Package net.i2p.crypto

Class SelfSignedGenerator

java.lang.Object
net.i2p.crypto.SelfSignedGenerator
public final class SelfSignedGenerator extends Object
Generate keys and a selfsigned certificate, suitable for storing in a Keystore with KeyStoreUtil.storePrivateKey(). All done programatically, no keytool, no BC libs, no sun classes. Ref: RFC 2459, RFC 5280 This is coded to create a cert that is similar to what comes out of keytool. NOTE: Recommended use is via KeyStoreUtil.createKeys() and related methods. This API may not be stable.
Since:
0.9.25

  • Constructor Details

    • SelfSignedGenerator

      public SelfSignedGenerator()

  • Method Details

    • generate

      public static Object[] generate(String cname, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException
      Parameters:
      cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.
      ou - The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      o - The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      l - The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      st - The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      c - The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      Returns:
      length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL
      Throws:
      GeneralSecurityException

    • generate

      public static Object[] generate(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException
      Parameters:
      cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.
      altNames - the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses. cname, localhost, 127.0.0.1, and ::1 will be automatically added.
      ou - The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      o - The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      l - The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      st - The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      c - The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
      Returns:
      length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL
      Throws:
      GeneralSecurityException
      Since:
      0.9.34 added altNames param

    • generate

      public static X509Certificate generate(SigningPrivateKey priv, String cname, int validDays) throws GeneralSecurityException
      Create a self-signed certificate for the existing private key.
      Parameters:
      cname - the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.
      Returns:
      self-signed certificate
      Throws:
      GeneralSecurityException
      Since:
      0.9.46

    • renew

      public static Object[] renew(X509Certificate cert, PrivateKey jpriv, int validDays) throws GeneralSecurityException
      Parameters:
      cert - the old cert to be replaced
      jpriv - the private key
      Returns:
      length 4 array: rv[0] is a Java PublicKey, from cert as passed in rv[1] is a Java PrivateKey, jpriv as passed in rv[2] is a Java X509Certificate, new one rv[3] is a Java X509CRL, new one
      Throws:
      GeneralSecurityException
      Since:
      0.9.34 added altNames param

    • main

      public static void main(String[] args) throws Exception
      Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonName
      Throws:
      Exception