Package org.forgerock.opendj.security

Class X509CertificateBuilder

java.lang.Object
org.forgerock.opendj.security.X509CertificateBuilder
public final class X509CertificateBuilder extends Object
A class for building X509 certificates as described in RFC 5280.

  • Constructor Details

    • X509CertificateBuilder

      public X509CertificateBuilder()

  • Method Details

    • signature

      public X509CertificateBuilder signature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey)
      Sets the key and signature algorithm for signing the certificate.
      Parameters:
      signatureAlgorithm - The signature algorithm.
      algorithmOid - The signature algorithm OID.
      privateKey - The key for signing the certificate.
      Returns:
      A reference to this builder.

    • signature

      public X509CertificateBuilder signature(Signature signatureAlgorithm, String algorithmOid, PrivateKey privateKey, SecureRandom random)
      Sets the key and signature algorithm for signing the certificate.
      Parameters:
      signatureAlgorithm - The signature algorithm.
      algorithmOid - The signature algorithm OID.
      privateKey - The key for signing the certificate.
      random - The source for random data when signing the certificate
      Returns:
      A reference to this builder.

    • validity

      public X509CertificateBuilder validity(Instant notBefore, Instant notAfter)
      Sets the certificate validity period.
      Parameters:
      notBefore - The point in time before which the certificate will not be valid.
      notAfter - The point in time after which the certificate will not be valid.
      Returns:
      A reference to this builder.

    • publicKey

      public X509CertificateBuilder publicKey(PublicKey publicKey)
      Sets the certificate public key.
      Parameters:
      publicKey - The public key.
      Returns:
      A reference to this builder.

    • issuerDn

      public X509CertificateBuilder issuerDn(Dn issuerDn)
      Sets the certificate issuer name.
      Parameters:
      issuerDn - The issuer DN.
      Returns:
      A reference to this builder.

    • subjectDn

      public X509CertificateBuilder subjectDn(Dn subjectDn)
      Sets the certificate subject name.
      Parameters:
      subjectDn - The subject DN.
      Returns:
      A reference to this builder.

    • serialNumber

      public X509CertificateBuilder serialNumber(BigInteger serialNumber)
      Sets the certificate serial number.
      Parameters:
      serialNumber - The serial number.
      Returns:
      A reference to this builder.

    • isCa

      public X509CertificateBuilder isCa()
      Identifies the certificate as a CA certificate by adding the basic constraint extension.
      Returns:
      A reference to this builder.

    • subjectAlternativeName

      public X509CertificateBuilder subjectAlternativeName(boolean isCritical, Collection<String> dnsNames) throws LocalizedIllegalArgumentException
      Adds the subject alternative name extension with the provided DNS names.
      Parameters:
      isCritical - Indicates whether the extension should be marked as critical.
      dnsNames - The DNS names.
      Returns:
      A reference to this builder.
      Throws:
      LocalizedIllegalArgumentException - If at least one of the DNS name is syntactically incorrect.

    • keyUsage

      public X509CertificateBuilder keyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.KeyUsage> keyUsages)
      Adds the key usage extension with the provided usages.
      Parameters:
      isCritical - Indicates whether the extension should be marked as critical.
      keyUsages - The key usages.
      Returns:
      A reference to this builder.

    • extendedKeyUsage

      public X509CertificateBuilder extendedKeyUsage(boolean isCritical, EnumSet<X509CertificateBuilder.ExtendedKeyUsage> extendedKeyUsages)
      Adds the extended key usage extension with the provided usages.
      Parameters:
      isCritical - Indicates whether the extension should be marked as critical.
      extendedKeyUsages - The extended key usages.
      Returns:
      A reference to this builder.

    • build

      public X509Certificate build() throws InvalidKeyException, SignatureException
      Encodes and signs the certificate.
      Returns:
      The X509 certificate.
      Throws:
      InvalidKeyException - If the private key used for the signature in invalid.
      SignatureException - If there is a problem when signing the certificate.