Issue
We have a code that generates self-signed certificate running Java 8 (the api has been removed in java 9). It seems like there will be a new API for generating self-signed certificates starting from JDK 9: rel="nofollow noreferrer">https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8165481
Is there any example of doing the same as:
class Foo{
public Foo(){
CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA256withRSA", null);
keyGen.generate(2048);
rootPrivateKey = keyGen.getPrivateKey();
rootCertificate = keyGen.getSelfCertificate(new X500Name("CN=FooBar"), (long) 24 * 60 * 60);
CertAndKeyGen subKeyGen =new CertAndKeyGen("RSA","SHA256withRSA",null);
subKeyGen.generate(2048);
subPrivateKey = subKeyGen.getPrivateKey();
subCertificate = subKeyGen.getSelfCertificate(new X500Name("CN=FizzBuzz"), (long) 24 * 60 * 60);
rootCertificate = signCertificate(rootCertificate, rootCertificate, rootPrivateKey);
subCertificate = signCertificate(subCertificate, rootCertificate, rootPrivateKey);
X509Certificate[] certChain = new X509Certificate[]{subCertificate,rootCertificate};
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(null, null);
store.setKeyEntry("FizzBuzz Private Key", subPrivateKey, certificatePassword.toCharArray(), certChain);
}
public X509Certificate signCertificate (X509Certificate inputCertificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey)throws Exception {
X509CertInfo info = new X509CertInfo(inputCertificate.getTBSCertificate());
info.set(X509CertInfo.ISSUER, issuerCertificate.getSubjectDN());
X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerCertificate.getSigAlgName());
return outCert;
}
}
in Java 11?
===============Update===========
The feature request is here: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778
Solution
You can use utility classes from OkHttp to achieve this
https://github.com/square/okhttp/tree/master/okhttp-tls
A HeldCertificate is a certificate and its private key. Use the builder to create a self-signed certificate that a test server can use for HTTPS:
String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
HeldCertificate localhostCertificate = new HeldCertificate.Builder()
.addSubjectAlternativeName(localhost)
.build();
Answered By - Yuri Schimke
Answer Checked By - Willingham (JavaFixing Volunteer)