private X509Certificate generateRootCertificate(String commonName, Date notBefore, Date notAfter) throws Exception {
X500Name issuer = new X500Name(commonName);
BigInteger serial = BigInteger.probablePrime(16, new Random());
SubjectPublicKeyInfo pubKeyInfo = convertToSubjectPublicKeyInfo(m_caKey.getPublic());
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo);
builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true))));
X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(m_caKey.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
|