BigInteger serialNumber;
036:
037: public static final boolean DEBUG = true;
038:
039: static {
040: try {
041: rand = new SecureRandom();
042:
043: kpg = KeyPairGenerator.getInstance("RSA", "BC");
044: kpg.initialize(1024, rand);
045:
046: serialNumber = new BigInteger("1");
047:
048: eckpg = KeyPairGenerator.getInstance("ECDSA", "BC");
049: eckpg.initialize(192, rand);
050: } catch (Exception ex) {
051: throw new RuntimeException(ex.toString());
052: }
053: }
054:
055: public static KeyPair makeKeyPair() {
056: return kpg.generateKeyPair();
057: }
058:
059: public static KeyPair makeECKeyPair() {
060: return eckpg.generateKeyPair();
061: }
062:
063: public static X509Certificate makeCertificate(KeyPair _subKP,
064: String _subDN, KeyPair _issKP, String _issDN)
065: throws GeneralSecurityException, IOException {
066:
067: return makeCertificate(_subKP, _subDN, _issKP, _issDN, false);
068: }
069:
070: public static X509Certificate makeECDSACertificate(KeyPair _subKP,
071: String _subDN, KeyPair _issKP, String _issDN)
072: throws GeneralSecurityException, IOException {
073:
074: return makeECDSACertificate(_subKP, _subDN, _issKP, _issDN,
075: false);
076: }
077:
078: public static X509Certificate makeCACertificate(KeyPair _subKP,
079: String _subDN, KeyPair _issKP, String _issDN)
080: throws GeneralSecurityException, IOException {
081:
082: return makeCertificate(_subKP, _subDN, _issKP, _issDN, true);
083: }
084:
085: public static X509Certificate makeCertificate(KeyPair _subKP,
086: String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
087: throws GeneralSecurityException, IOException {
088: return makeCertificate(_subKP, _subDN, _issKP, _issDN,
089: "MD5withRSA", _ca);
090: }
091:
092: public static X509Certificate makeECDSACertificate(KeyPair _subKP,
093: String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
094: throws GeneralSecurityException, IOException {
095: return makeCertificate(_subKP, _subDN, _issKP, _issDN,
096: "SHA1WithECDSA", _ca);
097: }
098:
099: public static X509Certificate makeCertificate(KeyPair _subKP,
100: String _subDN, KeyPair _issKP, String _issDN,
101: String algorithm, boolean _ca)
102: throws GeneralSecurityException, IOException {
103:
104: PublicKey _subPub = _subKP.getPublic();
105: PrivateKey _issPriv = _issKP.getPrivate();
106: PublicKey _issPub = _issKP.getPublic();
107:
108: X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
109:
110: _v3CertGen.reset();
111: _v3CertGen.setSerialNumber(allocateSerialNumber());
112: _v3CertGen.setIssuerDN(new X509Name(_issDN));
113: _v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
114: _v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
115: + (1000L * 60 * 60 * 24 * 100)));
116: _v3CertGen.setSubjectDN(new X509Name(_subDN));
117: _v3CertGen.setPublicKey(_subPub);
118: _v3CertGen.setSignatureAlgorithm(algorithm);
119:
120: _v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier,
121: false, createSubjectKeyId(_subPub));
122:
123: _v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
124: false, createAuthorityKeyId(_issPub));
125:
126: _v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
127: new BasicConstraints(_ca));
128:
129: X509Certificate _cert = _v3CertGen
130: .generateX509Certificate(_issPriv);
131:
132: _cert.checkValidity(new Date());
133: _cert.verify(_issPub);
134:
135: return _cert;
136: }
137:
138: /*
139: *
140: * INTERNAL METHODS
141: *
142: */
143:
144: private static AuthorityKeyIdentifier createAuthorityKeyId(
145: PublicKey _pubKey) throws IOException {
146:
147: ByteArrayInputStream _bais = new ByteArrayInputStream(_pubKey
148: .getEncoded());
149: SubjectPublicKeyInfo _info = new SubjectPublicKeyInfo(
150: (ASN1Sequence) new ASN1InputStream(_bais).readObject());
151:
152: return new AuthorityKeyIdentifier(_info);
153: }
154:
155: private static SubjectKeyIdentifier createSubjectKeyId(
156: PublicKey _pubKey) throws IOException {
157:
158: ByteArrayInputStream _bais = new ByteArrayInputStream(_pubKey
159: .getEncoded());
160: SubjectPublicKeyInfo _info = new SubjectPublicKeyInfo(
161: (ASN1Sequence) new ASN1InputStream(_bais).readObject());
162: return new SubjectKeyIdentifier(_info);
163: }
164:
165: private static BigInteger allocateSerialNumber() {
166: BigInteger _tmp = serialNumber;
167: serialNumber = serialNumber.add(BigInteger.ONE);
168: return _tmp;
169: }
170: }
|