Hi All This enhancement creates a new jdk.security.cert.X509CertificateBuilder API that does what keytool -genkeypair/-certreq/-gencert can do.
code changes: http://cr.openjdk.java.net/~weijun/8058778/webrev.04 http://cr.openjdk.java.net/~weijun/8058778/dev/webrev.01/ spec: http://cr.openjdk.java.net/~weijun/8058778/webrev.04/ktspec/jdk/security/cert/X509CertificateBuilder.html You will be able to KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); KeyPair ca = kpg.generateKeyPair(); KeyPair user = kpg.generateKeyPair(); X509Certificate caCert = X509CertificateBuilder.fromKeyPair(ca) .subject(new X500Principal("CN=ca")) .validity(Instant.now(), Instant.now().plus(Period.ofDays(3650))) .addExtension("BasicConstraints", "", true) .signatureAlgorithm("SHA256withRSA") .selfSign(); byte[] request = X509CertificateBuilder.fromKeyPair(user) .subject(new X500Principal("CN=user")) .addExtension("KeyUsage", "digitalSignature,keyEncipherment", true) .request(); X509Certificate userCert = X509CertificateBuilder.asCA( ca.getPrivate(), caCert) .signatureAlgorithm("SHA256withRSA") .honorExtensions("all") .sign(request); Thanks Max
