edu.internet2.middleware.ant.pki
Class SelfSignedCertificate

java.lang.Object
  org.apache.tools.ant.ProjectComponent
      org.apache.tools.ant.Task
          edu.internet2.middleware.ant.pki.SelfSignedCertificate

All Implemented Interfaces:

Cloneable

public class SelfSignedCertificate
extends org.apache.tools.ant.Task

An ant task that generates a self-signed certificate. This ant task requires three attributes:

• hostname - the server hostname that will be used in the certificate Subject and Issuer DN

The task also has two optional attributes:

• keyType - type of key generated, possible values are "DSA" or "RSA", the default is RSA
• keySize - size, in bits, of the generated key, default is 2048
• privateKeyFile - file to which the generated private key will be written, in PEM format
• certifcateFile - file to which the self-signed certificate will be written, in PEM format
• keystoreFile - keystore to which the self-signed certificate and key will be written
• keystorePassword - password for the keystore, if none given the string 'changeit' is used
• dnsSubjectAltNames - space separated list of DNS subject alt names
• uriSubjectAltNames - space separated list of URI subject alt names

Nested Class Summary

static class

SelfSignedCertificate.KeyType Key type enumeration.

Field Summary

private File	certificateFile File to which the certificate will be written.
private int	certificateLifetime Number of years before the self-signed certificate expires.
private String[]	dnsSubjectAltNames Optional DNS subject alt names.
private String	hostname Hostname that will appear as the certifcate's DN common name component.
private int	keysize Size of the generated key.
private File	keystoreFile File to which the keystore will be written.
private String	keystorePassword Password for the generated keystore.
private String	keyType Type of key to generated.
private File	privateKeyFile File to which the public key will be written.
private String[]	uriSubjectAltNames Optional DNS subject alt names.

Fields inherited from class org.apache.tools.ant.Task

target, taskName, taskType, wrapper

Fields inherited from class org.apache.tools.ant.ProjectComponent

description, location, project

Constructor Summary

SelfSignedCertificate()

Method Summary

protected org.bouncycastle.asn1.ASN1Encodable[]	buildSubjectAltNames() Builds the subject alt names for the certificate.
void	execute()
protected X509Certificate	generateCertificate(KeyPair keypair) Generates the self-signed certificate.
protected KeyPair	generateKeyPair() Generates the key pair for the certificate.
void	setCertificateFile(File file) Sets the file to which the certificate will be written.
void	setCertificateLifetime(int lifetime) Sets the number of years for which the certificate will be valid.
void	setDnsSubjectAltNames(String altNames) Sets the optional DNS subject alt names.
void	setHostName(String name) Sets the hostname that will appear in the certificate's DN.
void	setKeysize(int size) Sets the size of the generated key.
void	setKeystoreFile(File file) Sets the file to which the keystore will be written.
void	setKeystorePassword(String password) Sets the password for the generated keystore.
void	setKeyType(SelfSignedCertificate.KeyType type) Sets the type of key that will be generated.
void	setPrivateKeyFile(File file) Sets the file to which the private key will be written.
void	setUriSubjectAltNames(String altNames) Sets the optional URI subject alt names.
protected void	validate() Validates the provided task input.

Methods inherited from class org.apache.tools.ant.Task

bindToOwner, getOwningTarget, getRuntimeConfigurableWrapper, getTaskName, getTaskType, getWrapper, handleErrorFlush, handleErrorOutput, handleFlush, handleInput, handleOutput, init, isInvalid, log, log, log, log, maybeConfigure, perform, reconfigure, setOwningTarget, setRuntimeConfigurableWrapper, setTaskName, setTaskType

Methods inherited from class org.apache.tools.ant.ProjectComponent

clone, getDescription, getLocation, getProject, setDescription, setLocation, setProject

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keyType

private String keyType

Type of key to generated. Valid values: DSA or RSA

keysize

private int keysize

Size of the generated key.

certificateLifetime

private int certificateLifetime

Number of years before the self-signed certificate expires.

hostname

private String hostname

Hostname that will appear as the certifcate's DN common name component.

dnsSubjectAltNames

private String[] dnsSubjectAltNames

Optional DNS subject alt names.

uriSubjectAltNames

private String[] uriSubjectAltNames

Optional DNS subject alt names.

privateKeyFile

private File privateKeyFile

File to which the public key will be written.

certificateFile

private File certificateFile

File to which the certificate will be written.

keystoreFile

private File keystoreFile

File to which the keystore will be written.

keystorePassword

private String keystorePassword

Password for the generated keystore.

Constructor Detail

SelfSignedCertificate

public SelfSignedCertificate()

Method Detail

execute

public void execute()

Overrides:

execute in class org.apache.tools.ant.Task

setKeyType

public void setKeyType(SelfSignedCertificate.KeyType type)

Sets the type of key that will be generated. Defaults to DSA.

Parameters:

type - type of key that will be generated

setKeysize

public void setKeysize(int size)

Sets the size of the generated key. Defaults to 2048

Parameters:

size - size of the generated key

setCertificateLifetime

public void setCertificateLifetime(int lifetime)

Sets the number of years for which the certificate will be valid.

Parameters:

lifetime - number of years for which the certificate will be valid

setHostName

public void setHostName(String name)

Sets the hostname that will appear in the certificate's DN.

Parameters:

name - hostname that will appear in the certificate's DN

setPrivateKeyFile

public void setPrivateKeyFile(File file)

Sets the file to which the private key will be written.

Parameters:

file - file to which the private key will be written

setCertificateFile

public void setCertificateFile(File file)

Sets the file to which the certificate will be written.

Parameters:

file - file to which the certificate will be written

setKeystoreFile

public void setKeystoreFile(File file)

Sets the file to which the keystore will be written.

Parameters:

file - file to which the keystore will be written

setKeystorePassword

public void setKeystorePassword(String password)

Sets the password for the generated keystore.

Parameters:

password - password for the generated keystore

setDnsSubjectAltNames

public void setDnsSubjectAltNames(String altNames)

Sets the optional DNS subject alt names.

Parameters:

altNames - space delimited set of subject alt names.

setUriSubjectAltNames

public void setUriSubjectAltNames(String altNames)

Sets the optional URI subject alt names.

Parameters:

altNames - space delimited set of subject alt names.

validate

protected void validate()

Validates the provided task input.

generateKeyPair

protected KeyPair generateKeyPair()

Generates the key pair for the certificate.

Returns:

key pair for the certificate

generateCertificate

protected X509Certificate generateCertificate(KeyPair keypair)

Generates the self-signed certificate.

Parameters:

keypair - keypair associated with the certificate

Returns:

self-signed certificate

buildSubjectAltNames

protected org.bouncycastle.asn1.ASN1Encodable[] buildSubjectAltNames()

Builds the subject alt names for the certificate.

Returns:

subject alt names for the certificate