Package net.shibboleth.shared.security.impl

Class SelfSignedCertificateGenerator

java.lang.Object
net.shibboleth.shared.security.impl.SelfSignedCertificateGenerator
public class SelfSignedCertificateGenerator extends Object
A helper class to generate self-signed keypairs.

  • Field Details

  • Constructor Details

    • SelfSignedCertificateGenerator

      public SelfSignedCertificateGenerator()
      Constructor.

  • Method Details

    • setKeyType

      public void setKeyType(@Nonnull @NotEmpty String type)
      Set the type of key that will be generated. Defaults to RSA.
      Parameters:
      type - type of key that will be generated

    • setKeySize

      public void setKeySize(@Positive int size)
      Set the size of the generated key. Defaults to 2048
      Parameters:
      size - size of the generated key

    • setCertificateLifetime

      public void setCertificateLifetime(@Positive int lifetime)
      Set the number of years for which the certificate will be valid.
      Parameters:
      lifetime - number of years for which the certificate will be valid

    • setCertificateAlg

      public void setCertificateAlg(@Nonnull @NotEmpty String alg)
      Set the certificate algorithm that will be used. Defaults to SHA256withRSA.
      Parameters:
      alg - certificate algorithm

    • setHostName

      public void setHostName(@Nonnull @NotEmpty String name)
      Set the hostname that will appear in the certificate's DN.
      Parameters:
      name - hostname that will appear in the certificate's DN

    • setPrivateKeyFile

      public void setPrivateKeyFile(@Nullable File file)
      Set the file to which the private key will be written.
      Parameters:
      file - file to which the private key will be written

    • setCertificateFile

      public void setCertificateFile(@Nullable File file)
      Set the file to which the certificate will be written.
      Parameters:
      file - file to which the certificate will be written

    • setKeystoreType

      public void setKeystoreType(@Nonnull @NotEmpty String type)
      Set the type of keystore to create.
      Parameters:
      type - keystore type

    • setKeystoreFile

      public void setKeystoreFile(@Nullable File file)
      Set the file to which the keystore will be written.
      Parameters:
      file - file to which the keystore will be written

    • setKeystorePassword

      public void setKeystorePassword(@Nullable String password)
      Set the password for the generated keystore.
      Parameters:
      password - password for the generated keystore

    • setDNSSubjectAltNames

      public void setDNSSubjectAltNames(@Nonnull Collection<String> altNames)
      Set the optional DNS subject alt names.
      Parameters:
      altNames - collection of subject alt names.

    • setURISubjectAltNames

      public void setURISubjectAltNames(@Nonnull Collection<String> altNames)
      Set the optional URI subject alt names.
      Parameters:
      altNames - collection of subject alt names.

    • generate

      public void generate() throws Exception
      The main routine.
      Throws:
      Exception - if an error occurs

    • validate

      protected void validate()
      Validates the settings.

    • generateKeyPair

      @Nonnull protected KeyPair generateKeyPair() throws NoSuchAlgorithmException
      Generates the key pair for the certificate.
      Returns:
      key pair for the certificate
      Throws:
      NoSuchAlgorithmException - if there is a problem generating the keys

    • generateCertificate

      @Nonnull protected X509Certificate generateCertificate(@Nonnull KeyPair keypair) throws Exception
      Generates the self-signed certificate.
      Parameters:
      keypair - keypair associated with the certificate
      Returns:
      self-signed certificate
      Throws:
      Exception - if an error occurs

    • buildSubjectAltNames

      @Nonnull protected org.bouncycastle.asn1.ASN1Encodable[] buildSubjectAltNames()
      Builds the subject alt names for the certificate.
      Returns:
      subject alt names for the certificate

    • main

      public static void main(@Nonnull String[] args) throws Exception
      Command line entry point.
      Parameters:
      args - command line arguments
      Throws:
      Exception - if something goes wrong