Class PKCS10CertificateSigningRequest.Builder

  • Enclosing class:
    PKCS10CertificateSigningRequest

    public static class PKCS10CertificateSigningRequest.Builder
    extends Object
    A Builder to configure and generate a PKCS10CertificateSigningRequest.
    • Method Detail

      • setSignatureAlgorithmName

        public PKCS10CertificateSigningRequest.Builder setSignatureAlgorithmName​(String signatureAlgorithmName)
        Set the signature algorithm name.
        Parameters:
        signatureAlgorithmName - the signature algorithm name (must not be null)
        Returns:
        this builder instance
      • addExtension

        public PKCS10CertificateSigningRequest.Builder addExtension​(boolean critical,
                                                                    String extensionName,
                                                                    String extensionValue)
                                                             throws IllegalArgumentException
        Add an X.509 certificate extension that should be included in the certificate signing request using the given extension name and string value. If an extension with the same name already exists, an exception is thrown. The following extension names and values are supported:
        • name: BasicConstraints
          value: ca:{true|false}[,pathlen:<len>] where ca indicates whether or not the subject is a CA. If ca is true, pathlen indicates the path length constraint.

        • name: KeyUsage
          value: usage(,usage)* where value is a list of the allowed key usages, where each usage value must be one of the following (usage values are case-sensitive):
          • digitalSignature
          • nonRepudiation
          • keyEncipherment
          • dataEncipherment
          • keyAgreement
          • keyCertSign
          • cRLSign
          • encipherOnly
          • decipherOnly
        • name: ExtendedKeyUsage
          value: usage(,usage)* where value is a list of the allowed key purposes, where each usage value must be one of the following (usage values are case-sensitive):
          • serverAuth
          • clientAuth
          • codeSigning
          • emailProtection
          • timeStamping
          • OCSPSigning
          • any OID string
        • name SubjectAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: IssuerAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: AuthorityInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be ocsp, caIssuers, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.

        • name: SubjectInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be timeStamping, caRepository, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.
        Parameters:
        critical - whether the extension should be marked as critical
        extensionName - the extension name (must not be null)
        extensionValue - the extension value, as a string (must not be null)
        Returns:
        this builder instance
        Throws:
        IllegalArgumentException - if an extension with the same name has already been added or if an error occurs while attempting to add the extension