demo.x509
Class CreateDemoCerts

java.lang.Object
  |
  +--demo.x509.CreateDemoCerts

public class CreateDemoCerts

extends Object

Creates certificate chains for some demo applications and writes them - together with the actual subject´s private key - into several .PEM (Base64 encoded DER format) files. Creates some test certificate chains and writes them into .PEM files.

This class creates a - if not already existing - "test" sub-directory of the current working directory for writing the PEM encoded test certificate chains to it. Each chain is stored together with the the private key belonging to the subject´s certificate, which is located at index 0 of the chain.

This class creates two CA certificates and four user certificates. The CA certificate chains only hold the corresponding CA certificates, whereas the user certificate chains contain the user (subject) certificate at index 0 and the CA certificate at index 1. The private key giving a KeyAndCertificate structure together with the actual certificate chain, in any case belongs to the certificate at index 0. All generated keys have a modulus length of 1024 bits. Since the keys actually are generated during program execution, running this class will take a certain amount of time.

The following certificates (and keys) are created and saved to files:

• A Self-signed RSA certificate; saved to "test/caRSA.PEM"
• A Self-signed RSA certificate; saved to "test/caDSA.PEM"
• Two RSA/RSA user certificates; saved to "userRSAcert1.PEM" and "userRSAcert2.PEM"
• A DSA/DSA user certificate; saved to "userDSAcert.PEM"
• A DH/DSA user certificate; saved to "userDHcert.PEM"

Version:

File Revision 20

Constructor Summary

CreateDemoCerts()

Method Summary

X509Certificate	createCertificate(Name subject, PublicKey pk, Name issuer, PrivateKey sk, AlgorithmID algorithm, int serialNumber, V3Extension[] extensions) Creates a test certificate according to the X.509 Notation.
KeyPair	generateKeyPair(String algorithm, int bits) Generates a Key pair for the requested public key algorithm.
static void	main(String[] arg) Starts the certificate creation process.
void	saveKeyAndCert(KeyPair keyPair, X509Certificate[] chain, String fileName) Saves the private key and the certificate chain into one file.
void	start() Creates some test certificate chains and writes them into .PEM files.
void	verifyCertificate(X509Certificate userCert, X509Certificate caCert) Verifies the digital signature of a certificate.
void	verifyCertificateChain(X509Certificate[] certs) Verifies a chain of certificates where the user certificate is stored at index 0.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CreateDemoCerts

public CreateDemoCerts()

Method Detail

saveKeyAndCert

public void saveKeyAndCert(KeyPair keyPair,
                           X509Certificate[] chain,
                           String fileName)
                    throws IOException

Saves the private key and the certificate chain into one file.

Parameters:

keyPair - the keyPair from which to get the private key to be written to the specified file

chain - the chain of X509 certificates to be written to the specified file

filename - the name of the file to which private key and certificates shall be written

Throws:

IOException - if an error occurs when writing to the file

generateKeyPair

public KeyPair generateKeyPair(String algorithm,
                               int bits)
                        throws Exception

Generates a Key pair for the requested public key algorithm.

Parameters:

algorithm - the public key algorithm

bits - the length of the key (modulus) in bits

Returns:

the KeyPair

Throws:

NoSuchAlgorithmException - if the requested algorithm is not implemented

verifyCertificateChain

public void verifyCertificateChain(X509Certificate[] certs)
                            throws Exception

Verifies a chain of certificates where the user certificate is stored at index 0. The self-signed top level certificate is verified using its inherent public key. Any other certificate of the chain is verified by means of the public key derived from the issuing certificate which is located one index higher in the chain.

certs[0] = user certificate. certs[x] = self signed CA certificate

Parameters:

certs - the certificate chain to verify

verifyCertificate

public void verifyCertificate(X509Certificate userCert,
                              X509Certificate caCert)
                       throws Exception

Verifies the digital signature of a certificate.

Parameters:

userCert - the certificate to verify

caCert - the certificate of the CA which has issued the userCert or null if the userCert is a self signed certificate

createCertificate

public X509Certificate createCertificate(Name subject,
                                         PublicKey pk,
                                         Name issuer,
                                         PrivateKey sk,
                                         AlgorithmID algorithm,
                                         int serialNumber,
                                         V3Extension[] extensions)
                                  throws Exception

Creates a test certificate according to the X.509 Notation.

Depending on the subject ID either a self-signed CA certificate will be created or a user certificate.

Parameters:

subject - the user demanding the certificate (may be the certification authority itself)

pk - the subject´s public key to be certified

issuer - the certification authority that issues the certificate

sk - the issuer´s private key for signing the certificate

algorithm - the ID of the signature algorithm

serialNumber - the issuer-specific serial number of the certificate

Returns:

the certificate just created

Throws:

CertificateException - if the certificate cannot be created

start

public void start()

Creates some test certificate chains and writes them into .PEM files.

This method creates a - if not already existing - "test" sub-directory of the current working directory for writing the PEM encoded test certificate chains to it. Each chain is stored together with the the private key belonging to the subject´s certificate, which is located at index 0 of the chain.

This method creates two CA certificates and four user certificates. The CA certificate chains only hold the corresponding CA certificates, whereas the user certificate chains contain the user (subject) certificate at index 0 and the CA certificate at index 1. The private key giving a KeyAndCertificate structure together with the actual certificate chain, in any case belongs to the certificate at index 0. All generated keys have a modulus length of 1024 bits.

The following certificates (and keys) are created and saved to files:

• A Self-signed RSA certificate; saved to "test/caRSA.PEM"
• A Self-signed RSA certificate; saved to "test/caDSA.PEM"
• Two RSA/RSA user certificates; saved to "userRSAcert1.PEM" and "userRSAcert2.PEM"
• A DSA/DSA user certificate; saved to "userDSAcert.PEM"
• A DH/DSA user certificate; saved to "userDHcert.PEM"

Returns:

true if the generation was ok, false otherwise

main

public static void main(String[] arg)
                 throws IOException

Starts the certificate creation process.

Throws:

I/O - Exception an I/O error occurs when writing ti files