Package eu.emi.security.authn.x509.helpers.proxy

Class X509v3CertificateBuilder

  • public class X509v3CertificateBuilder
extends java.lang.Object
    Class to produce an X.509 Version 3 certificate. Based on the BC bcmail library and deprecated class of the BC. We don't use BC mail as adding an another big dependency only for the certificate creation doesn't make much sense.

    • Constructor Summary

      Constructors 
      Constructor Description
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value)
      Add a given extension field for the standard extensions tag (tag 3)
      java.security.cert.X509Certificate build​(java.security.PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, java.lang.String sigAlgName, java.lang.String provider, java.security.SecureRandom random)
      Generate the certificate, signing it with the provided private key and using the specified algorithm.
      static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId​(java.security.cert.X509Certificate cert)
      Extracts the full algorithm identifier from the given certificate.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the date before which the certificate is not valid
        notAfter - the date after which the certificate is not valid
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

    • Method Detail

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             org.bouncycastle.asn1.ASN1Object value)
                                      throws java.io.IOException
        Add a given extension field for the standard extensions tag (tag 3)
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        java.io.IOException - IO exception

      • build

        public java.security.cert.X509Certificate build​(java.security.PrivateKey key,
                                                org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
                                                java.lang.String sigAlgName,
                                                java.lang.String provider,
                                                java.security.SecureRandom random)
                                         throws java.security.InvalidKeyException,
                                                java.security.cert.CertificateParsingException,
                                                java.security.NoSuchProviderException,
                                                java.security.NoSuchAlgorithmException,
                                                java.security.SignatureException,
                                                java.io.IOException
        Generate the certificate, signing it with the provided private key and using the specified algorithm.
        Parameters:
        key - to be used for signing
        sigAlg - oid and paramters of the signature alg
        sigAlgName - name of the signature alg
        provider - can be null -> default will be used
        random - can be null -> default will be used
        Returns:
        generated certificate
        Throws:
        java.security.InvalidKeyException - invalid key exception
        java.security.cert.CertificateParsingException - certificate parsing exception
        java.security.NoSuchProviderException - no such provider exception
        java.security.NoSuchAlgorithmException - no such algorithm exception
        java.security.SignatureException - signature exception
        java.io.IOException - IO exception

      • extractAlgorithmId

        public static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId​(java.security.cert.X509Certificate cert)
                                                                         throws java.io.IOException
        Extracts the full algorithm identifier from the given certificate.
        Parameters:
        cert - input certificate
        Returns:
        extracted algorithm id
        Throws:
        java.io.IOException - if parameters of the algorithm can not be parsed