Created
February 14, 2023 12:21
-
-
Save menakaj/ce538741f6a5e85d41522336794bb7c8 to your computer and use it in GitHub Desktop.
SSL Certificate generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package org.example; | |
import org.bouncycastle.asn1.x500.X500Name; | |
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; | |
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; | |
import org.bouncycastle.jce.provider.BouncyCastleProvider; | |
import org.bouncycastle.operator.ContentSigner; | |
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; | |
import org.bouncycastle.util.io.pem.PemObject; | |
import org.bouncycastle.util.io.pem.PemWriter; | |
import java.io.ByteArrayOutputStream; | |
import java.io.FileOutputStream; | |
import java.io.OutputStreamWriter; | |
import java.math.BigInteger; | |
import java.security.KeyPair; | |
import java.security.KeyPairGenerator; | |
import java.security.Security; | |
import java.security.cert.Certificate; | |
import java.time.Instant; | |
import java.time.temporal.ChronoUnit; | |
import java.util.Date; | |
public class CertificateGenerator { | |
public static final String provider = BouncyCastleProvider.PROVIDER_NAME; | |
public static void main(String[] args) { | |
try { | |
Security.addProvider(new BouncyCastleProvider()); | |
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", provider); | |
kpg.initialize(2048); | |
KeyPair kp = kpg.generateKeyPair(); | |
X500Name x500Name = new X500Name("CN=*.choreo.dev"); | |
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); | |
String signatureAlgorithm = "SHA256WithRSA"; | |
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(kp.getPrivate()); | |
Instant startDate = Instant.now(); | |
Instant notBefore = startDate.plus(365, ChronoUnit.DAYS); | |
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500Name, | |
serialNumber, Date.from(startDate), Date.from(notBefore), x500Name, kp.getPublic()); | |
Certificate certificate = new JcaX509CertificateConverter().setProvider(provider) | |
.getCertificate(certificateBuilder.build(contentSigner)); | |
FileOutputStream fileOutputStream = new FileOutputStream("newPrivate.key"); | |
FileOutputStream certOutStream = new FileOutputStream("newPublic.pem"); | |
var cert = new ByteArrayOutputStream(); | |
PemObject pop = new PemObject("CERTIFICATE", certificate.getEncoded()); | |
PemWriter pwp = new PemWriter(new OutputStreamWriter(cert)); | |
pwp.writeObject(pop); | |
pwp.close(); | |
certOutStream.write(cert.toByteArray()); | |
certOutStream.close(); | |
var pKey = new ByteArrayOutputStream(); | |
PemObject po = new PemObject("PRIVATE KEY", kp.getPrivate().getEncoded()); | |
PemWriter pw = new PemWriter(new OutputStreamWriter(pKey)); | |
pw.writeObject(po); | |
pw.close(); | |
fileOutputStream.write(pKey.toByteArray()); | |
fileOutputStream.close(); | |
} catch (Exception e) { | |
e.printStackTrace(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment