Class SelfSignedCertificate

java.lang.Object
io.netty.handler.ssl.util.SelfSignedCertificate

public final class SelfSignedCertificate extends Object
Generates a temporary self-signed certificate for testing purposes.

NOTE: Never use the certificate and private key generated by this class in production. It is purely for testing purposes, and thus it is very insecure. It even uses an insecure pseudo-random generator for faster generation internally.

An X.509 certificate file and a EC/RSA private key file are generated in a system's temporary directory using File.createTempFile(String, String), and they are deleted when the JVM exits using File.deleteOnExit().

At first, this method tries to use OpenJDK's X.509 implementation (the sun.security.x509 package). If it fails, it tries to use Bouncy Castle as a fallback.

  • Field Details

    • logger

      private static final InternalLogger logger
    • DEFAULT_NOT_BEFORE

      private static final Date DEFAULT_NOT_BEFORE
      Current time minus 1 year, just in case software clock goes back due to time synchronization
    • DEFAULT_NOT_AFTER

      private static final Date DEFAULT_NOT_AFTER
      The maximum possible value in X.509 specification: 9999-12-31 23:59:59
    • DEFAULT_KEY_LENGTH_BITS

      private static final int DEFAULT_KEY_LENGTH_BITS
      FIPS 140-2 encryption requires the RSA key length to be 2048 bits or greater. Let's use that as a sane default but allow the default to be set dynamically for those that need more stringent security requirements.
    • certificate

      private final File certificate
    • privateKey

      private final File privateKey
    • cert

      private final X509Certificate cert
    • key

      private final PrivateKey key
  • Constructor Details

    • SelfSignedCertificate

      public SelfSignedCertificate() throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(Date notBefore, Date notAfter) throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Parameters:
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(Date notBefore, Date notAfter, String algorithm, int bits) throws CertificateException
      Creates a new instance.
      Parameters:
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      algorithm - Key pair algorithm
      bits - the number of bits of the generated private key
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn) throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Parameters:
      fqdn - a fully qualified domain name
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, String algorithm, int bits) throws CertificateException
      Creates a new instance.
      Parameters:
      fqdn - a fully qualified domain name
      algorithm - Key pair algorithm
      bits - the number of bits of the generated private key
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, Date notBefore, Date notAfter) throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Parameters:
      fqdn - a fully qualified domain name
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, Date notBefore, Date notAfter, String algorithm, int bits) throws CertificateException
      Creates a new instance.
      Parameters:
      fqdn - a fully qualified domain name
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      algorithm - Key pair algorithm
      bits - the number of bits of the generated private key
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, SecureRandom random, int bits) throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Parameters:
      fqdn - a fully qualified domain name
      random - the SecureRandom to use
      bits - the number of bits of the generated private key
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, SecureRandom random, String algorithm, int bits) throws CertificateException
      Creates a new instance.
      Parameters:
      fqdn - a fully qualified domain name
      random - the SecureRandom to use
      algorithm - Key pair algorithm
      bits - the number of bits of the generated private key
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, SecureRandom random, int bits, Date notBefore, Date notAfter) throws CertificateException
      Creates a new instance.

      Algorithm: RSA

      Parameters:
      fqdn - a fully qualified domain name
      random - the SecureRandom to use
      bits - the number of bits of the generated private key
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      Throws:
      CertificateException
    • SelfSignedCertificate

      public SelfSignedCertificate(String fqdn, SecureRandom random, int bits, Date notBefore, Date notAfter, String algorithm) throws CertificateException
      Creates a new instance.
      Parameters:
      fqdn - a fully qualified domain name
      random - the SecureRandom to use
      bits - the number of bits of the generated private key
      notBefore - Certificate is not valid before this time
      notAfter - Certificate is not valid after this time
      algorithm - Key pair algorithm
      Throws:
      CertificateException
  • Method Details

    • certificate

      public File certificate()
      Returns the generated X.509 certificate file in PEM format.
    • privateKey

      public File privateKey()
      Returns the generated EC/RSA private key file in PEM format.
    • cert

      public X509Certificate cert()
      Returns the generated X.509 certificate.
    • key

      public PrivateKey key()
      Returns the generated EC/RSA private key.
    • delete

      public void delete()
      Deletes the generated X.509 certificate file and EC/RSA private key file.
    • newSelfSignedCertificate

      static String[] newSelfSignedCertificate(String fqdn, PrivateKey key, X509Certificate cert) throws IOException, CertificateEncodingException
      Throws:
      IOException
      CertificateEncodingException
    • safeDelete

      private static void safeDelete(File certFile)
    • safeClose

      private static void safeClose(File keyFile, OutputStream keyOut)
    • isBouncyCastleAvailable

      private static boolean isBouncyCastleAvailable()