Package com.iizix.security

Class GenerateKeystore

java.lang.Object

com.iizix.security.GenerateKeystore

public class GenerateKeystore
extends java.lang.Object

Class used to generate a keystore for use with e.g. IIZI applications that are signed using a developer's code signing certificate.

Author:

Christopher Mindus

Constructor Summary

Constructors

Constructor	Description
GenerateKeystore()

Method Summary

Modifier and Type	Method	Description
static java.security.KeyStore	createCodeSigningCertificateKeystore(javax.security.auth.x500.X500Principal owner, java.lang.String alias, char[] password, java.security.KeyStore issuerKeyStore, java.lang.String issuerAlias, char[] issuerPassword)	Generates a 4096 bit RSA code signing certificate keystore.
static java.security.KeyStore	generateSelfSignedX509Certificate(javax.security.auth.x500.X500Principal owner, java.lang.String alias, char[] password)	Generate a self signed X.509 certificate version 3 with an RSA key length of 2048, signed with SHA256.
static void	initialize()	Initialize routine for Bouncy Castle provider.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GenerateKeystore

public GenerateKeystore()

Method Detail

initialize

public static void initialize()

Initialize routine for Bouncy Castle provider.

generateSelfSignedX509Certificate

public static java.security.KeyStore generateSelfSignedX509Certificate(javax.security.auth.x500.X500Principal owner,
                                                                       java.lang.String alias,
                                                                       char[] password)
                                                                throws java.security.NoSuchAlgorithmException,
                                                                       java.security.NoSuchProviderException,
                                                                       java.security.InvalidKeyException,
                                                                       java.lang.IllegalStateException,
                                                                       java.security.SignatureException,
                                                                       java.security.KeyStoreException,
                                                                       java.security.cert.CertificateException,
                                                                       java.io.IOException

Generate a self signed X.509 certificate version 3 with an RSA key length of 2048, signed with SHA256. It is valid 10000 days starting yesterday (i.e. for over 27 years).

Parameters:

owner - The owner of the certificate.

alias - The keystore alias.

password - The keystore and key password (the same).

Returns:

The new keystore.

Throws:

java.security.NoSuchProviderException - If no provider is found.

java.security.NoSuchAlgorithmException - If no algorithm is found.

java.security.SignatureException - If the signature is in error.

java.lang.IllegalStateException - If the state is invalid.

java.security.InvalidKeyException - If the key in invalid.

java.security.KeyStoreException - Key stores exceptions.

java.io.IOException - General I/O exception.

java.security.cert.CertificateException - Errors reading certificates.

createCodeSigningCertificateKeystore

public static java.security.KeyStore createCodeSigningCertificateKeystore(javax.security.auth.x500.X500Principal owner,
                                                                          java.lang.String alias,
                                                                          char[] password,
                                                                          java.security.KeyStore issuerKeyStore,
                                                                          java.lang.String issuerAlias,
                                                                          char[] issuerPassword)
                                                                   throws java.security.NoSuchAlgorithmException,
                                                                          java.security.NoSuchProviderException,
                                                                          org.bouncycastle.cert.CertIOException,
                                                                          java.io.IOException,
                                                                          org.bouncycastle.operator.OperatorCreationException,
                                                                          java.security.cert.CertificateException,
                                                                          java.security.KeyStoreException,
                                                                          java.security.UnrecoverableKeyException

Generates a 4096 bit RSA code signing certificate keystore.

Parameters:

owner - The owner principal of the code signer certificate to create.

alias - The alias of the certificate chain in the returned keystore.

password - The password for the private key in the returned keystore.

issuerKeyStore - The issuer keystore, or null for self-signed.

issuerAlias - Alias for the issuer keystore, null for self-signed.

issuerPassword - Password for the issuer certificate chainof the alias, null for self-signed.

Returns:

The keystore.

Throws:

java.security.NoSuchProviderException - If no provider is found.

java.security.NoSuchAlgorithmException - If no algorithm is found.

org.bouncycastle.cert.CertIOException - I/O exception when reading a certificate.

java.lang.IllegalStateException - If the state is invalid.

java.security.KeyStoreException - Key stores exceptions.

java.io.IOException - General I/O exception.

java.security.cert.CertificateException - Errors reading certificates.

org.bouncycastle.operator.OperatorCreationException

java.security.UnrecoverableKeyException