in modules/jretools/src/main/java/org/apache/harmony/jretools/keytool/KeyCertGenerator.java [277:367]
static void selfCert(KeytoolParameters param)
throws NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException, InvalidKeyException, SignatureException,
NoSuchProviderException, IOException, KeytoolException,
CertificateException {
String alias = param.getAlias();
KeyStore keyStore = param.getKeyStore();
if (!keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
throw new KeytoolException("Failed to generate a certificate. "
+ "Entry <" + alias + "> is not a private key entry");
}
// get the keys and the certificate from the keystore
PrivateKey privateKey;
try {
privateKey = (PrivateKey) keyStore
.getKey(alias, param.getKeyPass());
} catch (NoSuchAlgorithmException e) {
throw new NoSuchAlgorithmException(
"Cannot find the algorithm to recover the key. ", e);
}
// get the certificate currently associated with the alias
X509Certificate existing = (X509Certificate) keyStore
.getCertificate(alias);
// setting certificate attributes
// signature algorithm name
String sigAlgName = (param.getSigAlg() != null) ? param.getSigAlg()
: existing.getSigAlgName();
// X.500 distinguished name
String distinguishedName = (param.getDName() != null) ? param
.getDName() : existing.getSubjectDN().getName();
// validity period. It is 90 days by default
long validity = (param.getValidity() != 0) ? param.getValidity() : 90;
// set the X.509 version to use with the certificate
int version = (param.getX509version() != 0) ?
// TBSCertificate needs 0, 1 or 2 as version in constructor (not 1,2,3);
param.getX509version() - 1 : 2; // X.509 v.3 certificates by default
// set certificate serial number
int randomInt = new Random().nextInt();
if (randomInt < 0) {
randomInt = -randomInt;
}
BigInteger serialNr = (param.getCertSerialNr() != 0) ? BigInteger
.valueOf(param.getCertSerialNr()) : BigInteger
.valueOf(randomInt);
// generate a new certificate
String sigProvider = (param.getSigProvider() != null) ? param
.getSigProvider() : param.getProvider();
X509CertImpl x509cert = genX509CertImpl(sigAlgName, version, serialNr,
distinguishedName, distinguishedName, validity, existing
.getPublicKey(), privateKey, sigProvider, param.isCA());
if (param.isVerbose()) {
System.out.println("New self-signed certificate: ");
System.out.println("Version: v" + x509cert.getVersion());
System.out.println("Owner: " + x509cert.getSubjectX500Principal());
System.out.println("Issuer: " + x509cert.getIssuerX500Principal());
System.out.println("Public key: " + x509cert.getPublicKey());
System.out
.println("Signature algorithm: OID."
+ x509cert.getSigAlgOID() + ", "
+ x509cert.getSigAlgName());
System.out
.println("Serial number: "
// String.format("%x", x509cert.getSerialNumber()));
// TODO: print with String.format(..) when the
// method is
// implemented, and remove Integer.toHexString(..).
+ Integer.toHexString(x509cert.getSerialNumber()
.intValue()));
System.out.println("Validity: \n From: "
+ x509cert.getNotBefore() + "\n To: "
+ x509cert.getNotAfter());
}
// put the new certificate into the entry, associated with the alias
keyStore.setKeyEntry(alias, privateKey, param.getKeyPass(),
new X509Certificate[] { x509cert });
param.setNeedSaveKS(true);
}