Package io.smallrye.certs.ca

Class CaGenerator

java.lang.Object

io.smallrye.certs.ca.CaGenerator

public class CaGenerator
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
static final String	KEYSTORE_CERT_ENTRY
static final String	KEYSTORE_KEY_ENTRY

Constructor Summary

Constructors

Constructor	Description
CaGenerator(File ca, File key, File ks, String password)	Create a new instance of CaGenerator.

Method Summary

Modifier and Type	Method	Description
X509Certificate	generate(String cn, String org, String unit, String location, String state, String country)	Generate a Root CA certificate and store it in a keystore.
void	generateTrustStore(File trustStore)	Generate a PKCS#12 truststore containing the CA certificate.
void	installToSystem()	Install the CA certificate in the system truststore.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

KEYSTORE_KEY_ENTRY

public static final String KEYSTORE_KEY_ENTRY

See Also:

• Constant Field Values

KEYSTORE_CERT_ENTRY

public static final String KEYSTORE_CERT_ENTRY

See Also:

• Constant Field Values

Constructor Details

CaGenerator

public CaGenerator(File ca,
 File key,
 File ks,
 String password)

Create a new instance of CaGenerator.

Parameters:

ca - the file where the CA certificate should be stored (PEM file), must not be null

key - the file where the private key should be stored (PEM file), must not be null

ks - the file where the keystore should be stored (P12 file), must not be null

password - the password to protect the keystore, and the private key, must not be null or empty

Method Details

generate

public X509Certificate generate(String cn,
 String org,
 String unit,
 String location,
 String state,
 String country)
                         throws Exception

Generate a Root CA certificate and store it in a keystore.

This method writes the CA certificate to a PEM file, the private key to a PEM file, and the key and cert to a PKCS12 keystore. It also returns the X509Certificate instance.

Parameters:

cn - the common name of the certificate, must not be null

org - the organization, can be null, must not be empty

unit - the organizational unit, can be null, must not be empty

location - the location, can be null, must not be empty

state - the state, can be null, must not be empty

country - , the country, can be null, must not be empty

Returns:

the generated CA certificate

Throws:

Exception - if the generation fails

generateTrustStore

public void generateTrustStore(File trustStore)
                        throws Exception

Generate a PKCS#12 truststore containing the CA certificate.

The generated truststore is a PKCS12 file containing the CA certificate at the entry ca. The truststore is protected by the password provided when creating the instance of CaGenerator.

Parameters:

trustStore - the truststore file, must not be null

Throws:

KeyStoreException - if the truststore cannot be generated

Exception

installToSystem

public void installToSystem()
                     throws Exception

Install the CA certificate in the system truststore.

The behavior of this method depends on the operating system. It requires elevated privileges.

Throws:

Exception