Package org.wildfly.security.x500.cert

Class SelfSignedX509CertificateAndSigningKey.Builder

java.lang.Object
org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey.Builder
Enclosing class:
SelfSignedX509CertificateAndSigningKey
public static class SelfSignedX509CertificateAndSigningKey.Builder extends Object
A Builder to configure and generate a SelfSignedX509CertificateAndSigningKey. This Builder generates a key pair and then wraps the resulting public key into a self-signed X.509 certificate.

  • Field Details

    • DEFAULT_KEY_ALGORITHM_NAME

      public static final String DEFAULT_KEY_ALGORITHM_NAME
      The default key algorithm name.
      See Also:

    • DEFAULT_EC_KEY_SIZE

      public static final int DEFAULT_EC_KEY_SIZE
      The default key size that will be used if the key algorithm name is EC.
      See Also:

    • DEFAULT_KEY_SIZE

      public static final int DEFAULT_KEY_SIZE
      The default key size that will be used if the key algorithm name is not EC.
      See Also:

  • Method Details

    • setKeyAlgorithmName

      public SelfSignedX509CertificateAndSigningKey.Builder setKeyAlgorithmName(String keyAlgorithmName)
      Set the key algorithm name to use when generating the key pair.
      Parameters:
      keyAlgorithmName - the key algorithm name to use when generating the key pair (must not be null)
      Returns:
      this builder instance

    • setKeySize

      public SelfSignedX509CertificateAndSigningKey.Builder setKeySize(int keySize)
      Set the key size to use when generating the key pair.
      Parameters:
      keySize - the key size to use when generating the key pair
      Returns:
      this builder instance

    • setSignatureAlgorithmName

      public SelfSignedX509CertificateAndSigningKey.Builder setSignatureAlgorithmName(String signatureAlgorithmName)
      Set the signature algorithm name to use when signing the self-signed certificate.
      Parameters:
      signatureAlgorithmName - the signature algorithm to use when signing the self-signed certificate (must not be null)
      Returns:
      this builder instance

    • setDn

      public SelfSignedX509CertificateAndSigningKey.Builder setDn(X500Principal dn)
      Set the DN.
      Parameters:
      dn - the DN to use as both the subject DN and the issuer DN (must not be null)
      Returns:
      this builder instance

    • addExtension

      public SelfSignedX509CertificateAndSigningKey.Builder addExtension(X509CertificateExtension extension) throws IllegalArgumentException
      Add an X.509 certificate extension. If an extension with the same OID already exists, an exception is thrown.
      Parameters:
      extension - the extension to add (must not be null)
      Returns:
      this builder instance
      Throws:
      IllegalArgumentException - if an extension with the same OID has already been added

    • addExtension

      public SelfSignedX509CertificateAndSigningKey.Builder addExtension(boolean critical, String extensionName, String extensionValue) throws IllegalArgumentException
      Add an X.509 certificate extension using the given extension name and string value. If an extension with the same name already exists, an exception is thrown. The following extension names and values are supported:
      • name: BasicConstraints
        value: ca:{true|false}[,pathlen:<len>] where ca indicates whether or not the subject is a CA. If ca is true, pathlen indicates the path length constraint.

      • name: KeyUsage
        value: usage(,usage)* where value is a list of the allowed key usages, where each usage value must be one of the following (usage values are case-sensitive):
        • digitalSignature
        • nonRepudiation
        • keyEncipherment
        • dataEncipherment
        • keyAgreement
        • keyCertSign
        • cRLSign
        • encipherOnly
        • decipherOnly
      • name: ExtendedKeyUsage
        value: usage(,usage)* where value is a list of the allowed key purposes, where each usage value must be one of the following (usage values are case-sensitive):
        • serverAuth
        • clientAuth
        • codeSigning
        • emailProtection
        • timeStamping
        • OCSPSigning
        • any OID string
      • name SubjectAlternativeName
        value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

      • name: IssuerAlternativeName
        value: type:val(,type:val)* where value is a list of type:val pairs, where type can be EMAIL, URI, DNS, IP, or OID and val is a string value for the type.

      • name: AuthorityInformationAccess
        value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be ocsp, caIssuers, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.

      • name: SubjectInformationAccess
        value: method:location-type:location-value(,method:location-type:location-value)* where value is a list of method:location-type:location-value triples, where method can be timeStamping, caRepository, or any OID and location-type:location-value can be any type:val pair as defined for the SubjectAlternativeName extension.
      Parameters:
      critical - whether the extension should be marked as critical
      extensionName - the extension name (must not be null)
      extensionValue - the extension value, as a string (must not be null)
      Returns:
      this builder instance
      Throws:
      IllegalArgumentException - if an extension with the same name has already been added or if an error occurs while attempting to add the extension

    • addOrReplaceExtension

      public X509CertificateExtension addOrReplaceExtension(X509CertificateExtension extension)
      Add or replace an X.509 certificate extension. If an extension with the same OID already exists, it is replaced and returned.
      Parameters:
      extension - the extension to add (must not be null)
      Returns:
      the existing extension or null if no other extension with the same OID existed

    • addOrReplaceExtension

      public X509CertificateExtension addOrReplaceExtension(boolean critical, String extensionName, String extensionValue)
      Add or replace an X.509 certificate extension. If an extension with the same name already exists, it is replaced and returned. See addExtension(boolean, String, String) for the supported extension names and values.
      Parameters:
      critical - whether the extension should be marked as critical
      extensionName - the extension name (must not be null)
      extensionValue - the extension value, as a string (must not be null)
      Returns:
      the existing extension or null if no other extension with the same OID existed or if an error occurs while attempting to add the extension

    • removeExtension

      public X509CertificateExtension removeExtension(String oid)
      Remove the X.509 extension with the given OID, if it is registered.
      Parameters:
      oid - the OID of the extension to remove (must not be null)
      Returns:
      the extension or null if no extension with the same OID existed

    • setNotValidBefore

      public SelfSignedX509CertificateAndSigningKey.Builder setNotValidBefore(ZonedDateTime notValidBefore)
      Set the not-valid-before date.
      Parameters:
      notValidBefore - the not-valid-before date (must not be null)
      Returns:
      this builder instance

    • setNotValidAfter

      public SelfSignedX509CertificateAndSigningKey.Builder setNotValidAfter(ZonedDateTime notValidAfter)
      Set the not-valid-after date.
      Parameters:
      notValidAfter - the not-valid-after date (must not be null)
      Returns:
      this builder instance

    • build

      public SelfSignedX509CertificateAndSigningKey build() throws IllegalArgumentException
      Attempt to generate a key pair and wrap the resulting public key into a self-signed X.509 certificate.
      Returns:
      the self-signed X.509 certificate and signing key
      Throws:
      IllegalArgumentException - if a required builder parameter is missing or invalid or if an error occurs while attempting to generate the self-signed X.509 certificate