View Javadoc

1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package org.jboss.netty.handler.ssl.util;
18  
19  import org.bouncycastle.asn1.x500.X500Name;
20  import org.bouncycastle.cert.X509CertificateHolder;
21  import org.bouncycastle.cert.X509v3CertificateBuilder;
22  import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
23  import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
24  import org.bouncycastle.jce.provider.BouncyCastleProvider;
25  import org.bouncycastle.operator.ContentSigner;
26  import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
27  
28  import java.math.BigInteger;
29  import java.security.KeyPair;
30  import java.security.PrivateKey;
31  import java.security.Provider;
32  import java.security.SecureRandom;
33  import java.security.cert.X509Certificate;
34  
35  import static org.jboss.netty.handler.ssl.util.SelfSignedCertificate.*;
36  
37  /**
38   * Generates a self-signed certificate using <a href="http://www.bouncycastle.org/">Bouncy Castle</a>.
39   */
40  final class BouncyCastleSelfSignedCertGenerator {
41  
42      private static final Provider PROVIDER = new BouncyCastleProvider();
43  
44      static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
45          PrivateKey key = keypair.getPrivate();
46  
47          // Prepare the information required for generating an X.509 certificate.
48          X500Name owner = new X500Name("CN=" + fqdn);
49          X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
50                  owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic());
51  
52          ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
53          X509CertificateHolder certHolder = builder.build(signer);
54          X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
55          cert.verify(keypair.getPublic());
56  
57          return newSelfSignedCertificate(fqdn, key, cert);
58      }
59  
60      private BouncyCastleSelfSignedCertGenerator() { }
61  }