Package org.wildfly.security.x500.cert

Class PKCS10CertificateSigningRequest.Builder

  • Enclosing class:
    PKCS10CertificateSigningRequest
    public static class PKCS10CertificateSigningRequest.Builder
extends Object
    A Builder to configure and generate a PKCS10CertificateSigningRequest.

    • Constructor Detail

      • Builder

        Builder()
        Construct a new uninitialized instance.

    • Method Detail

      • setSignatureAlgorithmName

        public PKCS10CertificateSigningRequest.Builder setSignatureAlgorithmName​(String signatureAlgorithmName)
        Set the signature algorithm name.
        Parameters:
        signatureAlgorithmName - the signature algorithm name (must not be null)
        Returns:
        this builder instance

      • addExtension

        public PKCS10CertificateSigningRequest.Builder addExtension​(boolean critical,
                                                            String extensionName,
                                                            String extensionValue)
                                                     throws IllegalArgumentException
        Add an X.509 certificate extension that should be included in the certificate signing request using the given extension name and string value. If an extension with the same name already exists, an exception is thrown. The following extension names and values are supported:
        • name: BasicConstraints
          value: ca:{true|false}[,pathlen:<len>] where ca indicates whether or not the subject is a CA. If ca is true, pathlen indicates the path length constraint.

        • name: KeyUsage
          value: usage(,usage)* where value is a list of the allowed key usages, where each usage value must be one of the following (usage values are case-sensitive):
          • digitalSignature
          • nonRepudiation
          • keyEncipherment
          • dataEncipherment
          • keyAgreement
          • keyCertSign
          • cRLSign
          • encipherOnly
          • decipherOnly
        • name: ExtendedKeyUsage
          value: usage(,usage)* where value is a list of the allowed key purposes, where each usage value must be one of the following (usage values are case-sensitive):
          • serverAuth
          • clientAuth
          • codeSigning
          • emailProtection
          • timeStamping
          • OCSPSigning
          • any OID string
        • name SubjectAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: IssuerAlternativeName
          value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

        • name: AuthorityInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be ocsp, caIssuers, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.

        • name: SubjectInformationAccess
          value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be timeStamping, caRepository, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.
        Parameters:
        critical - whether the extension should be marked as critical
        extensionName - the extension name (must not be null)
        extensionValue - the extension value, as a string (must not be null)
        Returns:
        this builder instance
        Throws:
        IllegalArgumentException - if an extension with the same name has already been added or if an error occurs while attempting to add the extension

      • encodeCertificationRequest

        private void encodeCertificationRequest​(DEREncoder encoder)
        Encode a CertificationRequest using the given DER encoder. The ASN.1 definition of CertificationRequest is: 
              CertificationRequest ::= SEQUENCE {
          certificationRequestInfo    CertificationRequestInfo,
          signatureAlgorithm          AlgorithmIdentifier{{ SignatureAlgorithms }},
          signature                   BIT STRING
      }
        Parameters:
        encoder - the DER encoder

      • encodeCertificationRequestInfo

        private void encodeCertificationRequestInfo​(DEREncoder encoder)
        Encode a CertificationRequestInfo using the given DER encoder. The ASN.1 definition of CertificationRequestInfo is: 
              CertificationRequestInfo ::= SEQUENCE {
          version         INTEGER { v1(0) } (v1,...),
          subject         Name,
          subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
          attributes      [0] Attributes{{ CRIAttributes }}
      }
        Parameters:
        encoder - the DER encoder

      • encodeAlgorithmIdentifier

        private void encodeAlgorithmIdentifier​(DEREncoder encoder)
        Encode an AlgorithmIdentifier using the given DER encoder. The ASN.1 definition of AlgorithmIdentifier is: 
              AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {
          algorithm       ALGORITHM.&id({IOSet}),
          parameters      ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
      }
        Parameters:
        encoder - the DER encoder

      • encodeAttributes

        private void encodeAttributes​(DEREncoder encoder)
        Encode Attributes using the given DER encoder. The ASN.1 definition of Attributes is: 
              Attributes ::= SET OF Attribute

      Attribute :: SEQUENCE {
          type    AttributeType,
          values  SET OF AttributeValue
      }

      AttributeType  ::= OBJECT IDENTIFIER
      AttributeValue ::= ANY defined by type
        Parameters:
        encoder - the DER encoder

      • encodeExtensionRequest

        private void encodeExtensionRequest​(DEREncoder encoder)
        Encode an ExtensionRequest using the given DER encoder. The ASN.1 definition of ExtensionRequest is: 
             ExtensionRequest ::= Extensions
     Extensions ::= SEQUENCE OF Extension
        Parameters:
        encoder - the DER encoder

      • encodeExtension

        private static void encodeExtension​(DEREncoder encoder,
                                    X509CertificateExtension extension)
        Encode an Extension using the given DER encoder. The ASN.1 definition of Extension is: 
              Extension ::= SEQUENCE {
          extensionId     OBJECT IDENTIFIER,
          critical        BOOLEAN DEFAULT FALSE,
          extensionValue  OCTET STRING
      }
        Parameters:
        encoder - the DER encoder
        extension - the X.509 certificate extension