Package io.netty.handler.ssl.util
Class SelfSignedCertificate
- java.lang.Object
-
- io.netty.handler.ssl.util.SelfSignedCertificate
-
public final class SelfSignedCertificate extends java.lang.Object
Generates a temporary self-signed certificate for testing purposes.NOTE: Never use the certificate and private key generated by this class in production. It is purely for testing purposes, and thus it is very insecure. It even uses an insecure pseudo-random generator for faster generation internally.
An X.509 certificate file and a EC/RSA private key file are generated in a system's temporary directory using
File.createTempFile(String, String)
, and they are deleted when the JVM exits usingFile.deleteOnExit()
.At first, this method tries to use OpenJDK's X.509 implementation (the
sun.security.x509
package). If it fails, it tries to use Bouncy Castle as a fallback.
-
-
Field Summary
Fields Modifier and Type Field Description private java.security.cert.X509Certificate
cert
private java.io.File
certificate
private static int
DEFAULT_KEY_LENGTH_BITS
FIPS 140-2 encryption requires the RSA key length to be 2048 bits or greater.private static java.util.Date
DEFAULT_NOT_AFTER
The maximum possible value in X.509 specification: 9999-12-31 23:59:59private static java.util.Date
DEFAULT_NOT_BEFORE
Current time minus 1 year, just in case software clock goes back due to time synchronizationprivate java.security.PrivateKey
key
private static InternalLogger
logger
private java.io.File
privateKey
-
Constructor Summary
Constructors Constructor Description SelfSignedCertificate()
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.lang.String algorithm, int bits)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, java.lang.String algorithm, int bits)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter)
Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits)
Creates a new instance.SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter)
Creates a new instance.SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits)
Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.security.cert.X509Certificate
cert()
Returns the generated X.509 certificate.java.io.File
certificate()
Returns the generated X.509 certificate file in PEM format.void
delete()
Deletes the generated X.509 certificate file and EC/RSA private key file.private static boolean
isBouncyCastleAvailable()
java.security.PrivateKey
key()
Returns the generated EC/RSA private key.(package private) static java.lang.String[]
newSelfSignedCertificate(java.lang.String fqdn, java.security.PrivateKey key, java.security.cert.X509Certificate cert)
java.io.File
privateKey()
Returns the generated EC/RSA private key file in PEM format.private static void
safeClose(java.io.File keyFile, java.io.OutputStream keyOut)
private static void
safeDelete(java.io.File certFile)
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
DEFAULT_NOT_BEFORE
private static final java.util.Date DEFAULT_NOT_BEFORE
Current time minus 1 year, just in case software clock goes back due to time synchronization
-
DEFAULT_NOT_AFTER
private static final java.util.Date DEFAULT_NOT_AFTER
The maximum possible value in X.509 specification: 9999-12-31 23:59:59
-
DEFAULT_KEY_LENGTH_BITS
private static final int DEFAULT_KEY_LENGTH_BITS
FIPS 140-2 encryption requires the RSA key length to be 2048 bits or greater. Let's use that as a sane default but allow the default to be set dynamically for those that need more stringent security requirements.
-
certificate
private final java.io.File certificate
-
privateKey
private final java.io.File privateKey
-
cert
private final java.security.cert.X509Certificate cert
-
key
private final java.security.PrivateKey key
-
-
Constructor Detail
-
SelfSignedCertificate
public SelfSignedCertificate() throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Parameters:
notBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits) throws java.security.cert.CertificateException
Creates a new instance.- Parameters:
notBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timealgorithm
- Key pair algorithmbits
- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn) throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Parameters:
fqdn
- a fully qualified domain name- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.lang.String algorithm, int bits) throws java.security.cert.CertificateException
Creates a new instance.- Parameters:
fqdn
- a fully qualified domain namealgorithm
- Key pair algorithmbits
- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Parameters:
fqdn
- a fully qualified domain namenotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits) throws java.security.cert.CertificateException
Creates a new instance.- Parameters:
fqdn
- a fully qualified domain namenotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timealgorithm
- Key pair algorithmbits
- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits) throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Parameters:
fqdn
- a fully qualified domain namerandom
- theSecureRandom
to usebits
- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, java.lang.String algorithm, int bits) throws java.security.cert.CertificateException
Creates a new instance.- Parameters:
fqdn
- a fully qualified domain namerandom
- theSecureRandom
to usealgorithm
- Key pair algorithmbits
- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
Creates a new instance.Algorithm: RSA
- Parameters:
fqdn
- a fully qualified domain namerandom
- theSecureRandom
to usebits
- the number of bits of the generated private keynotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm) throws java.security.cert.CertificateException
Creates a new instance.- Parameters:
fqdn
- a fully qualified domain namerandom
- theSecureRandom
to usebits
- the number of bits of the generated private keynotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timealgorithm
- Key pair algorithm- Throws:
java.security.cert.CertificateException
-
-
Method Detail
-
certificate
public java.io.File certificate()
Returns the generated X.509 certificate file in PEM format.
-
privateKey
public java.io.File privateKey()
Returns the generated EC/RSA private key file in PEM format.
-
cert
public java.security.cert.X509Certificate cert()
Returns the generated X.509 certificate.
-
key
public java.security.PrivateKey key()
Returns the generated EC/RSA private key.
-
delete
public void delete()
Deletes the generated X.509 certificate file and EC/RSA private key file.
-
newSelfSignedCertificate
static java.lang.String[] newSelfSignedCertificate(java.lang.String fqdn, java.security.PrivateKey key, java.security.cert.X509Certificate cert) throws java.io.IOException, java.security.cert.CertificateEncodingException
- Throws:
java.io.IOException
java.security.cert.CertificateEncodingException
-
safeDelete
private static void safeDelete(java.io.File certFile)
-
safeClose
private static void safeClose(java.io.File keyFile, java.io.OutputStream keyOut)
-
isBouncyCastleAvailable
private static boolean isBouncyCastleAvailable()
-
-