org.wildfly.security.x500.cert

Class X509CertificateBuilder

java.lang.Object

org.wildfly.security.x500.cert.X509CertificateBuilder

public final class X509CertificateBuilder
extends Object

A builder for X.509 certificates.

Author:

David M. Lloyd

Constructor Summary

Constructors

Constructor and Description
X509CertificateBuilder() Construct a new uninitialized instance.

Method Summary

Modifier and Type	Method and Description
X509CertificateBuilder	addExtension(X509CertificateExtension extension) Add a certificate extension.
X509CertificateExtension	addOrReplaceExtension(X509CertificateExtension extension) Add or replace a certificate extension.
X509Certificate	build() Attempt to construct and sign an X.509 certificate according to the information in this builder.
X500Principal	getIssuerDn() Get the issuer DN.
byte[]	getIssuerUniqueId() Get the issuer unique ID.
ZonedDateTime	getNotValidAfter() Get the not-valid-after date.
ZonedDateTime	getNotValidBefore() Get the not-valid-before date.
PublicKey	getPublicKey() Get the public key.
BigInteger	getSerialNumber() Get the serial number of the certificate being built.
String	getSignatureAlgorithmName() Get the signature algorithm name.
PrivateKey	getSigningKey() Get the signing key.
X500Principal	getSubjectDn() Get the subject DN.
byte[]	getSubjectUniqueId() Get the subject unique ID.
int	getVersion() Get the certificate version.
X509CertificateExtension	removeExtension(String oid) Remove the extension with the given OID, if it is registered.
X509CertificateBuilder	setIssuerDn(X500Principal issuerDn) Set the issuer DN.
X509CertificateBuilder	setIssuerUniqueId(byte[] issuerUniqueId) Set the issuer unique ID.
X509CertificateBuilder	setNotValidAfter(ZonedDateTime notValidAfter) Set the not-valid-after date.
X509CertificateBuilder	setNotValidBefore(ZonedDateTime notValidBefore) Set the not-valid-before date.
X509CertificateBuilder	setPublicKey(PublicKey publicKey) Set the public key.
X509CertificateBuilder	setSerialNumber(BigInteger serialNumber) Set the serial number of the certificate being built.
X509CertificateBuilder	setSignatureAlgorithmName(String signatureAlgorithmName) Set the signature algorithm name.
X509CertificateBuilder	setSigningKey(PrivateKey signingKey) Set the signing key.
X509CertificateBuilder	setSubjectDn(X500Principal subjectDn) Set the subject DN.
X509CertificateBuilder	setSubjectUniqueId(byte[] subjectUniqueId) Set the subject unique ID.
X509CertificateBuilder	setVersion(int version) Set the certificate version.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509CertificateBuilder

public X509CertificateBuilder()

Construct a new uninitialized instance.

Method Detail

addExtension

public X509CertificateBuilder addExtension(X509CertificateExtension extension)

Add a certificate extension. If an extension with the same OID already exists, an exception is thrown.

Parameters:

extension - the extension to add (must not be null)

Returns:

this builder instance

addOrReplaceExtension

public X509CertificateExtension addOrReplaceExtension(X509CertificateExtension extension)

Add or replace a certificate extension. If an extension with the same OID already exists, it is replaced and returned.

Parameters:

extension - the extension to add (must not be null)

Returns:

the existing extension, or null if no other extension with the same OID was existent

removeExtension

public X509CertificateExtension removeExtension(String oid)

Remove the extension with the given OID, if it is registered.

Parameters:

oid - the OID of the extension to remove

Returns:

the extension, or null if no extension with the same OID was existent

getVersion

public int getVersion()

Get the certificate version.

Returns:

the certificate version

setVersion

public X509CertificateBuilder setVersion(int version)

Set the certificate version.

Parameters:

version - the certificate version (must be between 1 and 3, inclusive)

Returns:

this builder instance

getSerialNumber

public BigInteger getSerialNumber()

Get the serial number of the certificate being built.

Returns:

the serial number of the certificate being built (must not be null)

setSerialNumber

public X509CertificateBuilder setSerialNumber(BigInteger serialNumber)

Set the serial number of the certificate being built. The serial number must be positive and no larger than 20 octets (or 2^160).

Parameters:

serialNumber - the serial number of the certificate being built

Returns:

this builder instance

getSubjectDn

public X500Principal getSubjectDn()

Get the subject DN.

Returns:

the subject DN

setSubjectDn

public X509CertificateBuilder setSubjectDn(X500Principal subjectDn)

Set the subject DN.

Parameters:

subjectDn - the subject DN (must not be null)

Returns:

this builder instance

getSubjectUniqueId

public byte[] getSubjectUniqueId()

Get the subject unique ID.

Returns:

the subject unique ID

setSubjectUniqueId

public X509CertificateBuilder setSubjectUniqueId(byte[] subjectUniqueId)

Set the subject unique ID.

Parameters:

subjectUniqueId - the subject unique ID (must not be null)

Returns:

this builder instance

getIssuerDn

public X500Principal getIssuerDn()

Get the issuer DN.

Returns:

the issuer DN

setIssuerDn

public X509CertificateBuilder setIssuerDn(X500Principal issuerDn)

Set the issuer DN.

Parameters:

issuerDn - the issuer DN (must not be null)

Returns:

this builder instance

getIssuerUniqueId

public byte[] getIssuerUniqueId()

Get the issuer unique ID.

Returns:

the issuer unique ID

setIssuerUniqueId

public X509CertificateBuilder setIssuerUniqueId(byte[] issuerUniqueId)

Set the issuer unique ID.

Parameters:

issuerUniqueId - the issuer unique ID (must not be null)

Returns:

this builder instance

getNotValidBefore

public ZonedDateTime getNotValidBefore()

Get the not-valid-before date. The default is the date when this builder was constructed.

Returns:

the not-valid-before date

setNotValidBefore

public X509CertificateBuilder setNotValidBefore(ZonedDateTime notValidBefore)

Set the not-valid-before date.

Parameters:

notValidBefore - the not-valid-before date (must not be null)

Returns:

this builder instance

getNotValidAfter

public ZonedDateTime getNotValidAfter()

Get the not-valid-after date. The default is equal to 99991231235959Z as specified in RFC 5280.

Returns:

the not-valid-after date

setNotValidAfter

public X509CertificateBuilder setNotValidAfter(ZonedDateTime notValidAfter)

Set the not-valid-after date.

Parameters:

notValidAfter - the not-valid-after date (must not be null)

Returns:

this builder instance

getPublicKey

public PublicKey getPublicKey()

Get the public key.

Returns:

the public key

setPublicKey

public X509CertificateBuilder setPublicKey(PublicKey publicKey)

Set the public key.

Parameters:

publicKey - the public key (must not be null)

Returns:

this builder instance

getSigningKey

public PrivateKey getSigningKey()

Get the signing key.

Returns:

the signing key

setSigningKey

public X509CertificateBuilder setSigningKey(PrivateKey signingKey)

Set the signing key.

Parameters:

signingKey - the signing key (must not be null)

Returns:

this builder instance

getSignatureAlgorithmName

public String getSignatureAlgorithmName()

Get the signature algorithm name.

Returns:

the signature algorithm name

setSignatureAlgorithmName

public X509CertificateBuilder setSignatureAlgorithmName(String signatureAlgorithmName)

Set the signature algorithm name.

Parameters:

signatureAlgorithmName - the signature algorithm name (must not be null)

Returns:

this builder instance

build

public X509Certificate build()
                      throws CertificateException

Attempt to construct and sign an X.509 certificate according to the information in this builder.

Returns:

the constructed certificate

Throws:

IllegalArgumentException - if one or more of the builder parameters are invalid or missing

CertificateException - if the certificate failed to be constructed