Package io.netty.handler.ssl.util
Class SelfSignedCertificate
- java.lang.Object
-
- io.netty.handler.ssl.util.SelfSignedCertificate
-
public final class SelfSignedCertificate extends java.lang.ObjectGenerates a temporary self-signed certificate for testing purposes.NOTE: Never use the certificate and private key generated by this class in production. It is purely for testing purposes, and thus it is very insecure. It even uses an insecure pseudo-random generator for faster generation internally.
An X.509 certificate file and a EC/RSA private key file are generated in a system's temporary directory using
File.createTempFile(String, String), and they are deleted when the JVM exits usingFile.deleteOnExit().At first, this method tries to use OpenJDK's X.509 implementation (the
sun.security.x509package). If it fails, it tries to use Bouncy Castle as a fallback.
-
-
Field Summary
Fields Modifier and Type Field Description private java.security.cert.X509Certificatecertprivate java.io.Filecertificateprivate static intDEFAULT_KEY_LENGTH_BITSFIPS 140-2 encryption requires the RSA key length to be 2048 bits or greater.private static java.util.DateDEFAULT_NOT_AFTERThe maximum possible value in X.509 specification: 9999-12-31 23:59:59private static java.util.DateDEFAULT_NOT_BEFORECurrent time minus 1 year, just in case software clock goes back due to time synchronizationprivate java.security.PrivateKeykeyprivate static InternalLoggerloggerprivate java.io.FileprivateKey
-
Constructor Summary
Constructors Constructor Description SelfSignedCertificate()Creates a new instance.SelfSignedCertificate(java.lang.String fqdn)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.lang.String algorithm, int bits)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, java.lang.String algorithm, int bits)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter)Creates a new instance.SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits)Creates a new instance.SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter)Creates a new instance.SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits)Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.security.cert.X509Certificatecert()Returns the generated X.509 certificate.java.io.Filecertificate()Returns the generated X.509 certificate file in PEM format.voiddelete()Deletes the generated X.509 certificate file and RSA private key file.java.security.PrivateKeykey()Returns the generated RSA private key.(package private) static java.lang.String[]newSelfSignedCertificate(java.lang.String fqdn, java.security.PrivateKey key, java.security.cert.X509Certificate cert)java.io.FileprivateKey()Returns the generated RSA private key file in PEM format.private static voidsafeClose(java.io.File keyFile, java.io.OutputStream keyOut)private static voidsafeDelete(java.io.File certFile)
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
DEFAULT_NOT_BEFORE
private static final java.util.Date DEFAULT_NOT_BEFORE
Current time minus 1 year, just in case software clock goes back due to time synchronization
-
DEFAULT_NOT_AFTER
private static final java.util.Date DEFAULT_NOT_AFTER
The maximum possible value in X.509 specification: 9999-12-31 23:59:59
-
DEFAULT_KEY_LENGTH_BITS
private static final int DEFAULT_KEY_LENGTH_BITS
FIPS 140-2 encryption requires the RSA key length to be 2048 bits or greater. Let's use that as a sane default but allow the default to be set dynamically for those that need more stringent security requirements.
-
certificate
private final java.io.File certificate
-
privateKey
private final java.io.File privateKey
-
cert
private final java.security.cert.X509Certificate cert
-
key
private final java.security.PrivateKey key
-
-
Constructor Detail
-
SelfSignedCertificate
public SelfSignedCertificate() throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Parameters:
notBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits) throws java.security.cert.CertificateExceptionCreates a new instance.- Parameters:
notBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this timealgorithm- Key pair algorithmbits- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn) throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Parameters:
fqdn- a fully qualified domain name- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.lang.String algorithm, int bits) throws java.security.cert.CertificateExceptionCreates a new instance.- Parameters:
fqdn- a fully qualified domain namealgorithm- Key pair algorithmbits- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Parameters:
fqdn- a fully qualified domain namenotBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm, int bits) throws java.security.cert.CertificateExceptionCreates a new instance.- Parameters:
fqdn- a fully qualified domain namenotBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this timealgorithm- Key pair algorithmbits- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits) throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Parameters:
fqdn- a fully qualified domain namerandom- theSecureRandomto usebits- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, java.lang.String algorithm, int bits) throws java.security.cert.CertificateExceptionCreates a new instance.- Parameters:
fqdn- a fully qualified domain namerandom- theSecureRandomto usealgorithm- Key pair algorithmbits- the number of bits of the generated private key- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateExceptionCreates a new instance.Algorithm: RSA
- Parameters:
fqdn- a fully qualified domain namerandom- theSecureRandomto usebits- the number of bits of the generated private keynotBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this time- Throws:
java.security.cert.CertificateException
-
SelfSignedCertificate
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter, java.lang.String algorithm) throws java.security.cert.CertificateExceptionCreates a new instance.- Parameters:
fqdn- a fully qualified domain namerandom- theSecureRandomto usebits- the number of bits of the generated private keynotBefore- Certificate is not valid before this timenotAfter- Certificate is not valid after this timealgorithm- Key pair algorithm- Throws:
java.security.cert.CertificateException
-
-
Method Detail
-
certificate
public java.io.File certificate()
Returns the generated X.509 certificate file in PEM format.
-
privateKey
public java.io.File privateKey()
Returns the generated RSA private key file in PEM format.
-
cert
public java.security.cert.X509Certificate cert()
Returns the generated X.509 certificate.
-
key
public java.security.PrivateKey key()
Returns the generated RSA private key.
-
delete
public void delete()
Deletes the generated X.509 certificate file and RSA private key file.
-
newSelfSignedCertificate
static java.lang.String[] newSelfSignedCertificate(java.lang.String fqdn, java.security.PrivateKey key, java.security.cert.X509Certificate cert) throws java.io.IOException, java.security.cert.CertificateEncodingException- Throws:
java.io.IOExceptionjava.security.cert.CertificateEncodingException
-
safeDelete
private static void safeDelete(java.io.File certFile)
-
safeClose
private static void safeClose(java.io.File keyFile, java.io.OutputStream keyOut)
-
-