View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package io.netty.handler.ssl.util;
18  
19  import org.bouncycastle.asn1.x500.X500Name;
20  import org.bouncycastle.cert.X509CertificateHolder;
21  import org.bouncycastle.cert.X509v3CertificateBuilder;
22  import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
23  import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
24  import org.bouncycastle.jce.provider.BouncyCastleProvider;
25  import org.bouncycastle.operator.ContentSigner;
26  import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
27  
28  import java.math.BigInteger;
29  import java.security.KeyPair;
30  import java.security.PrivateKey;
31  import java.security.Provider;
32  import java.security.SecureRandom;
33  import java.security.cert.X509Certificate;
34  import java.util.Date;
35  
36  import static io.netty.handler.ssl.util.SelfSignedCertificate.newSelfSignedCertificate;
37  
38  /**
39   * Generates a self-signed certificate using <a href="https://www.bouncycastle.org/">Bouncy Castle</a>.
40   */
41  final class BouncyCastleSelfSignedCertGenerator {
42  
43      private static final Provider PROVIDER = new BouncyCastleProvider();
44  
45      static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter,
46                               String algorithm) throws Exception {
47          PrivateKey key = keypair.getPrivate();
48  
49          // Prepare the information required for generating an X.509 certificate.
50          X500Name owner = new X500Name("CN=" + fqdn);
51          X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
52                  owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic());
53  
54          ContentSigner signer = new JcaContentSignerBuilder(
55                  algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256WithRSAEncryption").build(key);
56          X509CertificateHolder certHolder = builder.build(signer);
57          X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
58          cert.verify(keypair.getPublic());
59  
60          return newSelfSignedCertificate(fqdn, key, cert);
61      }
62  
63      private BouncyCastleSelfSignedCertGenerator() { }
64  }