net.shibboleth.utilities.java.support.security

Class SelfSignedCertificateGenerator

java.lang.Object

net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator

public class SelfSignedCertificateGenerator
extends java.lang.Object

A helper class to generate self-signed keypairs.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	SelfSignedCertificateGenerator.CommandLineArgs Manages command line parsing for application and the bean properties used by the generator.
static class	SelfSignedCertificateGenerator.FileConverter Command line option conversion from String to File.

Field Summary

Fields

Modifier and Type	Field and Description
private SelfSignedCertificateGenerator.CommandLineArgs	args Container for options that can be parsed from a command line.
private org.slf4j.Logger	log Class logger.

Constructor Summary

Constructors

Constructor and Description
SelfSignedCertificateGenerator() Constructor.

Method Summary

Modifier and Type	Method and Description
protected org.bouncycastle.asn1.ASN1Encodable[]	buildSubjectAltNames() Builds the subject alt names for the certificate.
void	generate() The main routine.
protected java.security.cert.X509Certificate	generateCertificate(java.security.KeyPair keypair) Generates the self-signed certificate.
protected java.security.KeyPair	generateKeyPair() Generates the key pair for the certificate.
static void	main(java.lang.String[] args) Command line entry point.
void	setCertificateAlg(java.lang.String alg) Set the certificate algorithm that will be used.
void	setCertificateFile(java.io.File file) Set the file to which the certificate will be written.
void	setCertificateLifetime(int lifetime) Set the number of years for which the certificate will be valid.
void	setDNSSubjectAltNames(java.util.Collection<java.lang.String> altNames) Set the optional DNS subject alt names.
void	setHostName(java.lang.String name) Set the hostname that will appear in the certificate's DN.
void	setKeySize(int size) Set the size of the generated key.
void	setKeystoreFile(java.io.File file) Set the file to which the keystore will be written.
void	setKeystorePassword(java.lang.String password) Set the password for the generated keystore.
void	setKeystoreType(java.lang.String type) Set the type of keystore to create.
void	setKeyType(java.lang.String type) Set the type of key that will be generated.
void	setPrivateKeyFile(java.io.File file) Set the file to which the private key will be written.
void	setURISubjectAltNames(java.util.Collection<java.lang.String> altNames) Set the optional URI subject alt names.
protected void	validate() Validates the settings.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Class logger.

args

@Nonnull
private final SelfSignedCertificateGenerator.CommandLineArgs args

Container for options that can be parsed from a command line.

Constructor Detail

SelfSignedCertificateGenerator

public SelfSignedCertificateGenerator()

Constructor.

Method Detail

setKeyType

public void setKeyType(@Nonnull @NotEmpty
                       java.lang.String type)

Set the type of key that will be generated. Defaults to RSA.

Parameters:

type - type of key that will be generated

setKeySize

public void setKeySize(@Positive
                       int size)

Set the size of the generated key. Defaults to 2048

Parameters:

size - size of the generated key

setCertificateLifetime

public void setCertificateLifetime(@Positive
                                   int lifetime)

Set the number of years for which the certificate will be valid.

Parameters:

lifetime - number of years for which the certificate will be valid

setCertificateAlg

public void setCertificateAlg(@Nonnull @NotEmpty
                              java.lang.String alg)

Set the certificate algorithm that will be used. Defaults to SHA256withRSA.

Parameters:

alg - certificate algorithm

setHostName

public void setHostName(@Nonnull @NotEmpty
                        java.lang.String name)

Set the hostname that will appear in the certificate's DN.

Parameters:

name - hostname that will appear in the certificate's DN

setPrivateKeyFile

public void setPrivateKeyFile(@Nullable
                              java.io.File file)

Set the file to which the private key will be written.

Parameters:

file - file to which the private key will be written

setCertificateFile

public void setCertificateFile(@Nullable
                               java.io.File file)

Set the file to which the certificate will be written.

Parameters:

file - file to which the certificate will be written

setKeystoreType

public void setKeystoreType(@Nonnull @NotEmpty
                            java.lang.String type)

Set the type of keystore to create.

Parameters:

type - keystore type

setKeystoreFile

public void setKeystoreFile(@Nullable
                            java.io.File file)

Set the file to which the keystore will be written.

Parameters:

file - file to which the keystore will be written

setKeystorePassword

public void setKeystorePassword(@Nullable
                                java.lang.String password)

Set the password for the generated keystore.

Parameters:

password - password for the generated keystore

setDNSSubjectAltNames

public void setDNSSubjectAltNames(@Nonnull @NonnullElements
                                  java.util.Collection<java.lang.String> altNames)

Set the optional DNS subject alt names.

Parameters:

altNames - collection of subject alt names.

setURISubjectAltNames

public void setURISubjectAltNames(@Nonnull @NonnullElements
                                  java.util.Collection<java.lang.String> altNames)

Set the optional URI subject alt names.

Parameters:

altNames - collection of subject alt names.

generate

public void generate()
              throws java.lang.Exception

The main routine.

Throws:

java.lang.Exception - if an error occurs

validate

protected void validate()

Validates the settings.

generateKeyPair

@Nonnull
protected java.security.KeyPair generateKeyPair()
                                                  throws java.security.NoSuchAlgorithmException

Generates the key pair for the certificate.

Returns:

key pair for the certificate

Throws:

java.security.NoSuchAlgorithmException - if there is a problem generating the keys

generateCertificate

@Nonnull
protected java.security.cert.X509Certificate generateCertificate(@Nonnull
                                                                          java.security.KeyPair keypair)
                                                                   throws java.lang.Exception

Generates the self-signed certificate.

Parameters:

keypair - keypair associated with the certificate

Returns:

self-signed certificate

Throws:

java.lang.Exception - if an error occurs

buildSubjectAltNames

@Nonnull
 @NonnullElements
protected org.bouncycastle.asn1.ASN1Encodable[] buildSubjectAltNames()

Builds the subject alt names for the certificate.

Returns:

subject alt names for the certificate

main

public static void main(@Nonnull
                        java.lang.String[] args)
                 throws java.lang.Exception

Command line entry point.

Parameters:

args - command line arguments

Throws:

java.lang.Exception