cert-signer.git

ref: 7405e0d77d08d29a7fc68a85eea13035386f5408

src/main/java/net/lulli/certsigner/ca/CertificateData.java

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

/* 
 * This file is part of cert-signer
 * Copyright (c) 2024 Paolo Lulli.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package net.lulli.certsigner.ca;

import net.lulli.certsigner.util.Serde;
import net.lulli.certsigner.util.PemUtil;
import net.lulli.certsigner.Settings;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Objects;

public class CertificateData {

    private final String certificateSubject;
    private String pemCertificate;

    private CertificateData(String certificateSubject) {
        Objects.requireNonNull(certificateSubject);

        this.certificateSubject = certificateSubject;
    }

    public static CertificateData withSubject(String rootSubject) {
        return new CertificateData(rootSubject);
    }

    public String certificate() {
        return pemCertificate;
    }


    public void sign(
            String pemPrivateKey,
            String pemRootCertificate,
            PKCS10CertificationRequest csr,
            String rootSubject
    ) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            PrivateKey caPrivateKey = Serde.readPKCS8PrivateKey(pemPrivateKey);
            X509Certificate rootCert = Serde.readX509Certificate(pemRootCertificate);
            PublicKey caPublicKey = rootCert.getPublicKey();

            X509Certificate issuedCert = CertificateIssue.clientCertificate(
                    caPrivateKey,
                    rootSubject,
                    rootCert,
                    csr);

            issuedCert.verify(caPublicKey, Settings.BC_PROVIDER);
            this.pemCertificate = PemUtil.toString(issuedCert);

        } catch (Exception e) {
            throw new IllegalStateException(e.getMessage());
        }
    }
}