Package org.bouncycastle.cert

Class X509v3CertificateBuilder

    • Constructor Summary

      Constructors 
      Constructor Description
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, java.util.Locale dateLocale, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, org.bouncycastle.asn1.x509.Time notBefore, org.bouncycastle.asn1.x509.Time notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(X509CertificateHolder template)
      Create a builder for a version 3 certificate, initialised with another certificate.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Add a given extension field for the standard extensions tag (tag 3)
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Add a given extension field for the standard extensions tag (tag 3).
      X509CertificateHolder build​(ContentSigner signer)
      Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
      X509v3CertificateBuilder copyAndAddExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder)
      Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
      org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return the current value of the extension for OID.
      boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return if the extension indicated by OID is present.
      X509v3CertificateBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Remove the extension indicated by OID.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v3CertificateBuilder setIssuerUniqueID​(boolean[] uniqueID)
      Set the issuerUniqueID - note: it is very rare that it is correct to do this.
      X509v3CertificateBuilder setSubjectUniqueID​(boolean[] uniqueID)
      Set the subjectUniqueID - note: it is very rare that it is correct to do this.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the date before which the certificate is not valid
        notAfter - the date after which the certificate is not valid
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                java.util.Locale dateLocale,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate. You may need to use this constructor if the default locale doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the date before which the certificate is not valid
        notAfter - the date after which the certificate is not valid
        dateLocale - locale to be used for date interpretation.
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                org.bouncycastle.asn1.x509.Time notBefore,
                                org.bouncycastle.asn1.x509.Time notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the Time before which the certificate is not valid
        notAfter - the Time after which the certificate is not valid
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(X509CertificateHolder template)
        Create a builder for a version 3 certificate, initialised with another certificate.
        Parameters:
        template - template certificate to base the new one on.

    • Method Detail

      • hasExtension

        public boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return if the extension indicated by OID is present.
        Parameters:
        oid - the OID for the extension of interest.
        Returns:
        the Extension, or null if it is not present.

      • getExtension

        public org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return the current value of the extension for OID.
        Parameters:
        oid - the OID for the extension we want to fetch.
        Returns:
        true if a matching extension is present, false otherwise.

      • setSubjectUniqueID

        public X509v3CertificateBuilder setSubjectUniqueID​(boolean[] uniqueID)
        Set the subjectUniqueID - note: it is very rare that it is correct to do this.
        Parameters:
        uniqueID - a boolean array representing the bits making up the subjectUniqueID.
        Returns:
        this builder object.

      • setIssuerUniqueID

        public X509v3CertificateBuilder setIssuerUniqueID​(boolean[] uniqueID)
        Set the issuerUniqueID - note: it is very rare that it is correct to do this.
        Parameters:
        uniqueID - a boolean array representing the bits making up the issuerUniqueID.
        Returns:
        this builder object.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             org.bouncycastle.asn1.ASN1Encodable value)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3)
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been used.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3).
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been used.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             byte[] encodedValue)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been allocated.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                 boolean isCritical,
                                                 org.bouncycastle.asn1.ASN1Encodable value)
                                          throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
                                          throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                 boolean isCritical,
                                                 byte[] encodedValue)
                                          throws CertIOException
        Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • removeExtension

        public X509v3CertificateBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Remove the extension indicated by OID.
        Parameters:
        oid - the OID of the extension to be removed.
        Returns:
        this builder object.
        Throws:
        java.lang.IllegalArgumentException - if the extension to be removed is not present.

      • copyAndAddExtension

        public X509v3CertificateBuilder copyAndAddExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                    boolean isCritical,
                                                    X509CertificateHolder certHolder)
        Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the copied extension is to be marked as critical, false otherwise.
        certHolder - the holder for the certificate that the extension is to be copied from.
        Returns:
        this builder object.

      • build

        public X509CertificateHolder build​(ContentSigner signer)
        Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
        Parameters:
        signer - the content signer to be used to generate the signature validating the certificate.
        Returns:
        a holder containing the resulting signed certificate.