Port SelfSignedCertificate from ant-extensions to java-support

Description

Copy SelfSignedCertificate to net.shibboleth.utilities.java.support.security and update use of BC APIs.

Maybe consider whether or not generating a self-signed cert should be part of Cryptacular ?

Environment

None

Activity

Rod Widdowson 
September 19, 2014 at 8:21 AM

Fixed r6484 r6485

Scott Cantor 
July 10, 2014 at 3:10 AM

Added options for cert algorithm and the subjectAltNames and finished some cleanup.

Should be usable at this point, I'll turn over the Daniel if he wants to figure out a way to use non-deprecated classes or something other than the bcpkix library, which is separate from the bcprov jar.

Scott Cantor 
July 10, 2014 at 1:07 AM

This is mostly done and working. A main() is also added with command line handling for the basic options needed. I cleaned the code a bit to do better checking of overwriting files, and added the ability to generate any keystore type. PKCS12 seems to work as well as JKS.

Command line options:

$ java -cp "lib/*" net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator --help
Usage: SelfSignedCertificateGenerator [options]
Options:
--certfile
Path to certificate file
--help
Display program usage
Default: false
--hostname
Hostname for certificate subject
--keyfile
Path to private key file
--lifetime
Certificate lifetime in years (default: 20)
Default: 20
--size
Size of key to generate (default: 2048)
Default: 2048
--storefile
Path to keystore
--storepass
Password for keystore
--storetype
Type of keystore to generate (default: PKCS12)
Default: PKCS12
--type
Type of key to generate (default: RSA)
Default: RSA

Fixed

Details

Assignee

Reporter

Components

Affects versions

Created May 22, 2014 at 5:25 PM
Updated September 19, 2014 at 8:21 AM
Resolved September 19, 2014 at 8:21 AM