public class X509v3CertificateBuilder
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private org.bouncycastle.asn1.x509.ExtensionsGenerator |
extGenerator |
private org.bouncycastle.asn1.x509.V3TBSCertificateGenerator |
tbsGen |
Constructor and Description |
---|
X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer,
java.math.BigInteger serial,
java.util.Date notBefore,
java.util.Date notAfter,
org.bouncycastle.asn1.x500.X500Name subject,
org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
Create a builder for a version 3 certificate.
|
Modifier and Type | Method and Description |
---|---|
X509v3CertificateBuilder |
addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
boolean isCritical,
org.bouncycastle.asn1.ASN1Object value)
Add a given extension field for the standard extensions tag (tag 3)
|
java.security.cert.X509Certificate |
build(java.security.PrivateKey key,
org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
java.lang.String sigAlgName,
java.lang.String provider,
java.security.SecureRandom random)
Generate the certificate, signing it with the provided private key and
using the specified algorithm.
|
private byte[] |
calculateSignature(java.lang.String sigName,
java.lang.String provider,
java.security.PrivateKey key,
java.security.SecureRandom random,
org.bouncycastle.asn1.ASN1Object object) |
static org.bouncycastle.asn1.x509.AlgorithmIdentifier |
extractAlgorithmId(java.security.cert.X509Certificate cert)
Extracts the full algorithm identifier from the given certificate.
|
private java.security.cert.X509Certificate |
sign(org.bouncycastle.asn1.x509.TBSCertificate toSign,
org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
java.lang.String sigAlgName,
java.security.PrivateKey key,
java.lang.String provider,
java.security.SecureRandom random) |
private org.bouncycastle.asn1.x509.V3TBSCertificateGenerator tbsGen
private org.bouncycastle.asn1.x509.ExtensionsGenerator extGenerator
public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
issuer
- the certificate issuerserial
- the certificate serial numbernotBefore
- the date before which the certificate is not validnotAfter
- the date after which the certificate is not validsubject
- the certificate subjectpublicKeyInfo
- the info structure for the public key to be associated
with this certificate.public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value) throws java.io.IOException
oid
- the OID defining the extension type.isCritical
- true if the extension is critical, false otherwise.value
- the ASN.1 structure that forms the extension's value.java.io.IOException
- IO exceptionpublic java.security.cert.X509Certificate build(java.security.PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, java.lang.String sigAlgName, java.lang.String provider, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.cert.CertificateParsingException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.SignatureException, java.io.IOException
key
- to be used for signingsigAlg
- oid and paramters of the signature algsigAlgName
- name of the signature algprovider
- can be null -> default will be usedrandom
- can be null -> default will be usedjava.security.InvalidKeyException
- invalid key exceptionjava.security.cert.CertificateParsingException
- certificate parsing exceptionjava.security.NoSuchProviderException
- no such provider exceptionjava.security.NoSuchAlgorithmException
- no such algorithm exceptionjava.security.SignatureException
- signature exceptionjava.io.IOException
- IO exceptionprivate java.security.cert.X509Certificate sign(org.bouncycastle.asn1.x509.TBSCertificate toSign, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, java.lang.String sigAlgName, java.security.PrivateKey key, java.lang.String provider, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.SignatureException, java.io.IOException, java.security.cert.CertificateParsingException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
java.security.SignatureException
java.io.IOException
java.security.cert.CertificateParsingException
private byte[] calculateSignature(java.lang.String sigName, java.lang.String provider, java.security.PrivateKey key, java.security.SecureRandom random, org.bouncycastle.asn1.ASN1Object object) throws java.io.IOException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.SignatureException
java.io.IOException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.SignatureException
public static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId(java.security.cert.X509Certificate cert) throws java.io.IOException
cert
- input certificatejava.io.IOException
- if parameters of the algorithm can not be parsed