package org.bouncycastle.x509;import java.io.ByteArrayInputStream;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.math.BigInteger;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.SecureRandom;import java.security.Signature;import java.security.SignatureException;import java.security.cert.CertificateParsingException;import java.security.cert.X509Certificate;import java.util.Date;import java.util.Hashtable;import java.util.Iterator;import java.util.Vector;import javax.security.auth.x500.X500Principal;import org.bouncycastle.asn1.*;import org.bouncycastle.asn1.x509.AlgorithmIdentifier;import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;import org.bouncycastle.asn1.x509.TBSCertificateStructure;import org.bouncycastle.asn1.x509.Time;import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;import org.bouncycastle.asn1.x509.X509CertificateStructure;import org.bouncycastle.asn1.x509.X509Extension;import org.bouncycastle.asn1.x509.X509Extensions;import org.bouncycastle.asn1.x509.X509Name;import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;import org.bouncycastle.jce.X509Principal;import org.bouncycastle.jce.provider.X509CertificateObject;import org.bouncycastle.x509.extension.X509ExtensionUtil;/** * class to produce an X.509 Version 3 certificate. */public class X509V3CertificateGenerator{    private V3TBSCertificateGenerator   tbsGen;    private DERObjectIdentifier         sigOID;    private AlgorithmIdentifier         sigAlgId;    private String                      signatureAlgorithm;    private Hashtable                   extensions = null;    private Vector                      extOrdering = null;    public X509V3CertificateGenerator()    {        tbsGen = new V3TBSCertificateGenerator();    }    /**     * reset the generator     */    public void reset()    {        tbsGen = new V3TBSCertificateGenerator();        extensions = null;        extOrdering = null;    }    /**     * set the serial number for the certificate.     */    public void setSerialNumber(        BigInteger      serialNumber)    {        if (serialNumber.compareTo(BigInteger.ZERO) <= 0)        {            throw new IllegalArgumentException("serial number must be a positive integer");        }                tbsGen.setSerialNumber(new DERInteger(serialNumber));    }    /**     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the     * certificate.     */    public void setIssuerDN(        X500Principal   issuer)    {        try        {            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));        }        catch (IOException e)        {            throw new IllegalArgumentException("can't process principal: " + e);        }    }        /**     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the     * certificate.     */    public void setIssuerDN(        X509Name   issuer)    {        tbsGen.setIssuer(issuer);    }    public void setNotBefore(        Date    date)    {        tbsGen.setStartDate(new Time(date));    }    public void setNotAfter(        Date    date)    {        tbsGen.setEndDate(new Time(date));    }    /**     * Set the subject distinguished name. The subject describes the entity associated with the public key.     */    public void setSubjectDN(        X500Principal   subject)    {        try        {            tbsGen.setSubject(new X509Principal(subject.getEncoded()));        }        catch (IOException e)        {            throw new IllegalArgumentException("can't process principal: " + e);        }    }        /**     * Set the subject distinguished name. The subject describes the entity associated with the public key.     */    public void setSubjectDN(        X509Name   subject)    {        tbsGen.setSubject(subject);    }    public void setPublicKey(        PublicKey       key)    {        try        {            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(                                new ByteArrayInputStream(key.getEncoded())).readObject()));        }        catch (Exception e)        {            throw new IllegalArgumentException("unable to process key - " + e.toString());        }    }    /**     * Set the signature algorithm. This can be either a name or an OID, names     * are treated as case insensitive.     *      * @param signatureAlgorithm string representation of the algorithm name.     */    public void setSignatureAlgorithm(        String  signatureAlgorithm)    {        this.signatureAlgorithm = signatureAlgorithm;        try        {            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);        }        catch (Exception e)        {            throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm);        }        sigAlgId = X509Util.getSigAlgID(sigOID);        tbsGen.setSignature(sigAlgId);    }    /**     * add a given extension field for the standard extensions tag (tag 3)     */    public void addExtension(        String          oid,        boolean         critical,        DEREncodable    value)    {        this.addExtension(new DERObjectIdentifier(oid), critical, value);    }    /**     * add a given extension field for the standard extensions tag (tag 3)     */    public void addExtension(        DERObjectIdentifier oid,        boolean             critical,        DEREncodable        value)    {        if (extensions == null)        {            extensions = new Hashtable();            extOrdering = new Vector();        }        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();        DEROutputStream         dOut = new DEROutputStream(bOut);        try        {            dOut.writeObject(value);        }        catch (IOException e)        {            throw new IllegalArgumentException("error encoding value: " + e);        }        this.addExtension(oid, critical, bOut.toByteArray());    }    /**     * add a given extension field for the standard extensions tag (tag 3)     * The value parameter becomes the contents of the octet string associated     * with the extension.     */    public void addExtension(        String          oid,        boolean         critical,        byte[]          value)    {        this.addExtension(new DERObjectIdentifier(oid), critical, value);    }    /**     * add a given extension field for the standard extensions tag (tag 3)     */    public void addExtension(        DERObjectIdentifier oid,        boolean             critical,        byte[]              value)    {        if (extensions == null)        {            extensions = new Hashtable();            extOrdering = new Vector();        }        extensions.put(oid, new X509Extension(critical, new DEROctetString(value)));        extOrdering.addElement(oid);    }    /**     * add a given extension field for the standard extensions tag (tag 3)     * copying the extension value from another certificate.     * @throws CertificateParsingException if the extension cannot be extracted.     */    public void copyAndAddExtension(        String          oid,        boolean         critical,        X509Certificate cert)         throws CertificateParsingException    {        byte[] extValue = cert.getExtensionValue(oid);                if (extValue == null)        {            throw new CertificateParsingException("extension " + oid + " not present");        }                try        {            ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);                this.addExtension(oid, critical, value);        }        catch (IOException e)        {            throw new CertificateParsingException(e.toString());        }    }    /**     * add a given extension field for the standard extensions tag (tag 3)     * copying the extension value from another certificate.     * @throws CertificateParsingException if the extension cannot be extracted.     */    public void copyAndAddExtension(        DERObjectIdentifier oid,        boolean             critical,        X509Certificate     cert)        throws CertificateParsingException    {        this.copyAndAddExtension(oid.getId(), critical, cert);    }    /**     * generate an X509 certificate, based on the current issuer and subject     * using the default provider "BC".     */    public X509Certificate generateX509Certificate(        PrivateKey      key)        throws SecurityException, SignatureException, InvalidKeyException    {        try        {            return generateX509Certificate(key, "BC", null);        }        catch (NoSuchProviderException e)        {            throw new SecurityException("BC provider not installed!");        }    }    /**     * generate an X509 certificate, based on the current issuer and subject     * using the default provider "BC", and the passed in source of randomness     * (if required).     */    public X509Certificate generateX509Certificate(        PrivateKey      key,        SecureRandom    random)        throws SecurityException, SignatureException, InvalidKeyException    {        try        {            return generateX509Certificate(key, "BC", random);        }        catch (NoSuchProviderException e)        {            throw new SecurityException("BC provider not installed!");        }    }    /**     * generate an X509 certificate, based on the current issuer and subject,     * using the passed in provider for the signing.     */    public X509Certificate generateX509Certificate(        PrivateKey      key,        String          provider)        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException    {        return generateX509Certificate(key, provider, null);    }    /**     * generate an X509 certificate, based on the current issuer and subject,     * using the passed in provider for the signing and the supplied source     * of randomness, if required.     */    public X509Certificate generateX509Certificate(        PrivateKey      key,        String          provider,        SecureRandom    random)        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException    {        Signature sig = null;        if (sigOID == null)        {            throw new IllegalStateException("no signature algorithm specified");        }        try        {            sig = Signature.getInstance(sigOID.getId(), provider);        }        catch (NoSuchAlgorithmException ex)        {            try            {                sig = Signature.getInstance(signatureAlgorithm, provider);            }            catch (NoSuchAlgorithmException e)            {                throw new SecurityException("exception creating signature: " + e.toString());            }        }        if (random != null)        {            sig.initSign(key, random);        }        else        {            sig.initSign(key);        }        if (extensions != null)        {            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));        }        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();        try        {            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();            DEROutputStream         dOut = new DEROutputStream(bOut);            dOut.writeObject(tbsCert);            sig.update(bOut.toByteArray());        }        catch (Exception e)        {            throw new SecurityException("exception encoding TBS cert - " + e);        }        ASN1EncodableVector  v = new ASN1EncodableVector();        v.add(tbsCert);        v.add(sigAlgId);        v.add(new DERBitString(sig.sign()));        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));    }        /**     * Return an iterator of the signature names supported by the generator.     *      * @return an iterator containing recognised names.     */    public Iterator getSignatureAlgNames()    {        return X509Util.getAlgNames();    }}