Package org.wildfly.security.x500.cert

Class X509CertificateBuilder

  • public final class X509CertificateBuilder
extends Object
    A builder for X.509 certificates.
    Author:
    David M. Lloyd

    • Constructor Detail

      • X509CertificateBuilder

        public X509CertificateBuilder()
        Construct a new uninitialized instance.

    • Method Detail

      • addExtension

        public X509CertificateBuilder addExtension​(X509CertificateExtension extension)
        Add a certificate extension. If an extension with the same OID already exists, an exception is thrown.
        Parameters:
        extension - the extension to add (must not be null)
        Returns:
        this builder instance

      • addOrReplaceExtension

        public X509CertificateExtension addOrReplaceExtension​(X509CertificateExtension extension)
        Add or replace a certificate extension. If an extension with the same OID already exists, it is replaced and returned.
        Parameters:
        extension - the extension to add (must not be null)
        Returns:
        the existing extension, or null if no other extension with the same OID was existent

      • removeExtension

        public X509CertificateExtension removeExtension​(String oid)
        Remove the extension with the given OID, if it is registered.
        Parameters:
        oid - the OID of the extension to remove
        Returns:
        the extension, or null if no extension with the same OID was existent

      • getVersion

        public int getVersion()
        Get the certificate version.
        Returns:
        the certificate version

      • setVersion

        public X509CertificateBuilder setVersion​(int version)
        Set the certificate version.
        Parameters:
        version - the certificate version (must be between 1 and 3, inclusive)
        Returns:
        this builder instance

      • getSerialNumber

        public BigInteger getSerialNumber()
        Get the serial number of the certificate being built.
        Returns:
        the serial number of the certificate being built (must not be null)

      • setSerialNumber

        public X509CertificateBuilder setSerialNumber​(BigInteger serialNumber)
        Set the serial number of the certificate being built. The serial number must be positive and no larger than 20 octets (or 2^160).
        Parameters:
        serialNumber - the serial number of the certificate being built
        Returns:
        this builder instance

      • getSubjectDn

        public X500Principal getSubjectDn()
        Get the subject DN.
        Returns:
        the subject DN

      • setSubjectDn

        public X509CertificateBuilder setSubjectDn​(X500Principal subjectDn)
        Set the subject DN.
        Parameters:
        subjectDn - the subject DN (must not be null)
        Returns:
        this builder instance

      • getSubjectUniqueId

        public byte[] getSubjectUniqueId()
        Get the subject unique ID.
        Returns:
        the subject unique ID

      • setSubjectUniqueId

        public X509CertificateBuilder setSubjectUniqueId​(byte[] subjectUniqueId)
        Set the subject unique ID.
        Parameters:
        subjectUniqueId - the subject unique ID (must not be null)
        Returns:
        this builder instance

      • getIssuerDn

        public X500Principal getIssuerDn()
        Get the issuer DN.
        Returns:
        the issuer DN

      • setIssuerDn

        public X509CertificateBuilder setIssuerDn​(X500Principal issuerDn)
        Set the issuer DN.
        Parameters:
        issuerDn - the issuer DN (must not be null)
        Returns:
        this builder instance

      • getIssuerUniqueId

        public byte[] getIssuerUniqueId()
        Get the issuer unique ID.
        Returns:
        the issuer unique ID

      • setIssuerUniqueId

        public X509CertificateBuilder setIssuerUniqueId​(byte[] issuerUniqueId)
        Set the issuer unique ID.
        Parameters:
        issuerUniqueId - the issuer unique ID (must not be null)
        Returns:
        this builder instance

      • getNotValidBefore

        public ZonedDateTime getNotValidBefore()
        Get the not-valid-before date. The default is the date when this builder was constructed.
        Returns:
        the not-valid-before date

      • setNotValidBefore

        public X509CertificateBuilder setNotValidBefore​(ZonedDateTime notValidBefore)
        Set the not-valid-before date.
        Parameters:
        notValidBefore - the not-valid-before date (must not be null)
        Returns:
        this builder instance

      • getNotValidAfter

        public ZonedDateTime getNotValidAfter()
        Get the not-valid-after date. The default is equal to 99991231235959Z as specified in RFC 5280.
        Returns:
        the not-valid-after date

      • setNotValidAfter

        public X509CertificateBuilder setNotValidAfter​(ZonedDateTime notValidAfter)
        Set the not-valid-after date.
        Parameters:
        notValidAfter - the not-valid-after date (must not be null)
        Returns:
        this builder instance

      • getPublicKey

        public PublicKey getPublicKey()
        Get the public key.
        Returns:
        the public key

      • setPublicKey

        public X509CertificateBuilder setPublicKey​(PublicKey publicKey)
        Set the public key.
        Parameters:
        publicKey - the public key (must not be null)
        Returns:
        this builder instance

      • getSigningKey

        public PrivateKey getSigningKey()
        Get the signing key.
        Returns:
        the signing key

      • setSigningKey

        public X509CertificateBuilder setSigningKey​(PrivateKey signingKey)
        Set the signing key.
        Parameters:
        signingKey - the signing key (must not be null)
        Returns:
        this builder instance

      • getSignatureAlgorithmName

        public String getSignatureAlgorithmName()
        Get the signature algorithm name.
        Returns:
        the signature algorithm name

      • setSignatureAlgorithmName

        public X509CertificateBuilder setSignatureAlgorithmName​(String signatureAlgorithmName)
        Set the signature algorithm name.
        Parameters:
        signatureAlgorithmName - the signature algorithm name (must not be null)
        Returns:
        this builder instance

      • getTBSBytes

        byte[] getTBSBytes()