Revert "Revert mortent/cfg operator cert"

1 files changed, 17 insertions, 0 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index cefa8ab2f51..215dc311af3 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -18,13 +18,18 @@ import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 import java.io.UncheckedIOException;
+import java.math.BigInteger;
 import java.security.GeneralSecurityException;
+import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -161,4 +166,16 @@ public class X509CertificateUtils {
         }
     }
 
+    public static X509CertificateWithKey createSelfSigned(String cn, Duration duration) {
+        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
+        X500Principal subject = new X500Principal(cn);
+        Instant now = Instant.now();
+        X509Certificate cert =
+                X509CertificateBuilder.fromKeypair(keyPair, subject, now,
+                                                   now.plus(duration), SignatureAlgorithm.SHA256_WITH_ECDSA,
+                                                   BigInteger.ONE)
+                        .setBasicConstraints(true, true)
+                        .build();
+        return new X509CertificateWithKey(cert, keyPair.getPrivate());
+    }
 }