Package org.forgerock.opendj.security
Class X509CertificateBuilder
- java.lang.Object
-
- org.forgerock.opendj.security.X509CertificateBuilder
-
public final class X509CertificateBuilder extends Object
A class for building X509 certificates as described in RFC 5280.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classX509CertificateBuilder.ExtendedKeyUsageAn enumeration of extended key usages.static classX509CertificateBuilder.KeyUsageAn enumeration of key usages.
-
Constructor Summary
Constructors Constructor Description X509CertificateBuilder()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description X509Certificatebuild()Encodes and signs the certificate.X509CertificateBuilderextendedKeyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.ExtendedKeyUsage> extendedKeyUsages)Adds the extended key usage extension with the provided usages.X509CertificateBuilderisCa()Identifies the certificate as a CA certificate by adding the basic constraint extension.X509CertificateBuilderissuerDn(Dn issuerDn)Sets the certificate issuer name.X509CertificateBuilderkeyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.KeyUsage> keyUsages)Adds the key usage extension with the provided usages.X509CertificateBuilderpublicKey(PublicKey publicKey)Sets the certificate public key.X509CertificateBuilderserialNumber(BigInteger serialNumber)Sets the certificate serial number.X509CertificateBuildersignature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey)Sets the key and signature algorithm for signing the certificate.X509CertificateBuildersignature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey, SecureRandom random)Sets the key and signature algorithm for signing the certificate.X509CertificateBuildersubjectAlternativeName(boolean isCritical, Collection<String> dnsNames)Adds the subject alternative name extension with the provided DNS names.X509CertificateBuildersubjectDn(Dn subjectDn)Sets the certificate subject name.X509CertificateBuildervalidity(Instant notBefore, Instant notAfter)Sets the certificate validity period.
-
-
-
Method Detail
-
signature
public X509CertificateBuilder signature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey)
Sets the key and signature algorithm for signing the certificate.- Parameters:
signatureAlgorithm- The signature algorithm.algorithmOid- The signature algorithm OID.privateKey- The key for signing the certificate.- Returns:
- A reference to this builder.
-
signature
public X509CertificateBuilder signature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey, SecureRandom random)
Sets the key and signature algorithm for signing the certificate.- Parameters:
signatureAlgorithm- The signature algorithm.algorithmOid- The signature algorithm OID.privateKey- The key for signing the certificate.random- The source for random data when signing the certificate- Returns:
- A reference to this builder.
-
validity
public X509CertificateBuilder validity(Instant notBefore, Instant notAfter)
Sets the certificate validity period.- Parameters:
notBefore- The point in time before which the certificate will not be valid.notAfter- The point in time after which the certificate will not be valid.- Returns:
- A reference to this builder.
-
publicKey
public X509CertificateBuilder publicKey(PublicKey publicKey)
Sets the certificate public key.- Parameters:
publicKey- The public key.- Returns:
- A reference to this builder.
-
issuerDn
public X509CertificateBuilder issuerDn(Dn issuerDn)
Sets the certificate issuer name.- Parameters:
issuerDn- The issuer DN.- Returns:
- A reference to this builder.
-
subjectDn
public X509CertificateBuilder subjectDn(Dn subjectDn)
Sets the certificate subject name.- Parameters:
subjectDn- The subject DN.- Returns:
- A reference to this builder.
-
serialNumber
public X509CertificateBuilder serialNumber(BigInteger serialNumber)
Sets the certificate serial number.- Parameters:
serialNumber- The serial number.- Returns:
- A reference to this builder.
-
isCa
public X509CertificateBuilder isCa()
Identifies the certificate as a CA certificate by adding the basic constraint extension.- Returns:
- A reference to this builder.
-
subjectAlternativeName
public X509CertificateBuilder subjectAlternativeName(boolean isCritical, Collection<String> dnsNames) throws LocalizedIllegalArgumentException
Adds the subject alternative name extension with the provided DNS names.- Parameters:
isCritical- Indicates whether the extension should be marked as critical.dnsNames- The DNS names.- Returns:
- A reference to this builder.
- Throws:
LocalizedIllegalArgumentException- If at least one of the DNS name is syntactically incorrect.
-
keyUsage
public X509CertificateBuilder keyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.KeyUsage> keyUsages)
Adds the key usage extension with the provided usages.- Parameters:
isCritical- Indicates whether the extension should be marked as critical.keyUsages- The key usages.- Returns:
- A reference to this builder.
-
extendedKeyUsage
public X509CertificateBuilder extendedKeyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.ExtendedKeyUsage> extendedKeyUsages)
Adds the extended key usage extension with the provided usages.- Parameters:
isCritical- Indicates whether the extension should be marked as critical.extendedKeyUsages- The extended key usages.- Returns:
- A reference to this builder.
-
build
public X509Certificate build() throws InvalidKeyException, SignatureException
Encodes and signs the certificate.- Returns:
- The X509 certificate.
- Throws:
InvalidKeyException- If the private key used for the signature in invalid.SignatureException- If there is a problem when signing the certificate.
-
-