public Builder() { ecdsa256(); }
/** Returns an SSL client for this host's localhost address. */ public static synchronized HandshakeCertificates localhost() { if (localhost != null) return localhost; try { // Generate a self-signed cert for the server to serve and the client to trust. HeldCertificate heldCertificate = new HeldCertificate.Builder() .commonName("localhost") .addSubjectAlternativeName(InetAddress.getByName("localhost").getCanonicalHostName()) .build(); localhost = new HandshakeCertificates.Builder() .heldCertificate(heldCertificate) .addTrustedCertificate(heldCertificate.certificate()) .build(); return localhost; } catch (UnknownHostException e) { throw new RuntimeException(e); } }
/** Sets this certificate's serial number. If unset the serial number will be 1. */ public Builder serialNumber(long serialNumber) { return serialNumber(BigInteger.valueOf(serialNumber)); }
public void run() throws Exception { String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); HeldCertificate localhostCertificate = new HeldCertificate.Builder() .addSubjectAlternativeName(localhost) .build(); HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() .heldCertificate(localhostCertificate) .build(); MockWebServer server = new MockWebServer(); server.useHttps(serverCertificates.sslSocketFactory(), false); server.enqueue(new MockResponse()); HandshakeCertificates clientCertificates = new HandshakeCertificates.Builder() .addTrustedCertificate(localhostCertificate.certificate()) .build(); OkHttpClient client = new OkHttpClient.Builder() .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager()) .build(); Call call = client.newCall(new Request.Builder() .url(server.url("/")) .build()); Response response = call.execute(); System.out.println(response.handshake().tlsVersion()); }
/** * Returns a key manager for the held certificate and its chain. Returns an empty key manager if * {@code heldCertificate} is null. */ public static X509KeyManager newKeyManager(String keyStoreType, HeldCertificate heldCertificate, X509Certificate... intermediates) throws GeneralSecurityException { KeyStore keyStore = newEmptyKeyStore(keyStoreType); if (heldCertificate != null) { Certificate[] chain = new Certificate[1 + intermediates.length]; chain[0] = heldCertificate.certificate(); System.arraycopy(intermediates, 0, chain, 1, intermediates.length); keyStore.setKeyEntry("private", heldCertificate.keyPair().getPrivate(), password, chain); } KeyManagerFactory factory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); factory.init(keyStore, password); KeyManager[] result = factory.getKeyManagers(); if (result.length != 1 || !(result[0] instanceof X509KeyManager)) { throw new IllegalStateException("Unexpected key managers:" + Arrays.toString(result)); } return (X509KeyManager) result[0]; }
public HandshakeCertificates build() { try { X509KeyManager keyManager = newKeyManager(null, heldCertificate, intermediates); X509TrustManager trustManager = newTrustManager(null, trustedCertificates); return new HandshakeCertificates(keyManager, trustManager); } catch (GeneralSecurityException gse) { throw new AssertionError(gse); } } }
: generateKeyPair(); X500Principal subject = buildSubject(); return new HeldCertificate(heldKeyPair, certificate); } catch (GeneralSecurityException e) { throw new AssertionError(e);
/** * Returns the RSA private key encoded in <a href="https://tools.ietf.org/html/rfc8017">PKCS * #1</a> <a href="https://tools.ietf.org/html/rfc7468">PEM format</a>. */ public String privateKeyPkcs1Pem() { if (!(keyPair.getPrivate() instanceof RSAPrivateKey)) { throw new IllegalStateException("PKCS1 only supports RSA keys"); } StringBuilder result = new StringBuilder(); result.append("-----BEGIN RSA PRIVATE KEY-----\n"); encodeBase64Lines(result, pkcs1Bytes()); result.append("-----END RSA PRIVATE KEY-----\n"); return result.toString(); }
/** * Sets the public/private key pair used for this certificate. If unset a key pair will be * generated. */ public Builder keyPair(PublicKey publicKey, PrivateKey privateKey) { return keyPair(new KeyPair(publicKey, privateKey)); }
public SSLSocketFactory sslSocketFactory() { return sslContext().getSocketFactory(); }
/** * Sets the certificate to be valid immediately and until the specified duration has elapsed. * The precision of this field is seconds; further precision will be truncated. */ public Builder duration(long duration, TimeUnit unit) { long now = System.currentTimeMillis(); return validityInterval(now, now + unit.toMillis(duration)); }
/** * Returns the RSA private key encoded in <a href="https://tools.ietf.org/html/rfc5208">PKCS * #8</a> <a href="https://tools.ietf.org/html/rfc7468">PEM format</a>. */ public String privateKeyPkcs8Pem() { StringBuilder result = new StringBuilder(); result.append("-----BEGIN PRIVATE KEY-----\n"); encodeBase64Lines(result, ByteString.of(keyPair.getPrivate().getEncoded())); result.append("-----END PRIVATE KEY-----\n"); return result.toString(); }
/** Returns an SSL client for this host's localhost address. */ public static synchronized HandshakeCertificates localhost() { if (localhost != null) return localhost; try { // Generate a self-signed cert for the server to serve and the client to trust. HeldCertificate heldCertificate = new HeldCertificate.Builder() .commonName("localhost") .addSubjectAlternativeName(InetAddress.getByName("localhost").getCanonicalHostName()) .build(); localhost = new HandshakeCertificates.Builder() .heldCertificate(heldCertificate) .addTrustedCertificate(heldCertificate.certificate()) .build(); return localhost; } catch (UnknownHostException e) { throw new RuntimeException(e); } }
public HandshakeCertificates build() { try { X509KeyManager keyManager = newKeyManager(null, heldCertificate, intermediates); X509TrustManager trustManager = newTrustManager(null, trustedCertificates); return new HandshakeCertificates(keyManager, trustManager); } catch (GeneralSecurityException gse) { throw new AssertionError(gse); } } }
public Builder() { ecdsa256(); }
/** Sets this certificate's serial number. If unset the serial number will be 1. */ public Builder serialNumber(long serialNumber) { return serialNumber(BigInteger.valueOf(serialNumber)); }
/** * Sets the public/private key pair used for this certificate. If unset a key pair will be * generated. */ public Builder keyPair(PublicKey publicKey, PrivateKey privateKey) { return keyPair(new KeyPair(publicKey, privateKey)); }
public SSLSocketFactory sslSocketFactory() { return sslContext().getSocketFactory(); }
/** * Sets the certificate to be valid immediately and until the specified duration has elapsed. * The precision of this field is seconds; further precision will be truncated. */ public Builder duration(long duration, TimeUnit unit) { long now = System.currentTimeMillis(); return validityInterval(now, now + unit.toMillis(duration)); }
/** * Returns the certificate encoded in <a href="https://tools.ietf.org/html/rfc7468">PEM * format</a>. */ public String certificatePem() { try { StringBuilder result = new StringBuilder(); result.append("-----BEGIN CERTIFICATE-----\n"); encodeBase64Lines(result, ByteString.of(certificate.getEncoded())); result.append("-----END CERTIFICATE-----\n"); return result.toString(); } catch (CertificateEncodingException e) { throw new AssertionError(e); } }