Package org.wildfly.security.x500.cert

Class PKCS10CertificateSigningRequest.Builder

java.lang.Object
org.wildfly.security.x500.cert.PKCS10CertificateSigningRequest.Builder
Enclosing class:
PKCS10CertificateSigningRequest
public static class PKCS10CertificateSigningRequest.Builder extends Object
A Builder to configure and generate a PKCS10CertificateSigningRequest.

  • Method Details

    • setCertificate

      public PKCS10CertificateSigningRequest.Builder setCertificate(Certificate certificate)
      Set the certificate.
      Parameters:
      certificate - the certificate (must not be null)
      Returns:
      this builder instance

    • setSigningKey

      public PKCS10CertificateSigningRequest.Builder setSigningKey(PrivateKey signingKey)
      Set the signing key.
      Parameters:
      signingKey - the signing key (must not be null)
      Returns:
      this builder instance

    • setSubjectDn

      public PKCS10CertificateSigningRequest.Builder setSubjectDn(X500Principal subjectDn)
      Set the subject DN.
      Parameters:
      subjectDn - the subject DN (must not be null)
      Returns:
      this builder instance

    • setSignatureAlgorithmName

      public PKCS10CertificateSigningRequest.Builder setSignatureAlgorithmName(String signatureAlgorithmName)
      Set the signature algorithm name.
      Parameters:
      signatureAlgorithmName - the signature algorithm name (must not be null)
      Returns:
      this builder instance

    • addExtension

      public PKCS10CertificateSigningRequest.Builder addExtension(X509CertificateExtension extension) throws IllegalArgumentException
      Add an X.509 certificate extension that should be included in the certificate signing request. If an extension with the same OID already exists, an exception is thrown.
      Parameters:
      extension - the extension to add (must not be null)
      Returns:
      this builder instance
      Throws:
      IllegalArgumentException - if an extension with the same OID has already been added

    • addExtension

      public PKCS10CertificateSigningRequest.Builder addExtension(boolean critical, String extensionName, String extensionValue) throws IllegalArgumentException
      Add an X.509 certificate extension that should be included in the certificate signing request using the given extension name and string value. If an extension with the same name already exists, an exception is thrown. The following extension names and values are supported:
      • name: BasicConstraints
        value: ca:{true|false}[,pathlen:<len>] where ca indicates whether or not the subject is a CA. If ca is true, pathlen indicates the path length constraint.

      • name: KeyUsage
        value: usage(,usage)* where value is a list of the allowed key usages, where each usage value must be one of the following (usage values are case-sensitive):
        • digitalSignature
        • nonRepudiation
        • keyEncipherment
        • dataEncipherment
        • keyAgreement
        • keyCertSign
        • cRLSign
        • encipherOnly
        • decipherOnly
      • name: ExtendedKeyUsage
        value: usage(,usage)* where value is a list of the allowed key purposes, where each usage value must be one of the following (usage values are case-sensitive):
        • serverAuth
        • clientAuth
        • codeSigning
        • emailProtection
        • timeStamping
        • OCSPSigning
        • any OID string
      • name SubjectAlternativeName
        value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

      • name: IssuerAlternativeName
        value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

      • name: AuthorityInformationAccess
        value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be ocsp, caIssuers, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.

      • name: SubjectInformationAccess
        value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be timeStamping, caRepository, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.
      Parameters:
      critical - whether the extension should be marked as critical
      extensionName - the extension name (must not be null)
      extensionValue - the extension value, as a string (must not be null)
      Returns:
      this builder instance
      Throws:
      IllegalArgumentException - if an extension with the same name has already been added or if an error occurs while attempting to add the extension

    • build

      public PKCS10CertificateSigningRequest build() throws IllegalArgumentException
      Attempt to generate a PKCS #10 certificate signing request.
      Returns:
      the PKCS #10 certificate signing request
      Throws:
      IllegalArgumentException - if a required builder parameter is missing or invalid