Module org.shredzone.acme4j
Package org.shredzone.acme4j.util

Class CertificateUtils

java.lang.Object
org.shredzone.acme4j.util.CertificateUtils
public final class CertificateUtils extends Object
Utility class offering convenience methods for certificates.

Requires Bouncy Castle.

  • Field Details

    • ACME_VALIDATION

      public static final org.bouncycastle.asn1.ASN1ObjectIdentifier ACME_VALIDATION
      The acmeValidation object identifier.
      Since:
      2.1

  • Method Details

    • readCSR

      public static org.bouncycastle.pkcs.PKCS10CertificationRequest readCSR(InputStream in) throws IOException
      Reads a CSR PEM file.
      Parameters:
      in - InputStream to read the CSR from. The InputStream is closed after use.
      Returns:
      CSR that was read
      Throws:
      IOException

    • createTlsAlpn01Certificate

      public static X509Certificate createTlsAlpn01Certificate(KeyPair keypair, Identifier id, byte[] acmeValidation) throws IOException
      Creates a self-signed X509Certificate that can be used for the TlsAlpn01Challenge. The certificate is valid for 7 days.
      Parameters:
      keypair - A domain KeyPair to be used for the challenge
      id - The Identifier that is to be validated
      acmeValidation - The value that is returned by TlsAlpn01Challenge.getAcmeValidation()
      Returns:
      Created certificate
      Throws:
      IOException
      Since:
      2.6

    • createTestRootCertificate

      public static X509Certificate createTestRootCertificate(String subject, Instant notBefore, Instant notAfter, KeyPair keypair)
      Creates a self-signed root certificate.

      The generated certificate is only meant for testing purposes!

      Parameters:
      subject - This certificate's subject X.500 name.
      notBefore - Instant before which the certificate is not valid.
      notAfter - Instant after which the certificate is not valid.
      keypair - KeyPair that is to be used for this certificate.
      Returns:
      Generated X509Certificate
      Since:
      2.8

    • createTestIntermediateCertificate

      public static X509Certificate createTestIntermediateCertificate(String subject, Instant notBefore, Instant notAfter, PublicKey intermediatePublicKey, X509Certificate issuer, PrivateKey issuerPrivateKey)
      Creates an intermediate certificate that is signed by an issuer.

      The generated certificate is only meant for testing purposes!

      Parameters:
      subject - This certificate's subject X.500 name.
      notBefore - Instant before which the certificate is not valid.
      notAfter - Instant after which the certificate is not valid.
      intermediatePublicKey - PublicKey of this certificate
      issuer - The issuer's X509Certificate.
      issuerPrivateKey - PrivateKey of the issuer. This is not the private key of this intermediate certificate.
      Returns:
      Generated X509Certificate
      Since:
      2.8

    • createTestCertificate

      public static X509Certificate createTestCertificate(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, Instant notBefore, Instant notAfter, X509Certificate issuer, PrivateKey issuerPrivateKey)
      Creates a signed end entity certificate from the given CSR.

      This method is only meant for testing purposes! Do not use it in a real-world CA implementation.

      Do not assume that real-world certificates have a similar structure. It's up to the discretion of the CA which distinguished names, validity dates, extensions and other parameters are transferred from the CSR to the generated certificate.

      Parameters:
      csr - CSR to create the certificate from
      notBefore - Instant before which the certificate is not valid.
      notAfter - Instant after which the certificate is not valid.
      issuer - The issuer's X509Certificate.
      issuerPrivateKey - PrivateKey of the issuer. This is not the private key the CSR was signed with.
      Returns:
      Generated X509Certificate
      Since:
      2.8