All geek questions in one place

Create random certificates

I am looking for a utility class that can generate arbitrary certificate strings for testing purposes. Any idea if it's already implemented?

+5
source share
2 answers

The Java X500 built-in libraries are more focused on the use of certificates than on the creation and parsing of certificates. You may find a way to do what you want, but it will almost certainly be a messy and secure API ( sun.security.* ).

I suggest you enable the Bouncy Castle library (Apache License). It has a class called X509V3CertificateGenerator , which you can use to set the fields of the certificate (issuer, subject, expiration date, etc.).

Then you can get the PEM string from it using the PEMWriter class.

+4
source

To add to the solution given by martijno,

Instead of writing your own content subscriber, JCAContentSigner can be used to avoid matching with AlgorithmIdentifier (i.e. OID).

JcaContentSignerBuilder accepts algorithm names as defined here .

 X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, serialNumber, startDate, expiryDate, subject, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = builder.build(keyPair.getPrivate()); byte[] certBytes = certBuilder.build(signer).getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
+4
source

Source: https://habr.com/ru/post/912515/

More articles:


All Articles