public final class SelfSignedCertificate
extends java.lang.Object
NOTE: Never use the certificate and private key generated by this class in production. It is purely for testing purposes, and thus it is very insecure. It even uses an insecure pseudo-random generator for faster generation internally.
A X.509 certificate file and a RSA private key file are generated in a system's temporary directory using
File.createTempFile(String, String)
, and they are deleted when the JVM exits using
File.deleteOnExit()
.
At first, this method tries to use OpenJDK's X.509 implementation (the sun.security.x509
package).
If it fails, it tries to use Bouncy Castle as a fallback.
Modifier and Type | Field and Description |
---|---|
private java.security.cert.X509Certificate |
cert |
private java.io.File |
certificate |
private static java.util.Date |
DEFAULT_NOT_AFTER
The maximum possible value in X.509 specification: 9999-12-31 23:59:59
|
private static java.util.Date |
DEFAULT_NOT_BEFORE
Current time minus 1 year, just in case software clock goes back due to time synchronization
|
private java.security.PrivateKey |
key |
private static InternalLogger |
logger |
private java.io.File |
privateKey |
Constructor and Description |
---|
SelfSignedCertificate()
Creates a new instance.
|
SelfSignedCertificate(java.util.Date notBefore,
java.util.Date notAfter)
Creates a new instance.
|
SelfSignedCertificate(java.lang.String fqdn)
Creates a new instance.
|
SelfSignedCertificate(java.lang.String fqdn,
java.util.Date notBefore,
java.util.Date notAfter)
Creates a new instance.
|
SelfSignedCertificate(java.lang.String fqdn,
java.security.SecureRandom random,
int bits)
Creates a new instance.
|
SelfSignedCertificate(java.lang.String fqdn,
java.security.SecureRandom random,
int bits,
java.util.Date notBefore,
java.util.Date notAfter)
Creates a new instance.
|
Modifier and Type | Method and Description |
---|---|
java.security.cert.X509Certificate |
cert()
Returns the generated X.509 certificate.
|
java.io.File |
certificate()
Returns the generated X.509 certificate file in PEM format.
|
void |
delete()
Deletes the generated X.509 certificate file and RSA private key file.
|
java.security.PrivateKey |
key()
Returns the generated RSA private key.
|
(package private) static java.lang.String[] |
newSelfSignedCertificate(java.lang.String fqdn,
java.security.PrivateKey key,
java.security.cert.X509Certificate cert) |
java.io.File |
privateKey()
Returns the generated RSA private key file in PEM format.
|
private static void |
safeClose(java.io.File keyFile,
java.io.OutputStream keyOut) |
private static void |
safeDelete(java.io.File certFile) |
private static final InternalLogger logger
private static final java.util.Date DEFAULT_NOT_BEFORE
private static final java.util.Date DEFAULT_NOT_AFTER
private final java.io.File certificate
private final java.io.File privateKey
private final java.security.cert.X509Certificate cert
private final java.security.PrivateKey key
public SelfSignedCertificate() throws java.security.cert.CertificateException
java.security.cert.CertificateException
public SelfSignedCertificate(java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
notBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timejava.security.cert.CertificateException
public SelfSignedCertificate(java.lang.String fqdn) throws java.security.cert.CertificateException
fqdn
- a fully qualified domain namejava.security.cert.CertificateException
public SelfSignedCertificate(java.lang.String fqdn, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
fqdn
- a fully qualified domain namenotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timejava.security.cert.CertificateException
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits) throws java.security.cert.CertificateException
fqdn
- a fully qualified domain namerandom
- the SecureRandom
to usebits
- the number of bits of the generated private keyjava.security.cert.CertificateException
public SelfSignedCertificate(java.lang.String fqdn, java.security.SecureRandom random, int bits, java.util.Date notBefore, java.util.Date notAfter) throws java.security.cert.CertificateException
fqdn
- a fully qualified domain namerandom
- the SecureRandom
to usebits
- the number of bits of the generated private keynotBefore
- Certificate is not valid before this timenotAfter
- Certificate is not valid after this timejava.security.cert.CertificateException
public java.io.File certificate()
public java.io.File privateKey()
public java.security.cert.X509Certificate cert()
public java.security.PrivateKey key()
public void delete()
static java.lang.String[] newSelfSignedCertificate(java.lang.String fqdn, java.security.PrivateKey key, java.security.cert.X509Certificate cert) throws java.io.IOException, java.security.cert.CertificateEncodingException
java.io.IOException
java.security.cert.CertificateEncodingException
private static void safeDelete(java.io.File certFile)
private static void safeClose(java.io.File keyFile, java.io.OutputStream keyOut)