Class SelfSignedCertificateGenerator
- java.lang.Object
-
- net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator
-
public class SelfSignedCertificateGenerator extends Object
A helper class to generate self-signed keypairs.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classSelfSignedCertificateGenerator.CommandLineArgsManages command line parsing for application and the bean properties used by the generator.static classSelfSignedCertificateGenerator.FileConverterCommand line option conversion from String to File.
-
Field Summary
Fields Modifier and Type Field Description private SelfSignedCertificateGenerator.CommandLineArgsargsContainer for options that can be parsed from a command line.private org.slf4j.LoggerlogClass logger.
-
Constructor Summary
Constructors Constructor Description SelfSignedCertificateGenerator()Constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.bouncycastle.asn1.ASN1Encodable[]buildSubjectAltNames()Builds the subject alt names for the certificate.voidgenerate()The main routine.protected X509CertificategenerateCertificate(KeyPair keypair)Generates the self-signed certificate.protected KeyPairgenerateKeyPair()Generates the key pair for the certificate.static voidmain(String[] args)Command line entry point.voidsetCertificateAlg(String alg)Set the certificate algorithm that will be used.voidsetCertificateFile(File file)Set the file to which the certificate will be written.voidsetCertificateLifetime(int lifetime)Set the number of years for which the certificate will be valid.voidsetDNSSubjectAltNames(Collection<String> altNames)Set the optional DNS subject alt names.voidsetHostName(String name)Set the hostname that will appear in the certificate's DN.voidsetKeySize(int size)Set the size of the generated key.voidsetKeystoreFile(File file)Set the file to which the keystore will be written.voidsetKeystorePassword(String password)Set the password for the generated keystore.voidsetKeystoreType(String type)Set the type of keystore to create.voidsetKeyType(String type)Set the type of key that will be generated.voidsetPrivateKeyFile(File file)Set the file to which the private key will be written.voidsetURISubjectAltNames(Collection<String> altNames)Set the optional URI subject alt names.protected voidvalidate()Validates the settings.
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
Class logger.
-
args
@Nonnull private final SelfSignedCertificateGenerator.CommandLineArgs args
Container for options that can be parsed from a command line.
-
-
Method Detail
-
setKeyType
public void setKeyType(@Nonnull @NotEmpty String type)
Set the type of key that will be generated. Defaults to RSA.- Parameters:
type- type of key that will be generated
-
setKeySize
public void setKeySize(@Positive int size)
Set the size of the generated key. Defaults to 2048- Parameters:
size- size of the generated key
-
setCertificateLifetime
public void setCertificateLifetime(@Positive int lifetime)
Set the number of years for which the certificate will be valid.- Parameters:
lifetime- number of years for which the certificate will be valid
-
setCertificateAlg
public void setCertificateAlg(@Nonnull @NotEmpty String alg)
Set the certificate algorithm that will be used. Defaults to SHA256withRSA.- Parameters:
alg- certificate algorithm
-
setHostName
public void setHostName(@Nonnull @NotEmpty String name)
Set the hostname that will appear in the certificate's DN.- Parameters:
name- hostname that will appear in the certificate's DN
-
setPrivateKeyFile
public void setPrivateKeyFile(@Nullable File file)Set the file to which the private key will be written.- Parameters:
file- file to which the private key will be written
-
setCertificateFile
public void setCertificateFile(@Nullable File file)Set the file to which the certificate will be written.- Parameters:
file- file to which the certificate will be written
-
setKeystoreType
public void setKeystoreType(@Nonnull @NotEmpty String type)
Set the type of keystore to create.- Parameters:
type- keystore type
-
setKeystoreFile
public void setKeystoreFile(@Nullable File file)Set the file to which the keystore will be written.- Parameters:
file- file to which the keystore will be written
-
setKeystorePassword
public void setKeystorePassword(@Nullable String password)Set the password for the generated keystore.- Parameters:
password- password for the generated keystore
-
setDNSSubjectAltNames
public void setDNSSubjectAltNames(@Nonnull @NonnullElements Collection<String> altNames)
Set the optional DNS subject alt names.- Parameters:
altNames- collection of subject alt names.
-
setURISubjectAltNames
public void setURISubjectAltNames(@Nonnull @NonnullElements Collection<String> altNames)
Set the optional URI subject alt names.- Parameters:
altNames- collection of subject alt names.
-
generate
public void generate() throws ExceptionThe main routine.- Throws:
Exception- if an error occurs
-
validate
protected void validate()
Validates the settings.
-
generateKeyPair
@Nonnull protected KeyPair generateKeyPair() throws NoSuchAlgorithmException
Generates the key pair for the certificate.- Returns:
- key pair for the certificate
- Throws:
NoSuchAlgorithmException- if there is a problem generating the keys
-
generateCertificate
@Nonnull protected X509Certificate generateCertificate(@Nonnull KeyPair keypair) throws Exception
Generates the self-signed certificate.- Parameters:
keypair- keypair associated with the certificate- Returns:
- self-signed certificate
- Throws:
Exception- if an error occurs
-
buildSubjectAltNames
@Nonnull @NonnullElements protected org.bouncycastle.asn1.ASN1Encodable[] buildSubjectAltNames()
Builds the subject alt names for the certificate.- Returns:
- subject alt names for the certificate
-
-