github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove code duplication

pull/30/head
Richard Körber 2016-12-16 00:54:32 +01:00
parent 1cca9e26af
commit 25700d5c41
1 changed files with 19 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
View File

@ -172,33 +172,7 @@ public final class CertificateUtils {
*/ */
@Deprecated @Deprecated
public static X509Certificate createTlsSniCertificate(KeyPair keypair, String subject) throws IOException { public static X509Certificate createTlsSniCertificate(KeyPair keypair, String subject) throws IOException {
final long now = System.currentTimeMillis(); return createCertificate(keypair, subject);
final long validSpanMs = 7 * 24 * 60 * 60 * 1000L;
final String signatureAlg = "SHA256withRSA";
try {
X500Name issuer = new X500Name("CN=acme.invalid");
BigInteger serial = BigInteger.valueOf(now);
Date notBefore = new Date(now);
Date notAfter = new Date(now + validSpanMs);
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
issuer, serial, notBefore, notAfter, issuer, keypair.getPublic());
GeneralName[] gns = new GeneralName[1];
gns[0] = new GeneralName(GeneralName.dNSName, subject);
certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(gns));
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlg);
byte[] cert = certBuilder.build(signerBuilder.build(keypair.getPrivate())).getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(cert));
} catch (CertificateException | OperatorCreationException ex) {
throw new IOException(ex);
}
} }
/** /**
@ -215,6 +189,20 @@ public final class CertificateUtils {
*/ */
public static X509Certificate createTlsSni02Certificate(KeyPair keypair, String sanA, String sanB) public static X509Certificate createTlsSni02Certificate(KeyPair keypair, String sanA, String sanB)
throws IOException { throws IOException {
return createCertificate(keypair, sanA, sanB);
}
/**
* Creates a generic self-signed challenge {@link X509Certificate}. The certificate is
* valid for 7 days.
*
* @param keypair
* A domain {@link KeyPair} to be used for the challenge
* @param subject
* Subjects to create a certificate for
* @return Created certificate
*/
private static X509Certificate createCertificate(KeyPair keypair, String... subject) throws IOException {
final long now = System.currentTimeMillis(); final long now = System.currentTimeMillis();
final long validSpanMs = 7 * 24 * 60 * 60 * 1000L; final long validSpanMs = 7 * 24 * 60 * 60 * 1000L;
final String signatureAlg = "SHA256withRSA"; final String signatureAlg = "SHA256withRSA";
@ -228,9 +216,10 @@ public final class CertificateUtils {
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
issuer, serial, notBefore, notAfter, issuer, keypair.getPublic()); issuer, serial, notBefore, notAfter, issuer, keypair.getPublic());
GeneralName[] gns = new GeneralName[2]; GeneralName[] gns = new GeneralName[subject.length];
gns[0] = new GeneralName(GeneralName.dNSName, sanA); for (int ix = 0; ix < subject.length; ix++) {
gns[1] = new GeneralName(GeneralName.dNSName, sanB); gns[ix] = new GeneralName(GeneralName.dNSName, subject[ix]);
}
certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(gns)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(gns));