diff --git a/handler/pom.xml b/handler/pom.xml
index 978aa2f..1b8ef3a 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -51,11 +51,6 @@
<optional>true</optional>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
<groupId>org.eclipse.jetty.npn</groupId>
<artifactId>npn-api</artifactId>
<optional>true</optional>
diff --git a/handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java b/handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java
deleted file mode 100644
index 88a7c9d..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright 2014 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-package io.netty.handler.ssl.util;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-import static io.netty.handler.ssl.util.SelfSignedCertificate.*;
-
-/**
- * Generates a self-signed certificate using <a href="http://www.bouncycastle.org/">Bouncy Castle</a>.
- */
-final class BouncyCastleSelfSignedCertGenerator {
-
- private static final Provider PROVIDER = new BouncyCastleProvider();
-
- static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
- PrivateKey key = keypair.getPrivate();
-
- // Prepare the information required for generating an X.509 certificate.
- X500Name owner = new X500Name("CN=" + fqdn);
- X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
- owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic());
-
- ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
- X509CertificateHolder certHolder = builder.build(signer);
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
- cert.verify(keypair.getPublic());
-
- return newSelfSignedCertificate(fqdn, key, cert);
- }
-
- private BouncyCastleSelfSignedCertGenerator() { }
-}
diff --git a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
index 54257a7..074764f 100644
--- a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
+++ b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
@@ -48,8 +48,7 @@ import java.util.Date;
* {@link java.io.File#createTempFile(String, String)}, and they are deleted when the JVM exits using
* {@link java.io.File#deleteOnExit()}.
* </p><p>
- * At first, this method tries to use OpenJDK's X.509 implementation (the {@code sun.security.x509} package).
- * If it fails, it tries to use <a href="http://www.bouncycastle.org/">Bouncy Castle</a> as a fallback.
+ * This method tries to use OpenJDK's X.509 implementation (the {@code sun.security.x509} package).
* </p>
*/
public final class SelfSignedCertificate {
@@ -107,15 +106,9 @@ public final class SelfSignedCertificate {
paths = OpenJdkSelfSignedCertGenerator.generate(fqdn, keypair, random);
} catch (Throwable t) {
logger.debug("Failed to generate a self-signed X.509 certificate using sun.security.x509:", t);
- try {
- // Try Bouncy Castle if the current JVM didn't have sun.security.x509.
- paths = BouncyCastleSelfSignedCertGenerator.generate(fqdn, keypair, random);
- } catch (Throwable t2) {
- logger.debug("Failed to generate a self-signed X.509 certificate using Bouncy Castle:", t2);
- throw new CertificateException(
- "No provider succeeded to generate a self-signed certificate. " +
- "See debug log for the root cause.");
- }
+ throw new CertificateException(
+ "No provider succeeded to generate a self-signed certificate. " +
+ "See debug log for the root cause.");
}
certificate = new File(paths[0]);
diff --git a/pom.xml b/pom.xml
index b68f446..4a5cbd4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -677,19 +677,6 @@
<optional>true</optional>
</dependency>
- <!--
- Bouncy Castle - completely optional, only needed when:
- - you generate a temporary self-signed certificate using SelfSignedCertificate, and
- - you don't use the JDK which doesn't provide sun.security.x509 package.
- -->
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>1.50</version>
- <scope>compile</scope>
- <optional>true</optional>
- </dependency>
-
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jzlib</artifactId>