Package org.wildfly.security.x500.cert

Class SelfSignedX509CertificateAndSigningKey.Builder

  • Enclosing class:
    SelfSignedX509CertificateAndSigningKey
    public static class SelfSignedX509CertificateAndSigningKey.Builder
extends Object
    A Builder to configure and generate a SelfSignedX509CertificateAndSigningKey. This Builder generates a key pair and then wraps the resulting public key into a self-signed X.509 certificate.

    • Field Detail

      • DEFAULT_KEY_ALGORITHM_NAME

        public static final String DEFAULT_KEY_ALGORITHM_NAME
        The default key algorithm name.
        See Also:
        Constant Field Values

      • DEFAULT_EC_KEY_SIZE

        public static final int DEFAULT_EC_KEY_SIZE
        The default key size that will be used if the key algorithm name is EC.
        See Also:
        Constant Field Values

      • DEFAULT_KEY_SIZE

        public static final int DEFAULT_KEY_SIZE
        The default key size that will be used if the key algorithm name is not EC.
        See Also:
        Constant Field Values

    • Method Detail

      • setKeyAlgorithmName

        public SelfSignedX509CertificateAndSigningKey.Builder setKeyAlgorithmName​(String keyAlgorithmName)
        Set the key algorithm name to use when generating the key pair.
        Parameters:
        keyAlgorithmName - the key algorithm name to use when generating the key pair (must not be null)
        Returns:
        this builder instance

      • setKeySize

        public SelfSignedX509CertificateAndSigningKey.Builder setKeySize​(int keySize)
        Set the key size to use when generating the key pair.
        Parameters:
        keySize - the key size to use when generating the key pair
        Returns:
        this builder instance

      • setSignatureAlgorithmName

        public SelfSignedX509CertificateAndSigningKey.Builder setSignatureAlgorithmName​(String signatureAlgorithmName)
        Set the signature algorithm name to use when signing the self-signed certificate.
        Parameters:
        signatureAlgorithmName - the signature algorithm to use when signing the self-signed certificate (must not be null)
        Returns:
        this builder instance

      • addExtension

        public SelfSignedX509CertificateAndSigningKey.Builder addExtension​(boolean critical,
                                                                   String extensionName,
                                                                   String extensionValue)
                                                            throws IllegalArgumentException
        Add an X.509 certificate extension using the given extension name and string value. If an extension with the same name already exists, an exception is thrown. The following extension names and values are supported:
        • name: BasicConstraints
          value: ca:{true|false}[,pathlen:<len>] where ca indicates whether or not the subject is a CA. If ca is true, pathlen indicates the path length constraint.

        • name: KeyUsage
          value: usage(,usage)* where value is a list of the allowed key usages, where each usage value must be one of the following (usage values are case-sensitive):
          • digitalSignature
          • nonRepudiation
          • keyEncipherment
          • dataEncipherment
          • keyAgreement
          • keyCertSign
          • cRLSign
          • encipherOnly
          • decipherOnly
        • name: ExtendedKeyUsage
          value: usage(,usage)* where value is a list of the allowed key purposes, where each usage value must be one of the following (usage values are case-sensitive):
          • serverAuth
          • clientAuth
          • codeSigning
          • emailProtection
          • timeStamping
          • OCSPSigning
          • any OID string
        • name SubjectAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: IssuerAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: AuthorityInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be ocsp, caIssuers, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.

        • name: SubjectInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be timeStamping, caRepository, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.
        Parameters:
        critical - whether the extension should be marked as critical
        extensionName - the extension name (must not be null)
        extensionValue - the extension value, as a string (must not be null)
        Returns:
        this builder instance
        Throws:
        IllegalArgumentException - if an extension with the same name has already been added or if an error occurs while attempting to add the extension

      • addOrReplaceExtension

        public X509CertificateExtension addOrReplaceExtension​(X509CertificateExtension extension)
        Add or replace an X.509 certificate extension. If an extension with the same OID already exists, it is replaced and returned.
        Parameters:
        extension - the extension to add (must not be null)
        Returns:
        the existing extension or null if no other extension with the same OID existed

      • addOrReplaceExtension

        public X509CertificateExtension addOrReplaceExtension​(boolean critical,
                                                      String extensionName,
                                                      String extensionValue)
        Add or replace an X.509 certificate extension. If an extension with the same name already exists, it is replaced and returned. See addExtension(boolean, String, String) for the supported extension names and values.
        Parameters:
        critical - whether the extension should be marked as critical
        extensionName - the extension name (must not be null)
        extensionValue - the extension value, as a string (must not be null)
        Returns:
        the existing extension or null if no other extension with the same OID existed or if an error occurs while attempting to add the extension

      • removeExtension

        public X509CertificateExtension removeExtension​(String oid)
        Remove the X.509 extension with the given OID, if it is registered.
        Parameters:
        oid - the OID of the extension to remove (must not be null)
        Returns:
        the extension or null if no extension with the same OID existed

      • build

        public SelfSignedX509CertificateAndSigningKey build()
                                             throws IllegalArgumentException
        Attempt to generate a key pair and wrap the resulting public key into a self-signed X.509 certificate.
        Returns:
        the self-signed X.509 certificate and signing key
        Throws:
        IllegalArgumentException - if a required builder parameter is missing or invalid or if an error occurs while attempting to generate the self-signed X.509 certificate