eu.emi.security.authn.x509.helpers.proxy

Class X509v3CertificateBuilder

java.lang.Object

eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder

public class X509v3CertificateBuilder
extends Object

Class to produce an X.509 Version 3 certificate. Based on the BC bcmail library and deprecated class of the BC. We don't use BC mail as adding an another big dependency only for the certificate creation doesn't make much sense.

Constructor Summary

Constructors

Constructor and Description
X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) Create a builder for a version 3 certificate.

Method Summary

Modifier and Type	Method and Description
X509v3CertificateBuilder	addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value) Add a given extension field for the standard extensions tag (tag 3)
X509Certificate	build(PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, String sigAlgName, String provider, SecureRandom random) Generate the certificate, signing it with the provided private key and using the specified algorithm.
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	extractAlgorithmId(X509Certificate cert) Extracts the full algorithm identifier from the given certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509v3CertificateBuilder

public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer,
                                BigInteger serial,
                                Date notBefore,
                                Date notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)

Create a builder for a version 3 certificate.

Parameters:

issuer - the certificate issuer

serial - the certificate serial number

notBefore - the date before which the certificate is not valid

notAfter - the date after which the certificate is not valid

subject - the certificate subject

publicKeyInfo - the info structure for the public key to be associated with this certificate.

Method Detail

addExtension

public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             org.bouncycastle.asn1.ASN1Object value)
                                      throws IOException

Add a given extension field for the standard extensions tag (tag 3)

Parameters:

oid - the OID defining the extension type.

isCritical - true if the extension is critical, false otherwise.

value - the ASN.1 structure that forms the extension's value.

Returns:

this builder object.

Throws:

IOException - IO exception

build

public X509Certificate build(PrivateKey key,
                             org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
                             String sigAlgName,
                             String provider,
                             SecureRandom random)
                      throws InvalidKeyException,
                             CertificateParsingException,
                             NoSuchProviderException,
                             NoSuchAlgorithmException,
                             SignatureException,
                             IOException

Generate the certificate, signing it with the provided private key and using the specified algorithm.

Parameters:

key - to be used for signing

sigAlg - oid and paramters of the signature alg

sigAlgName - name of the signature alg

provider - can be null -> default will be used

random - can be null -> default will be used

Returns:

generated certificate

Throws:

InvalidKeyException - invalid key exception

CertificateParsingException - certificate parsing exception

NoSuchProviderException - no such provider exception

NoSuchAlgorithmException - no such algorithm exception

SignatureException - signature exception

IOException - IO exception

extractAlgorithmId

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId(X509Certificate cert)
                                                                         throws IOException

Extracts the full algorithm identifier from the given certificate.

Parameters:

cert - input certificate

Returns:

extracted algorithm id

Throws:

IOException - if parameters of the algorithm can not be parsed