Package net.i2p.crypto

Class SelfSignedGenerator

java.lang.Object

net.i2p.crypto.SelfSignedGenerator

public final class SelfSignedGenerator
extends Object

Generate keys and a selfsigned certificate, suitable for storing in a Keystore with KeyStoreUtil.storePrivateKey(). All done programatically, no keytool, no BC libs, no sun classes. Ref: RFC 2459, RFC 5280 This is coded to create a cert that is similar to what comes out of keytool. NOTE: Recommended use is via KeyStoreUtil.createKeys() and related methods. This API may not be stable.

Since:

0.9.25

Constructor Summary

Constructors

Constructor	Description
SelfSignedGenerator()

Method Summary

Modifier and Type	Method	Description
static Object[]	generate(String cname, String ou, String o, String l, String st, String c, int validDays, SigType type)
static Object[]	generate(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type)
static X509Certificate	generate(SigningPrivateKey priv, String cname, int validDays)	Create a self-signed certificate for the existing private key.
static void	main(String[] args)	Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonName
static Object[]	renew(X509Certificate cert, PrivateKey jpriv, int validDays)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SelfSignedGenerator

public SelfSignedGenerator()

Method Detail

generate

public static Object[] generate(String cname,
                                String ou,
                                String o,
                                String l,
                                String st,
                                String c,
                                int validDays,
                                SigType type)
                         throws GeneralSecurityException

Parameters:

cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.

ou - The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

o - The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

l - The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

st - The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

c - The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

Returns:

length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL

Throws:

GeneralSecurityException

generate

public static Object[] generate(String cname,
                                Set<String> altNames,
                                String ou,
                                String o,
                                String l,
                                String st,
                                String c,
                                int validDays,
                                SigType type)
                         throws GeneralSecurityException

Parameters:

cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.

altNames - the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses. cname, localhost, 127.0.0.1, and ::1 will be automatically added.

ou - The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

o - The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

l - The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

st - The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

c - The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28

Returns:

length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL

Throws:

GeneralSecurityException

Since:

0.9.34 added altNames param

generate

public static X509Certificate generate(SigningPrivateKey priv,
                                       String cname,
                                       int validDays)
                                throws GeneralSecurityException

Create a self-signed certificate for the existing private key.

Parameters:

cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.

Returns:

self-signed certificate

Throws:

GeneralSecurityException

Since:

0.9.46

renew

public static Object[] renew(X509Certificate cert,
                             PrivateKey jpriv,
                             int validDays)
                      throws GeneralSecurityException

Parameters:

cert - the old cert to be replaced

jpriv - the private key

Returns:

length 4 array: rv[0] is a Java PublicKey, from cert as passed in rv[1] is a Java PrivateKey, jpriv as passed in rv[2] is a Java X509Certificate, new one rv[3] is a Java X509CRL, new one

Throws:

GeneralSecurityException

Since:

0.9.34 added altNames param

main

public static void main(String[] args)
                 throws Exception

Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonName

Throws:

Exception