Package org.wildfly.security.x500.cert
Class X509CertificateBuilder
- java.lang.Object
-
- org.wildfly.security.x500.cert.X509CertificateBuilder
-
public final class X509CertificateBuilder extends Object
A builder for X.509 certificates.- Author:
- David M. Lloyd
-
-
Constructor Summary
Constructors Constructor Description X509CertificateBuilder()
Construct a new uninitialized instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description X509CertificateBuilder
addExtension(X509CertificateExtension extension)
Add a certificate extension.X509CertificateExtension
addOrReplaceExtension(X509CertificateExtension extension)
Add or replace a certificate extension.X509Certificate
build()
Attempt to construct and sign an X.509 certificate according to the information in this builder.X500Principal
getIssuerDn()
Get the issuer DN.byte[]
getIssuerUniqueId()
Get the issuer unique ID.ZonedDateTime
getNotValidAfter()
Get the not-valid-after date.ZonedDateTime
getNotValidBefore()
Get the not-valid-before date.PublicKey
getPublicKey()
Get the public key.BigInteger
getSerialNumber()
Get the serial number of the certificate being built.String
getSignatureAlgorithmName()
Get the signature algorithm name.PrivateKey
getSigningKey()
Get the signing key.X500Principal
getSubjectDn()
Get the subject DN.byte[]
getSubjectUniqueId()
Get the subject unique ID.int
getVersion()
Get the certificate version.X509CertificateExtension
removeExtension(String oid)
Remove the extension with the given OID, if it is registered.X509CertificateBuilder
setIssuerDn(X500Principal issuerDn)
Set the issuer DN.X509CertificateBuilder
setIssuerUniqueId(byte[] issuerUniqueId)
Set the issuer unique ID.X509CertificateBuilder
setNotValidAfter(ZonedDateTime notValidAfter)
Set the not-valid-after date.X509CertificateBuilder
setNotValidBefore(ZonedDateTime notValidBefore)
Set the not-valid-before date.X509CertificateBuilder
setPublicKey(PublicKey publicKey)
Set the public key.X509CertificateBuilder
setSerialNumber(BigInteger serialNumber)
Set the serial number of the certificate being built.X509CertificateBuilder
setSignatureAlgorithmName(String signatureAlgorithmName)
Set the signature algorithm name.X509CertificateBuilder
setSigningKey(PrivateKey signingKey)
Set the signing key.X509CertificateBuilder
setSubjectDn(X500Principal subjectDn)
Set the subject DN.X509CertificateBuilder
setSubjectUniqueId(byte[] subjectUniqueId)
Set the subject unique ID.X509CertificateBuilder
setVersion(int version)
Set the certificate version.
-
-
-
Method Detail
-
addExtension
public X509CertificateBuilder addExtension(X509CertificateExtension extension)
Add a certificate extension. If an extension with the same OID already exists, an exception is thrown.- Parameters:
extension
- the extension to add (must not benull
)- Returns:
- this builder instance
-
addOrReplaceExtension
public X509CertificateExtension addOrReplaceExtension(X509CertificateExtension extension)
Add or replace a certificate extension. If an extension with the same OID already exists, it is replaced and returned.- Parameters:
extension
- the extension to add (must not benull
)- Returns:
- the existing extension, or
null
if no other extension with the same OID was existent
-
removeExtension
public X509CertificateExtension removeExtension(String oid)
Remove the extension with the given OID, if it is registered.- Parameters:
oid
- the OID of the extension to remove- Returns:
- the extension, or
null
if no extension with the same OID was existent
-
getVersion
public int getVersion()
Get the certificate version.- Returns:
- the certificate version
-
setVersion
public X509CertificateBuilder setVersion(int version)
Set the certificate version.- Parameters:
version
- the certificate version (must be between 1 and 3, inclusive)- Returns:
- this builder instance
-
getSerialNumber
public BigInteger getSerialNumber()
Get the serial number of the certificate being built.- Returns:
- the serial number of the certificate being built (must not be
null
)
-
setSerialNumber
public X509CertificateBuilder setSerialNumber(BigInteger serialNumber)
Set the serial number of the certificate being built. The serial number must be positive and no larger than 20 octets (or 2^160).- Parameters:
serialNumber
- the serial number of the certificate being built- Returns:
- this builder instance
-
getSubjectDn
public X500Principal getSubjectDn()
Get the subject DN.- Returns:
- the subject DN
-
setSubjectDn
public X509CertificateBuilder setSubjectDn(X500Principal subjectDn)
Set the subject DN.- Parameters:
subjectDn
- the subject DN (must not benull
)- Returns:
- this builder instance
-
getSubjectUniqueId
public byte[] getSubjectUniqueId()
Get the subject unique ID.- Returns:
- the subject unique ID
-
setSubjectUniqueId
public X509CertificateBuilder setSubjectUniqueId(byte[] subjectUniqueId)
Set the subject unique ID.- Parameters:
subjectUniqueId
- the subject unique ID (must not benull
)- Returns:
- this builder instance
-
getIssuerDn
public X500Principal getIssuerDn()
Get the issuer DN.- Returns:
- the issuer DN
-
setIssuerDn
public X509CertificateBuilder setIssuerDn(X500Principal issuerDn)
Set the issuer DN.- Parameters:
issuerDn
- the issuer DN (must not benull
)- Returns:
- this builder instance
-
getIssuerUniqueId
public byte[] getIssuerUniqueId()
Get the issuer unique ID.- Returns:
- the issuer unique ID
-
setIssuerUniqueId
public X509CertificateBuilder setIssuerUniqueId(byte[] issuerUniqueId)
Set the issuer unique ID.- Parameters:
issuerUniqueId
- the issuer unique ID (must not benull
)- Returns:
- this builder instance
-
getNotValidBefore
public ZonedDateTime getNotValidBefore()
Get the not-valid-before date. The default is the date when this builder was constructed.- Returns:
- the not-valid-before date
-
setNotValidBefore
public X509CertificateBuilder setNotValidBefore(ZonedDateTime notValidBefore)
Set the not-valid-before date.- Parameters:
notValidBefore
- the not-valid-before date (must not benull
)- Returns:
- this builder instance
-
getNotValidAfter
public ZonedDateTime getNotValidAfter()
Get the not-valid-after date. The default is equal to99991231235959Z
as specified inRFC 5280
.- Returns:
- the not-valid-after date
-
setNotValidAfter
public X509CertificateBuilder setNotValidAfter(ZonedDateTime notValidAfter)
Set the not-valid-after date.- Parameters:
notValidAfter
- the not-valid-after date (must not benull
)- Returns:
- this builder instance
-
getPublicKey
public PublicKey getPublicKey()
Get the public key.- Returns:
- the public key
-
setPublicKey
public X509CertificateBuilder setPublicKey(PublicKey publicKey)
Set the public key.- Parameters:
publicKey
- the public key (must not benull
)- Returns:
- this builder instance
-
getSigningKey
public PrivateKey getSigningKey()
Get the signing key.- Returns:
- the signing key
-
setSigningKey
public X509CertificateBuilder setSigningKey(PrivateKey signingKey)
Set the signing key.- Parameters:
signingKey
- the signing key (must not benull
)- Returns:
- this builder instance
-
getSignatureAlgorithmName
public String getSignatureAlgorithmName()
Get the signature algorithm name.- Returns:
- the signature algorithm name
-
setSignatureAlgorithmName
public X509CertificateBuilder setSignatureAlgorithmName(String signatureAlgorithmName)
Set the signature algorithm name.- Parameters:
signatureAlgorithmName
- the signature algorithm name (must not benull
)- Returns:
- this builder instance
-
build
public X509Certificate build() throws CertificateException
Attempt to construct and sign an X.509 certificate according to the information in this builder.- Returns:
- the constructed certificate
- Throws:
IllegalArgumentException
- if one or more of the builder parameters are invalid or missingCertificateException
- if the certificate failed to be constructed
-
-