Package org.bouncycastle.cert

Class X509v3CertificateBuilder

    • Constructor Summary

      Constructors 
      Constructor Description
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, java.util.Locale dateLocale, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, org.bouncycastle.asn1.x509.Time notBefore, org.bouncycastle.asn1.x509.Time notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      X509v3CertificateBuilder​(X509CertificateHolder template)
      Create a builder for a version 3 certificate, initialised with another certificate.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Add a given extension field for the standard extensions tag (tag 3)
      X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Add a given extension field for the standard extensions tag (tag 3).
      X509CertificateHolder build​(org.bouncycastle.operator.ContentSigner signer)
      Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
      X509CertificateHolder build​(org.bouncycastle.operator.ContentSigner signer, boolean isCritical, org.bouncycastle.operator.ContentSigner altSigner)
      Generate an X.509 certificate, based on the current issuer and subject using the passed in signer and containing altSignatureAlgorithm and altSignatureValue extensions based on the passed altSigner.
      X509v3CertificateBuilder copyAndAddExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder)
      Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
      org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return the current value of the extension for OID.
      boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return if the extension indicated by OID is present.
      X509v3CertificateBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Remove the extension indicated by OID.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v3CertificateBuilder setIssuerUniqueID​(boolean[] uniqueID)
      Set the issuerUniqueID - note: it is very rare that it is correct to do this.
      X509v3CertificateBuilder setSubjectUniqueID​(boolean[] uniqueID)
      Set the subjectUniqueID - note: it is very rare that it is correct to do this.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the date before which the certificate is not valid
        notAfter - the date after which the certificate is not valid
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                java.util.Locale dateLocale,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate. You may need to use this constructor if the default locale doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the date before which the certificate is not valid
        notAfter - the date after which the certificate is not valid
        dateLocale - locale to be used for date interpretation.
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                org.bouncycastle.asn1.x509.Time notBefore,
                                org.bouncycastle.asn1.x509.Time notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
        Create a builder for a version 3 certificate.
        Parameters:
        issuer - the certificate issuer
        serial - the certificate serial number
        notBefore - the Time before which the certificate is not valid
        notAfter - the Time after which the certificate is not valid
        subject - the certificate subject
        publicKeyInfo - the info structure for the public key to be associated with this certificate.

      • X509v3CertificateBuilder

        public X509v3CertificateBuilder​(X509CertificateHolder template)
        Create a builder for a version 3 certificate, initialised with another certificate.
        Parameters:
        template - template certificate to base the new one on.

    • Method Detail

      • hasExtension

        public boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return if the extension indicated by OID is present.
        Parameters:
        oid - the OID for the extension of interest.
        Returns:
        the Extension, or null if it is not present.

      • getExtension

        public org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return the current value of the extension for OID.
        Parameters:
        oid - the OID for the extension we want to fetch.
        Returns:
        true if a matching extension is present, false otherwise.

      • setSubjectUniqueID

        public X509v3CertificateBuilder setSubjectUniqueID​(boolean[] uniqueID)
        Set the subjectUniqueID - note: it is very rare that it is correct to do this.
        Parameters:
        uniqueID - a boolean array representing the bits making up the subjectUniqueID.
        Returns:
        this builder object.

      • setIssuerUniqueID

        public X509v3CertificateBuilder setIssuerUniqueID​(boolean[] uniqueID)
        Set the issuerUniqueID - note: it is very rare that it is correct to do this.
        Parameters:
        uniqueID - a boolean array representing the bits making up the issuerUniqueID.
        Returns:
        this builder object.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             org.bouncycastle.asn1.ASN1Encodable value)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3)
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been used.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3).
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been used.

      • addExtension

        public X509v3CertificateBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             byte[] encodedValue)
                                      throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the OID oid has already been allocated.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                 boolean isCritical,
                                                 org.bouncycastle.asn1.ASN1Encodable value)
                                          throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
                                          throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v3CertificateBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                 boolean isCritical,
                                                 byte[] encodedValue)
                                          throws CertIOException
        Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • removeExtension

        public X509v3CertificateBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Remove the extension indicated by OID.
        Parameters:
        oid - the OID of the extension to be removed.
        Returns:
        this builder object.
        Throws:
        java.lang.IllegalArgumentException - if the extension to be removed is not present.

      • copyAndAddExtension

        public X509v3CertificateBuilder copyAndAddExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                                    boolean isCritical,
                                                    X509CertificateHolder certHolder)
        Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the copied extension is to be marked as critical, false otherwise.
        certHolder - the holder for the certificate that the extension is to be copied from.
        Returns:
        this builder object.

      • build

        public X509CertificateHolder build​(org.bouncycastle.operator.ContentSigner signer)
        Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
        Parameters:
        signer - the content signer to be used to generate the signature validating the certificate.
        Returns:
        a holder containing the resulting signed certificate.

      • build

        public X509CertificateHolder build​(org.bouncycastle.operator.ContentSigner signer,
                                   boolean isCritical,
                                   org.bouncycastle.operator.ContentSigner altSigner)
        Generate an X.509 certificate, based on the current issuer and subject using the passed in signer and containing altSignatureAlgorithm and altSignatureValue extensions based on the passed altSigner.
        Parameters:
        signer - the content signer to be used to generate the signature validating the certificate.
        altSigner - the content signer used to create the altSignatureAlgorithm and altSignatureValue extension.
        Returns:
        a holder containing the resulting signed certificate.