Class X509v3CertificateBuilder
java.lang.Object
eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder
Class to produce an X.509 Version 3 certificate. Based on the BC bcmail
library and deprecated class of the BC. We don't use BC mail
as adding an another big dependency only for the certificate
creation doesn't make much sense.
-
Constructor Summary
ConstructorsConstructorDescriptionX509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) Create a builder for a version 3 certificate. -
Method Summary
Modifier and TypeMethodDescriptionaddExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value) Add a given extension field for the standard extensions tag (tag 3)build(PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, String sigAlgName, String provider, SecureRandom random) Generate the certificate, signing it with the provided private key and using the specified algorithm.static org.bouncycastle.asn1.x509.AlgorithmIdentifierExtracts the full algorithm identifier from the given certificate.
-
Constructor Details
-
X509v3CertificateBuilder
public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) Create a builder for a version 3 certificate.- Parameters:
issuer- the certificate issuerserial- the certificate serial numbernotBefore- the date before which the certificate is not validnotAfter- the date after which the certificate is not validsubject- the certificate subjectpublicKeyInfo- the info structure for the public key to be associated with this certificate.
-
-
Method Details
-
addExtension
public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value) throws IOException Add a given extension field for the standard extensions tag (tag 3)- Parameters:
oid- the OID defining the extension type.isCritical- true if the extension is critical, false otherwise.value- the ASN.1 structure that forms the extension's value.- Returns:
- this builder object.
- Throws:
IOException- IO exception
-
build
public X509Certificate build(PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, String sigAlgName, String provider, SecureRandom random) throws InvalidKeyException, CertificateParsingException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, IOException Generate the certificate, signing it with the provided private key and using the specified algorithm.- Parameters:
key- to be used for signingsigAlg- oid and paramters of the signature algsigAlgName- name of the signature algprovider- can be null -> default will be usedrandom- can be null -> default will be used- Returns:
- generated certificate
- Throws:
InvalidKeyException- invalid key exceptionCertificateParsingException- certificate parsing exceptionNoSuchProviderException- no such provider exceptionNoSuchAlgorithmException- no such algorithm exceptionSignatureException- signature exceptionIOException- IO exception
-
extractAlgorithmId
public static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId(X509Certificate cert) throws IOException Extracts the full algorithm identifier from the given certificate.- Parameters:
cert- input certificate- Returns:
- extracted algorithm id
- Throws:
IOException- if parameters of the algorithm can not be parsed
-