Issue with Generating self-signed Certificate(X509), Private and Public key in Java Programatically

Question

I am facing issues when i tried generating the certificate using BouncyCastle or Sun.Security.*

Requirements- Android API support - For API 15 and API 8

I tried following ways to do it..

1) I tried using BouncyCastle jar with the following code

    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();

    v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()));

    v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
    v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
    //        
    v3CertGen.setPublicKey(KPair.getPublic());
    v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); 

    X509Certificate PKCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());

issues faced with this code:

• CertificateGenerator is depricated
• X509V3CertificateGenerator class is not identified
• tried with different versions of bouncycastle jars (1.45, 1.46, 1.47 & 1.57)
• tried using CertificateBuilder (code is below)

• SubjectPublicKeyInfo this class is not identified when i used this code.

      SubjectPublicKeyInfo publicKeyInfo = 
      SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
  
      X509v3CertificateBuilder myX509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("c=sree"), BigInteger.valueOf(new Random().nextInt(1000000)), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 *365 * 100)), new X500Name("c=sree"), publicKeyInfo);
  
      ContentSigner signer = new JcaContentSignerBuilder("Sha256withRSA").build(myCAPrivateKey);
      X509CertificateHolder certHolder = myX509v3CertificateBuilder.build(signer);
      X509Certificate cert = (new JcaX509CertificateConverter().getCertificate(certHolder));
  
      CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
      Certificate certcert = cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
  

2) I tried with Sun.Security.* package with the below code

import java.security.cert.X509Certificate;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.X500Name;

public class SelfSignedCertificateGeneration {
public static void main(String[] args){
    try{
        CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
        keyGen.generate(1024);

        //Generate self signed certificate
        X509Certificate[] chain=new X509Certificate[1];
        chain[0]=keyGen.getSelfCertificate(new X500Name("CN=ROOT"), (long)365*24*3600);

        System.out.println("Certificate : "+chain[0].toString());
    }catch(Exception ex){
        ex.printStackTrace();
    }
}

}

Issues faced with this code:

• CertAndKeyGen and few other class are not accessible

**

Is there any other way? please suggest me.

**

Answer 1

Old versions of android are shipped with a cut-down version of bouncycastle. So you can not trust that the functionality you need is complete. Try to include https://rtyley.github.io/spongycastle/, a repackage of Bouncy Castle for Android.

Specify dependencies in gradle

compile 'com.madgag.spongycastle:core:1.56.0.0'
compile 'com.madgag.spongycastle:prov:1.56.0.0'
compile 'com.madgag.spongycastle:pkix:1.56.0.0'
compile 'com.madgag.spongycastle:pg:1.56.0.0'

Package names have changed from org.bouncycastle.* to org.spongycastle.* and provider name from BC to SC

Here you have an example of using spongycastle to create a selfsigned certificate