Class KeyToolUtils


  • public class KeyToolUtils
    extends Object
    Utilities for working with Java keytool
    • Field Detail

      • SUPPORTS_HOST_CERT

        public static final boolean SUPPORTS_HOST_CERT
        Does this class support generation of host certificates?
    • Method Detail

      • genkeypair

        public static void genkeypair​(File keystore,
                                      String alias,
                                      String password,
                                      int validity,
                                      String dname,
                                      String ext)
                               throws IOException
        Generate a self-signed keypair using the algorithm "RSA". Requires Java 7 or later if the "ext" parameter is not null.
        Parameters:
        keystore - the keystore; if it already contains the alias the command will fail
        alias - the alias to use, not null
        password - the password to use for the store and the key
        validity - the validity period in days, greater than 0
        dname - the distinguished name value, if omitted use "cn=JMeter Proxy (DO NOT TRUST)"
        ext - if not null, the extension (-ext) to add (e.g. "bc:c"). This requires Java 7.
        Throws:
        IOException - if keytool was not configured or running keytool application fails
      • generateProxyCA

        public static void generateProxyCA​(File keystore,
                                           String password,
                                           int validity)
                                    throws IOException
        Creates a self-signed Root CA certificate and an intermediate CA certificate (signed by the Root CA certificate) that can be used to sign server certificates. The Root CA certificate file is exported to the same directory as the keystore in formats suitable for Firefox/Chrome/IE (.crt) and Opera (.usr). Requires Java 7 or later.
        Parameters:
        keystore - the keystore in which to store everything
        password - the password for keystore and keys
        validity - the validity period in days, must be greater than 0
        Throws:
        IOException - if keytool was not configured, running keytool application failed or copying the keys failed
      • generateHostCert

        public static void generateHostCert​(File keystore,
                                            String password,
                                            String host,
                                            int validity)
                                     throws IOException
        Create a host certificate signed with the CA certificate. Requires Java 7 or later.
        Parameters:
        keystore - the keystore to use
        password - the password to use for the keystore and keys
        host - the host, e.g. jmeter.apache.org or *.apache.org; also used as the alias
        validity - the validity period for the generated keypair
        Throws:
        IOException - if keytool was not configured or running keytool application failed
      • list

        public static String list​(File keystore,
                                  String storePass)
                           throws IOException
        List the contents of a keystore
        Parameters:
        keystore - the keystore file
        storePass - the keystore password
        Returns:
        the output from the command "keytool -list -v"
        Throws:
        IOException - if keytool was not configured or running keytool application failed
      • getCAaliases

        public static String[] getCAaliases()
        Returns a list of the CA aliases that should be in the keystore.
        Returns:
        the aliases that are used for the keystore
      • getRootCAalias

        public static String getRootCAalias()
        Get the root CA alias; needed to check the serial number and fingerprint
        Returns:
        the alias
      • haveKeytool

        public static boolean haveKeytool()
        Returns:
        flag whether KEYTOOL_PATH is configured (is not null)