How do I take an existing X509Certificate, make an exact copy and alter the contents for testing purposes? The sort of things I would like to alter is to invalidate the signature, change parts of the subject field, change Certificate Policies extension field, change the Basic Constraints extension field, set it as expired, etc.
Is there existing functionality (Java) that allows me to do this?
I am not sure you can actually do this ... part of the benefit of certificates like these is that they can't be tampered with and modified.
Can you not just create your own test one instead? It would probably be easier then trying to modify an existing one.
I might be wrong on this one, but I am not aware of anyway of doing this.
A certificate is digitally signed by the issuing Certificate Authority (or self-signed). Any alteration to the content will invalidate the signature, so if you make a copy of an existing certificate to change some attributes you will need a new signature
If you owns the private key you could request a new certificate to the CA using the same public key, but with different fields. You could also sign it with your own CA, or if it is a self signed one, sign it with the private key.
For testing purposes you can build your own certificates with bouncycastle. For example you can use the code of Self signed X509 Certificate with Bouncy Castle in Java
