CertificateBuilderTest Class — netty Architecture
Architecture documentation for the CertificateBuilderTest class in CertificateBuilderTest.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD 8c85a9d3_f3ae_f481_1984_99bd24f9c654["CertificateBuilderTest"] 62f9cd75_a0cf_1c91_1229_4642a53a535b["CertificateBuilderTest.java"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|defined in| 62f9cd75_a0cf_1c91_1229_4642a53a535b d5931114_2f6a_51d2_f0e7_941f59c0854b["createCertOfEveryKeyType()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| d5931114_2f6a_51d2_f0e7_941f59c0854b 1ecb4c5b_f73a_eca7_2076_ff4d7fa85a12["createKeyPairOfEveryKeyType()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 1ecb4c5b_f73a_eca7_2076_ff4d7fa85a12 b9c5c479_23db_6db0_9890_0272a38f479b["createKeyPairWithProvider()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| b9c5c479_23db_6db0_9890_0272a38f479b 3b1efaee_e2d7_292b_728f_b70d50622c8f["createMlKemCerts()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 3b1efaee_e2d7_292b_728f_b70d50622c8f 10003217_5cb7_1f09_5006_1df45c88c90a["createEdCertsWithProvider()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 10003217_5cb7_1f09_5006_1df45c88c90a d75f1431_7a86_58e8_f9bc_63752da119c9["createCertIssuedBySameAlgorithm()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| d75f1431_7a86_58e8_f9bc_63752da119c9 42882f0b_f1a8_a232_3456_13adaa05e164["createCertIssuedByDifferentAlgorithmEcp384vsEcp256()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 42882f0b_f1a8_a232_3456_13adaa05e164 20ba10f6_262f_e1e1_437f_5068f7b422d7["createCertIssuedByDifferentAlgorithmEcp256vsRsa2048()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 20ba10f6_262f_e1e1_437f_5068f7b422d7 8a915010_925f_82f1_6b9d_ee25f9f04d30["createCertIssuedByDifferentAlgorithmEd25519vEcp256()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 8a915010_925f_82f1_6b9d_ee25f9f04d30 210d92e4_f423_7844_b114_e9e36b7013a2["createCertIssuedByDifferentAlgorithmEd448vEcp256()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 210d92e4_f423_7844_b114_e9e36b7013a2 a21d20c3_db09_fbc8_1a42_e7df15379908["createCertificateWithSans()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| a21d20c3_db09_fbc8_1a42_e7df15379908 cdc40cd6_17e1_e4e7_e511_8090cc941d19["createCertificteWithExtendedKeyUsage()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| cdc40cd6_17e1_e4e7_e511_8090cc941d19 359411c4_2f83_6006_1979_fd4d240452a7["createCertificateWithOtherFields()"] 8c85a9d3_f3ae_f481_1984_99bd24f9c654 -->|method| 359411c4_2f83_6006_1979_fd4d240452a7
Relationship Graph
Source Code
pkitesting/src/test/java/io/netty/pkitesting/CertificateBuilderTest.java lines 65–490
class CertificateBuilderTest {
private static final Instant NOW = Instant.now();
private static final String SUBJECT = "CN=netty.io, O=Netty";
private static final CertificateBuilder BASE = new CertificateBuilder()
.notBefore(NOW.minus(1, DAYS))
.notAfter(NOW.plus(1, DAYS))
.subject(SUBJECT);
private static final SecureRandom RNG = new SecureRandom();
@ParameterizedTest
@EnumSource
void createCertOfEveryKeyType(Algorithm algorithm) throws Exception {
// Assume that RSA 4096 and RSA 8192 work if the other RSA bit-widths work.
// These big keys just take too long to test with.
assumeTrue(algorithm != Algorithm.rsa4096 && algorithm != Algorithm.rsa8192);
assumeTrue(algorithm.isSupported());
assumeTrue(algorithm.supportSigning());
X509Bundle bundle = BASE.copy()
.algorithm(algorithm)
.setIsCertificateAuthority(true)
.buildSelfSigned();
X509Certificate cert = bundle.getCertificate();
assertTrue(bundle.isCertificateAuthority());
assertTrue(bundle.isSelfSigned());
assertThat(cert.getSubjectX500Principal()).isEqualTo(new X500Principal(SUBJECT));
}
@ParameterizedTest
@EnumSource
void createKeyPairOfEveryKeyType(Algorithm algorithm) throws Exception {
// Assume that RSA 4096 and RSA 8192 work if the other RSA bit-widths work.
// These big keys just take too long to test with.
assumeTrue(algorithm != Algorithm.rsa4096 && algorithm != Algorithm.rsa8192);
assumeTrue(algorithm.isSupported());
KeyPair keyPair = algorithm.generateKeyPair(RNG, null);
assertNotNull(keyPair);
assertNotNull(keyPair.getPrivate());
assertNotNull(keyPair.getPublic());
}
@ParameterizedTest
@EnumSource(names = {"ecp256", "ecp384", "rsa2048", "rsa3072"})
void createKeyPairWithProvider(Algorithm algorithm) throws Exception {
assumeTrue(algorithm.isSupported());
KeyPair keyPair = algorithm.generateKeyPair(RNG, new BouncyCastleProvider());
assertNotNull(keyPair);
assertNotNull(keyPair.getPrivate());
assertNotNull(keyPair.getPublic());
}
@EnabledForJreRange(
min = JRE.JAVA_24,
disabledReason = "ML-KEM is only supported in Java 24 onwards")
@ParameterizedTest
@EnumSource(names = {"mlKem512", "mlKem768", "mlKem1024"})
void createMlKemCerts(Algorithm algorithm) throws Exception {
CertificateBuilder mlKemBuilder = BASE.copy()
.algorithm(algorithm);
// ML-KEM cannot be used to sign itself
assertThrows(IllegalStateException.class, () -> {
mlKemBuilder.copy().setIsCertificateAuthority(true).buildSelfSigned();
});
CertificateBuilder mlDsaBuilder = BASE.copy()
.algorithm(Algorithm.mlDsa44);
X509Bundle issuer = mlDsaBuilder
.subject("CN=issuer.netty.io, O=Netty")
.setIsCertificateAuthority(true)
.buildSelfSigned();
// ML-KEM can be signed by others
X509Bundle mlKemBundle = mlKemBuilder.buildIssuedBy(issuer);
X509Certificate cert = mlKemBundle.getCertificate();
assertFalse(mlKemBundle.isCertificateAuthority());
assertFalse(mlKemBundle.isSelfSigned());
assertThat(cert.getSubjectX500Principal()).isEqualTo(new X500Principal(SUBJECT));Source
Frequently Asked Questions
What is the CertificateBuilderTest class?
CertificateBuilderTest is a class in the netty codebase, defined in pkitesting/src/test/java/io/netty/pkitesting/CertificateBuilderTest.java.
Where is CertificateBuilderTest defined?
CertificateBuilderTest is defined in pkitesting/src/test/java/io/netty/pkitesting/CertificateBuilderTest.java at line 65.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free