2323import java .security .KeyStore ;
2424import java .security .PrivateKey ;
2525import java .security .PublicKey ;
26- import java .security .SecureRandom ;
2726import java .security .Signature ;
2827import java .security .cert .CertificateFactory ;
2928import java .security .cert .X509Certificate ;
4241 */
4342final class SelfSignedCertificateGenerator {
4443
45- private static final SecureRandom RANDOM = SecureRandomHelper .getSecureRandom ();
46-
4744 private SelfSignedCertificateGenerator () {
4845 }
4946
@@ -80,17 +77,17 @@ static KeyStore generateKeyStore(String password, String keyType) throws Excepti
8077 KeyPairGenerator keyGen ;
8178 if ("EC" .equals (type )) {
8279 keyGen = KeyPairGenerator .getInstance ("EC" );
83- keyGen .initialize (new ECGenParameterSpec ("secp256r1" ), RANDOM );
80+ keyGen .initialize (new ECGenParameterSpec ("secp256r1" ), SecureRandomHelper . getSecureRandom () );
8481 } else if ("RSA" .equals (type )) {
8582 keyGen = KeyPairGenerator .getInstance ("RSA" );
86- keyGen .initialize (2048 , RANDOM );
83+ keyGen .initialize (2048 , SecureRandomHelper . getSecureRandom () );
8784 } else {
8885 throw new IllegalArgumentException (
8986 "Unsupported self-signed certificate key type: " + keyType + " (supported: EC, RSA)" );
9087 }
9188 KeyPair keyPair = keyGen .generateKeyPair ();
9289
93- X509Certificate cert = generateCertificate (keyPair , type , RANDOM );
90+ X509Certificate cert = generateCertificate (keyPair , type );
9491
9592 KeyStore ks = KeyStore .getInstance ("PKCS12" );
9693 ks .load (null , password .toCharArray ());
@@ -100,7 +97,7 @@ static KeyStore generateKeyStore(String password, String keyType) throws Excepti
10097 return ks ;
10198 }
10299
103- private static X509Certificate generateCertificate (KeyPair keyPair , String keyType , SecureRandom random )
100+ private static X509Certificate generateCertificate (KeyPair keyPair , String keyType )
104101 throws Exception {
105102 PublicKey publicKey = keyPair .getPublic ();
106103 PrivateKey privateKey = keyPair .getPrivate ();
@@ -109,16 +106,15 @@ private static X509Certificate generateCertificate(KeyPair keyPair, String keyTy
109106 ZonedDateTime expiry = now .plusDays (365 );
110107
111108 // Build self-signed X.509 certificate using DER encoding
112- byte [] encoded = buildSelfSignedCertificateDer (publicKey , privateKey , keyType , now , expiry , random );
109+ byte [] encoded = buildSelfSignedCertificateDer (publicKey , privateKey , keyType , now , expiry );
113110
114111 CertificateFactory cf = CertificateFactory .getInstance ("X.509" );
115112 return (X509Certificate ) cf .generateCertificate (new ByteArrayInputStream (encoded ));
116113 }
117114
118115 private static byte [] buildSelfSignedCertificateDer (
119116 PublicKey publicKey , PrivateKey privateKey , String keyType ,
120- ZonedDateTime notBefore , ZonedDateTime notAfter ,
121- SecureRandom random )
117+ ZonedDateTime notBefore , ZonedDateTime notAfter )
122118 throws Exception {
123119
124120 boolean ec = "EC" .equals (keyType );
@@ -130,7 +126,7 @@ private static byte[] buildSelfSignedCertificateDer(
130126
131127 // TBS Certificate
132128 byte [] tbsCertificate
133- = buildTbsCertificate (publicKey , issuerDn , signatureAlgorithm , notBefore , notAfter , random );
129+ = buildTbsCertificate (publicKey , issuerDn , signatureAlgorithm , notBefore , notAfter );
134130
135131 // Sign the TBS certificate
136132 Signature sig = Signature .getInstance (signatureAlgorithmName );
@@ -146,15 +142,14 @@ private static byte[] buildSelfSignedCertificateDer(
146142
147143 private static byte [] buildTbsCertificate (
148144 PublicKey publicKey , byte [] dn , byte [] signatureAlgorithm ,
149- ZonedDateTime notBefore , ZonedDateTime notAfter ,
150- SecureRandom random ) {
145+ ZonedDateTime notBefore , ZonedDateTime notAfter ) {
151146
152147 // Version: v3 (2)
153148 byte [] version = wrapExplicitTag (0 , wrapInteger (new byte [] { 2 }));
154149
155150 // Serial number
156151 byte [] serialBytes = new byte [16 ];
157- random .nextBytes (serialBytes );
152+ SecureRandomHelper . getSecureRandom () .nextBytes (serialBytes );
158153 serialBytes [0 ] &= 0x7F ; // ensure positive
159154 byte [] serial = wrapInteger (serialBytes );
160155
0 commit comments