{"id":16883003,"url":"https://github.com/tsaarni/java-certy","last_synced_at":"2025-03-20T04:35:06.222Z","repository":{"id":37076045,"uuid":"504475526","full_name":"tsaarni/java-certy","owner":"tsaarni","description":"Java library for generating certificates for unit and integration tests.","archived":false,"fork":false,"pushed_at":"2024-10-21T18:04:36.000Z","size":543,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-22T09:07:08.820Z","etag":null,"topics":["certificates","java","pki","testing","x509"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tsaarni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-17T09:38:44.000Z","updated_at":"2024-10-21T18:04:33.000Z","dependencies_parsed_at":"2024-04-08T19:31:23.969Z","dependency_job_id":"82259c40-b543-4b74-883c-5d597480ba99","html_url":"https://github.com/tsaarni/java-certy","commit_stats":null,"previous_names":["tsaarni/certy"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsaarni%2Fjava-certy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsaarni%2Fjava-certy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsaarni%2Fjava-certy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsaarni%2Fjava-certy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tsaarni","download_url":"https://codeload.github.com/tsaarni/java-certy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244553990,"owners_count":20471172,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificates","java","pki","testing","x509"],"created_at":"2024-10-13T16:09:59.257Z","updated_at":"2025-03-20T04:35:06.194Z","avatar_url":"https://github.com/tsaarni.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Certy\n\n![](https://github.com/tsaarni/java-certy/workflows/unit-tests/badge.svg)\n[![Maven Central](https://img.shields.io/maven-central/v/fi.protonode/certy)](https://search.maven.org/search?q=g:fi.protonode%20AND%20a:certy)\n\n## Description\n\nCerty is a simple to use Java API for creating X509 certificates on demand when running unit tests.\nNo more storing test certificates and private keys in the repository!\n\nJava-certy is a version of similar tool for command line and Golang called [certyaml](https://github.com/tsaarni/certyaml), and [python-certy](https://github.com/tsaarni/python-certy) for Python.\n\n## Documentation\n\nRead the latest documentation [here](https://tsaarni.github.io/java-certy/).\nFor the latest releases, visit [Maven Central](https://central.sonatype.com/artifact/fi.protonode/certy).\n\n## Example\n\nTwo credentials are created: `ca` and `server`.\nOnly minimal set of fields needs to be defined since defaults work for most use cases.\nFor example `ca` certificate will be self-signed root CA since issuer is not set.\nThe `server` certificate is set to be signed by `ca` and its subject alternative name is set to `app.127.0.0.1.nip.io` to allow its use as server certificate for given domain.\nKey usage for end-entity certificates defaults to allow their use as both server and client certificates.\nWhen the defaults are not correct for particular use, they can be overwritten by calling the [builder methods](https://tsaarni.github.io/java-certy/fi/protonode/certy/Credential.html#method-summary).\n\n```java\nCredential ca = new Credential().subject(\"CN=ca\");\nCredential server = new Credential().subject(\"CN=server\")\n                                    .issuer(ca)\n                                    .subjectAltName(\"DNS:app.127.0.0.1.nip.io\");\n```\n\nThe `ca` certificate, `server` certificate and associated private key are written as PEM files:\n\n```java\nca.writeCertificateAsPem(Paths.get(\"ca.pem\"));\nserver.writeCertificateAsPem(Paths.get(\"server.pem\"))\n      .writePrivateKeyAsPem(Paths.get(\"server-key.pem\"));\n```\n\nThey can be stored in PKCS12 (or JKS) truststore and keystore:\n\n```java\nKeyStore truststore = KeyStore.getInstance(\"PKCS12\");\ntruststore.load(null, null); // Required to initialize the keystore.\ntruststore.setCertificateEntry(\"ca\", ca.getCertificate());\ntruststore.store(Files.newOutputStream(Paths.get(\"trusted.p12\")), \"secret\".toCharArray());\n\nKeyStore keystore = KeyStore.getInstance(\"PKCS12\");\nkeystore.load(null, null);\nkeystore.setKeyEntry(\"server\", server.getPrivateKey(), null, server.getCertificates());\nkeystore.store(Files.newOutputStream(Paths.get(\"server.p12\")), \"secret\".toCharArray());\n```\n\nFollowing certificates were created:\n\n```console\n$ openssl x509 -in ca.pem -text -noout\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number: 1655536454193 (0x18175a98a31)\n        Signature Algorithm: ecdsa-with-SHA256\n        Issuer: CN = ca\n        Validity\n            Not Before: Jun 18 07:14:14 2022 GMT\n            Not After : Jun 18 07:14:14 2023 GMT\n        Subject: CN = ca\n        Subject Public Key Info:\n            Public Key Algorithm: id-ecPublicKey\n                Public-Key: (256 bit)\n                pub:\n                    ...\n                ASN1 OID: prime256v1\n                NIST CURVE: P-256\n        X509v3 extensions:\n            X509v3 Basic Constraints: critical\n                CA:TRUE\n            X509v3 Subject Key Identifier:\n                8F:14:88:5A:27:5D:F5:B8:8D:16:AB:F1:51:21:29:F8:52:5A:65:0B\n            X509v3 Key Usage: critical\n                Certificate Sign, CRL Sign\n    Signature Algorithm: ecdsa-with-SHA256\n         ...\n\n$ openssl x509 -in server.pem -text -noout\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number: 1655536454415 (0x18175a98b0f)\n        Signature Algorithm: ecdsa-with-SHA256\n        Issuer: CN = ca\n        Validity\n            Not Before: Jun 18 07:14:14 2022 GMT\n            Not After : Jun 18 07:14:14 2023 GMT\n        Subject: CN = server\n        Subject Public Key Info:\n            Public Key Algorithm: id-ecPublicKey\n                Public-Key: (256 bit)\n                pub:\n                    ...\n                ASN1 OID: prime256v1\n                NIST CURVE: P-256\n        X509v3 extensions:\n            X509v3 Basic Constraints: critical\n                CA:FALSE\n            X509v3 Subject Key Identifier:\n                B0:AC:25:D9:8D:5D:17:02:22:DA:71:C0:52:04:D3:8E:B4:A0:AC:D9\n            X509v3 Key Usage: critical\n                Digital Signature, Key Encipherment, Key Agreement\n            X509v3 Subject Alternative Name:\n                DNS:app.127.0.0.1.nip.io\n    Signature Algorithm: ecdsa-with-SHA256\n         ...\n```\n\nAnd the content of keystores:\n\n```console\n$ keytool -list  -keystore trusted.p12 -storepass secret\nKeystore type: PKCS12\nKeystore provider: SUN\n\nYour keystore contains 1 entry\n\nca, Jun 18, 2022, trustedCertEntry,\nCertificate fingerprint (SHA-256): 3F:54:0D:F3:CE:A8:0A:E9:72:D1:55:96:2B:A2:4E:11:5E:96...\n\n$ keytool -list -keystore server.p12 -storepass secret\nKeystore type: PKCS12\nKeystore provider: SUN\n\nYour keystore contains 1 entry\n\nserver, Jun 18, 2022, PrivateKeyEntry,\nCertificate fingerprint (SHA-256): 4E:6A:7C:57:B7:21:31:E2:58:6E:35:95:5F:26:4F:8F:F9:F4...\n```\n\nCheck out the [unit tests](lib/src/test/java/fi/protonode/certy/TestCredential.java) for more code examples.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsaarni%2Fjava-certy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftsaarni%2Fjava-certy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsaarni%2Fjava-certy/lists"}