Package net.i2p.crypto
Class SelfSignedGenerator
java.lang.Object
net.i2p.crypto.SelfSignedGenerator
Generate keys and a selfsigned certificate, suitable for
storing in a Keystore with KeyStoreUtil.storePrivateKey().
All done programatically, no keytool, no BC libs, no sun classes.
Ref: RFC 2459, RFC 5280
This is coded to create a cert that is similar to what comes out of keytool.
NOTE: Recommended use is via KeyStoreUtil.createKeys() and related methods.
This API may not be stable.
- Since:
- 0.9.25
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic Object[]
generate
(String cname, String ou, String o, String l, String st, String c, int validDays, SigType type) static Object[]
generate
(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type) static X509Certificate
generate
(SigningPrivateKey priv, String cname, int validDays) Create a self-signed certificate for the existing private key.static void
Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonNamestatic Object[]
renew
(X509Certificate cert, PrivateKey jpriv, int validDays)
-
Constructor Details
-
SelfSignedGenerator
public SelfSignedGenerator()
-
-
Method Details
-
generate
public static Object[] generate(String cname, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException - Parameters:
cname
- the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.ou
- The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28o
- The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28l
- The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28st
- The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28c
- The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28- Returns:
- length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL
- Throws:
GeneralSecurityException
-
generate
public static Object[] generate(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException - Parameters:
cname
- the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.altNames
- the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses. cname, localhost, 127.0.0.1, and ::1 will be automatically added.ou
- The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28o
- The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28l
- The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28st
- The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28c
- The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28- Returns:
- length 4 array: rv[0] is a Java PublicKey rv[1] is a Java PrivateKey rv[2] is a Java X509Certificate rv[3] is a Java X509CRL
- Throws:
GeneralSecurityException
- Since:
- 0.9.34 added altNames param
-
generate
public static X509Certificate generate(SigningPrivateKey priv, String cname, int validDays) throws GeneralSecurityException Create a self-signed certificate for the existing private key.- Parameters:
cname
- the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.- Returns:
- self-signed certificate
- Throws:
GeneralSecurityException
- Since:
- 0.9.46
-
renew
public static Object[] renew(X509Certificate cert, PrivateKey jpriv, int validDays) throws GeneralSecurityException - Parameters:
cert
- the old cert to be replacedjpriv
- the private key- Returns:
- length 4 array: rv[0] is a Java PublicKey, from cert as passed in rv[1] is a Java PrivateKey, jpriv as passed in rv[2] is a Java X509Certificate, new one rv[3] is a Java X509CRL, new one
- Throws:
GeneralSecurityException
- Since:
- 0.9.34 added altNames param
-
main
Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonName- Throws:
Exception
-