Security Java Tutorial

  1. Home
  2. Java Tutorial
  3. Security
  4. Creating a Certificate in Java
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.Date;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
public class MainClass {
  public static void main(String[] args) throws Exception {
    String keystoreFile = "keyStoreFile.bin";
    String caAlias = "caAlias";
    String certToSignAlias = "cert";
    String newAlias = "newAlias";
    char[] password = new char[]{'a','b','c','d','e','f','g','h'};
    char[] caPassword = new char[]{'a','b','c','d','e','f','g','h'};
    char[] certPassword = new char[]{'a','b','c','d','e','f','g','h'};
    FileInputStream input = new FileInputStream(keystoreFile);
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(input, password);
    input.close();
    PrivateKey caPrivateKey = (PrivateKey) keyStore.getKey(caAlias, caPassword);
    java.security.cert.Certificate caCert = keyStore.getCertificate(caAlias);
    byte[] encoded = caCert.getEncoded();
    X509CertImpl caCertImpl = new X509CertImpl(encoded);
    X509CertInfo caCertInfo = (X509CertInfo) caCertImpl.get(X509CertImpl.NAME + "."
        + X509CertImpl.INFO);
    X500Name issuer = (X500Name) caCertInfo.get(X509CertInfo.SUBJECT + "."
        + CertificateIssuerName.DN_NAME);
    java.security.cert.Certificate cert = keyStore.getCertificate(certToSignAlias);
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(certToSignAlias, certPassword);
    encoded = cert.getEncoded();
    X509CertImpl certImpl = new X509CertImpl(encoded);
    X509CertInfo certInfo = (X509CertInfo) certImpl
        .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
    Date firstDate = new Date();
    Date lastDate = new Date(firstDate.getTime() + 365 * 24 * 60 * 60 * 1000L);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    certInfo.set(X509CertInfo.VALIDITY, interval);
    certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
        (int) (firstDate.getTime() / 1000)));
    certInfo.set(X509CertInfo.ISSUER + "." + CertificateSubjectName.DN_NAME, issuer);
    AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm);
    X509CertImpl newCert = new X509CertImpl(certInfo);
    newCert.sign(caPrivateKey, "MD5WithRSA");
    keyStore.setKeyEntry(newAlias, privateKey, certPassword,
        new java.security.cert.Certificate[] { newCert });
    FileOutputStream output = new FileOutputStream(keystoreFile);
    keyStore.store(output, password);
    output.close();
  }
}