in modules/jdktools/src/main/java/org/apache/harmony/tools/keytool/KeyCertGenerator.java [392:505]
private static X509CertImpl genX509CertImpl(String sigAlgName, int version,
BigInteger serialNr, String strSubjectDN, String strIssuerDN,
long validity, PublicKey publicKey, PrivateKey privateKey,
String provider, boolean isCA) throws InvalidKeyException, SignatureException,
NoSuchAlgorithmException, IOException, NoSuchProviderException {
String[] sigAlgNameAndOID = getAlgNameAndOID(sigAlgName);
if (sigAlgNameAndOID[0] == null || sigAlgNameAndOID[1] == null) {
throw new NoSuchAlgorithmException("The algorithm " + sigAlgName
+ " is not found in the environment.");
}
sigAlgName = sigAlgNameAndOID[0];
String sigAlgOID = sigAlgNameAndOID[1];
AlgorithmIdentifier algId = new AlgorithmIdentifier(sigAlgOID);
// generate a distinguished name using the string
Name subjectDName = null;
Name issuerDName = null;
try {
subjectDName = new Name(strSubjectDN);
if (strSubjectDN.equals(strIssuerDN)) {
issuerDName = subjectDName;
} else {
issuerDName = new Name(strIssuerDN);
}
} catch (IOException e) {
throw (IOException) new IOException(
"Failed to generate a distinguished name. ").initCause(e);
}
// generate a SubjectPublicKeyInfo
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
try {
subjectPublicKeyInfo = (SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1
.decode(publicKey.getEncoded());
} catch (IOException e) {
throw (IOException) new IOException(
"Failed to decode SubjectPublicKeyInfo. ").initCause(e);
}
Extensions extensions = null;
if (version == 1 || version == 2) {
// generate extensions
extensions = new Extensions(Collections
.singletonList(new Extension("2.5.29.19", false,
new BasicConstraints(isCA, Integer.MAX_VALUE))));
}
// generate the TBSCertificate to put it into the X.509 cert
TBSCertificate tbsCertificate = new TBSCertificate(
// version
version,
// serial number
serialNr,
// signature algorithm identifier
algId,
// issuer
issuerDName,
// validity
new Validity(new Date(System.currentTimeMillis()), // notBefore
new Date(System.currentTimeMillis()
// 86400000 milliseconds in a day
+ validity * 86400000)), // notAfter
// subject
subjectDName,
// subjectPublicKeyInfo
subjectPublicKeyInfo,
// issuerUniqueID
null,
// subjectUniqueID
null,
// basic constraints
extensions);
// get the TBSCertificate encoding
byte[] tbsCertEncoding = tbsCertificate.getEncoded();
// generate the signature
Signature sig = null;
try {
sig = (provider == null) ? Signature.getInstance(sigAlgName)
: Signature.getInstance(sigAlgName, provider);
} catch (NoSuchAlgorithmException e) {
throw new NoSuchAlgorithmException("The algorithm " + sigAlgName
+ " is not found in the environment.", e);
} catch (NoSuchProviderException e) {
throw (NoSuchProviderException) new NoSuchProviderException(
"The provider " + provider
+ " is not found in the environment.").initCause(e);
}
try {
sig.initSign(privateKey);
} catch (InvalidKeyException e) {
throw new InvalidKeyException(
"The private key used to generate the signature is invalid.",
e);
}
byte[] signatureValue = null;
try {
sig.update(tbsCertEncoding, 0, tbsCertEncoding.length);
signatureValue = sig.sign();
} catch (SignatureException e) {
throw new SignatureException("Failed to sign the certificate. ", e);
}
// actual X.509 certificate generation
org.apache.harmony.security.x509.Certificate cert;
cert = new org.apache.harmony.security.x509.Certificate(tbsCertificate,
algId, signatureValue);
return new X509CertImpl(cert);
}