eu.emi.security.authn.x509.helpers.proxy
Class X509v3CertificateBuilder

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder

public class X509v3CertificateBuilder
extends Object

Class to produce an X.509 Version 3 certificate. Based on the BC bcmail library and deprecated class of the BC. We don't use BC mail as adding an another big dependency only for the certificate creation doesn't make much sense.


Constructor Summary
X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
          Create a builder for a version 3 certificate.
 
Method Summary
 X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value)
          Add a given extension field for the standard extensions tag (tag 3)
 X509Certificate build(PrivateKey key, AlgorithmIdentifier sigAlg, String sigAlgName, String provider, SecureRandom random)
          Generate the certificate, signing it with the provided private key and using the specified algorithm.
static AlgorithmIdentifier extractAlgorithmId(X509Certificate cert)
          Extracts the full algorithm identifier from the given certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509v3CertificateBuilder

public X509v3CertificateBuilder(X500Name issuer,
                                BigInteger serial,
                                Date notBefore,
                                Date notAfter,
                                X500Name subject,
                                SubjectPublicKeyInfo publicKeyInfo)
Create a builder for a version 3 certificate.

Parameters:
issuer - the certificate issuer
serial - the certificate serial number
notBefore - the date before which the certificate is not valid
notAfter - the date after which the certificate is not valid
subject - the certificate subject
publicKeyInfo - the info structure for the public key to be associated with this certificate.
Method Detail

addExtension

public X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             ASN1Encodable value)
Add a given extension field for the standard extensions tag (tag 3)

Parameters:
oid - the OID defining the extension type.
isCritical - true if the extension is critical, false otherwise.
value - the ASN.1 structure that forms the extension's value.
Returns:
this builder object.

build

public X509Certificate build(PrivateKey key,
                             AlgorithmIdentifier sigAlg,
                             String sigAlgName,
                             String provider,
                             SecureRandom random)
                      throws InvalidKeyException,
                             CertificateParsingException,
                             NoSuchProviderException,
                             NoSuchAlgorithmException,
                             SignatureException,
                             IOException
Generate the certificate, signing it with the provided private key and using the specified algorithm.

Parameters:
key - to be used for signing
sigAlg - oid and paramters of the signature alg
sigAlgName - name of the signature alg
provider - can be null -> default will be used
random - can be null -> default will be used
Returns:
generated certificate
Throws:
InvalidKeyException
CertificateParsingException
NoSuchProviderException
NoSuchAlgorithmException
SignatureException
IOException

extractAlgorithmId

public static AlgorithmIdentifier extractAlgorithmId(X509Certificate cert)
                                              throws IOException
Extracts the full algorithm identifier from the given certificate.

Parameters:
cert - input certificate
Returns:
extracted algorithm id
Throws:
IOException - if parameters of the algorithm can not be parsed


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.