There is bouncycastle but it is third party. I am looking for something that comes with java11 and deprecated in it.
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
public class X509CertificateGenerator {
public static void main(String[] args) {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509Certificate certificate = generateCertificate(keyPair);
System.out.println(certificate.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
public static X509Certificate generateCertificate(KeyPair keyPair) throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
try {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGenerator.setSubjectDN(new X500Principal("CN=Test Certificate"));
certGenerator.setIssuerDN(new X500Principal("CN=Test Certificate"));
certGenerator.setNotBefore(new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000)); // Yesterday
certGenerator.setNotAfter(new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000)); // One year from now
certGenerator.setPublicKey(keyPair.getPublic());
certGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate certificate = certGenerator.generate(keyPair.getPrivate());
return certificate;
} catch (CertificateEncodingException e) {
throw new CertificateException("Failed to generate certificate.", e);
}
}
}
Here X509V3CertificateGenerator is from bouncycastle. What is replacement for this? Or some other way to generate x509 certificates.
