generate() — netty Function Reference

Architecture documentation for the generate() function in OpenJdkSelfSignedCertGenerator.java from the netty codebase.

Function java Buffer Allocators

Entity Profile

Buffer→ Allocators→ generate() — netty Function Reference

Dependency Diagram

graph TD
  11376dd1_3e7a_c28c_d430_db387ea86275["generate()"]
  1da85bed_718c_a614_6e29_892846cb43ba["OpenJdkSelfSignedCertGenerator"]
  11376dd1_3e7a_c28c_d430_db387ea86275 -->|defined in| 1da85bed_718c_a614_6e29_892846cb43ba
  style 11376dd1_3e7a_c28c_d430_db387ea86275 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java lines 280–339

    static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter,
                             String algorithm) throws Exception {
        if (!SUPPORTED) {
            throw new UnsupportedOperationException(
                    OpenJdkSelfSignedCertGenerator.class.getSimpleName() + " not supported on the used JDK version");
        }
        try {
            PrivateKey key = keypair.getPrivate();

            // Prepare the information required for generating an X.509 certificate.
            Object info = X509_CERT_INFO_CONSTRUCTOR.invoke();
            Object owner = X500_NAME_CONSTRUCTOR.invoke("CN=" + fqdn);

            CERT_INFO_SET_HANDLE.invoke(info, "version", CERTIFICATE_VERSION_CONSTRUCTOR.invoke(2));
            CERT_INFO_SET_HANDLE.invoke(info, "serialNumber",
                    CERTIFICATE_SERIAL_NUMBER_CONSTRUCTOR.invoke(new BigInteger(64, random)));
            try {
                CERT_INFO_SET_HANDLE.invoke(info, "subject", CERTIFICATE_SUBJECT_NAME_CONSTRUCTOR.invoke(owner));
            } catch (CertificateException ex) {
                CERT_INFO_SET_HANDLE.invoke(info, "subject", owner);
            }
            try {
                CERT_INFO_SET_HANDLE.invoke(info, "issuer", ISSUER_NAME_CONSTRUCTOR.invoke(owner));
            } catch (CertificateException ex) {
                CERT_INFO_SET_HANDLE.invoke(info, "issuer", owner);
            }
            CERT_INFO_SET_HANDLE.invoke(info, "validity",
                    CERTIFICATE_VALIDITY_CONSTRUCTOR.invoke(notBefore, notAfter));
            CERT_INFO_SET_HANDLE.invoke(info, "key", CERTIFICATE_X509_KEY_CONSTRUCTOR.invoke(keypair.getPublic()));
            CERT_INFO_SET_HANDLE.invoke(info, "algorithmID",
                    // sha256WithRSAEncryption
                    CERTIFICATE_ALORITHM_ID_CONSTRUCTOR.invoke(
                            ALGORITHM_ID_GET_HANDLE.invoke("1.2.840.113549.1.1.11")));

            // Sign the cert to identify the algorithm that's used.
            Object cert = CERT_IMPL_CONSTRUCTOR.invoke(info);
            CERT_IMPL_SIGN_HANDLE.invoke(cert, key,
                    algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");

            // Update the algorithm and sign again.
            CERT_INFO_SET_HANDLE.invoke(info, "algorithmID.algorithm",
                    CERT_IMPL_GET_HANDLE.invoke(cert, "x509.algorithm"));
            cert = CERT_IMPL_CONSTRUCTOR.invoke(info);
            CERT_IMPL_SIGN_HANDLE.invoke(cert, key,
                    algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");

            X509Certificate x509Cert = (X509Certificate) cert;
            x509Cert.verify(keypair.getPublic());

            return newSelfSignedCertificate(fqdn, key, x509Cert);
        } catch (Throwable cause) {
            if (cause instanceof Exception) {
                throw (Exception) cause;
            }
            if (cause instanceof Error) {
                throw (Error) cause;
            }
            throw new IllegalStateException(cause);
        }
    }