Class X509v3CertificateBuilder

java.lang.Object
org.bouncycastle.cert.X509v3CertificateBuilder
Direct Known Subclasses:
BcX509v3CertificateBuilder, JcaX509v3CertificateBuilder

public class X509v3CertificateBuilder extends Object
class to produce an X.509 Version 3 certificate.
  • Constructor Summary

    Constructors
    Constructor
    Description
    X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, Locale dateLocale, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
    Create a builder for a version 3 certificate.
    X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
    Create a builder for a version 3 certificate.
    X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, org.bouncycastle.asn1.x509.Time notBefore, org.bouncycastle.asn1.x509.Time notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
    Create a builder for a version 3 certificate.
    Create a builder for a version 3 certificate, initialised with another certificate.
  • Method Summary

    Modifier and Type
    Method
    Description
    addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
    Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
    addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
    Add a given extension field for the standard extensions tag (tag 3)
    addExtension(org.bouncycastle.asn1.x509.Extension extension)
    Add a given extension field for the standard extensions tag (tag 3).
    Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
    copyAndAddExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder)
    Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
    org.bouncycastle.asn1.x509.Extension
    getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Return the current value of the extension for OID.
    boolean
    hasExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Return if the extension indicated by OID is present.
    removeExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Remove the extension indicated by OID.
    replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
    Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
    replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
    Replace the extension field for the passed in extension's extension ID with a new version.
    replaceExtension(org.bouncycastle.asn1.x509.Extension extension)
    Replace the extension field for the passed in extension's extension ID with a new version.
    setIssuerUniqueID(boolean[] uniqueID)
    Set the issuerUniqueID - note: it is very rare that it is correct to do this.
    setSubjectUniqueID(boolean[] uniqueID)
    Set the subjectUniqueID - note: it is very rare that it is correct to do this.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • X509v3CertificateBuilder

      public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      Parameters:
      issuer - the certificate issuer
      serial - the certificate serial number
      notBefore - the date before which the certificate is not valid
      notAfter - the date after which the certificate is not valid
      subject - the certificate subject
      publicKeyInfo - the info structure for the public key to be associated with this certificate.
    • X509v3CertificateBuilder

      public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, Locale dateLocale, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate. You may need to use this constructor if the default locale doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
      Parameters:
      issuer - the certificate issuer
      serial - the certificate serial number
      notBefore - the date before which the certificate is not valid
      notAfter - the date after which the certificate is not valid
      dateLocale - locale to be used for date interpretation.
      subject - the certificate subject
      publicKeyInfo - the info structure for the public key to be associated with this certificate.
    • X509v3CertificateBuilder

      public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, BigInteger serial, org.bouncycastle.asn1.x509.Time notBefore, org.bouncycastle.asn1.x509.Time notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Create a builder for a version 3 certificate.
      Parameters:
      issuer - the certificate issuer
      serial - the certificate serial number
      notBefore - the Time before which the certificate is not valid
      notAfter - the Time after which the certificate is not valid
      subject - the certificate subject
      publicKeyInfo - the info structure for the public key to be associated with this certificate.
    • X509v3CertificateBuilder

      public X509v3CertificateBuilder(X509CertificateHolder template)
      Create a builder for a version 3 certificate, initialised with another certificate.
      Parameters:
      template - template certificate to base the new one on.
  • Method Details

    • hasExtension

      public boolean hasExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return if the extension indicated by OID is present.
      Parameters:
      oid - the OID for the extension of interest.
      Returns:
      the Extension, or null if it is not present.
    • getExtension

      public org.bouncycastle.asn1.x509.Extension getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return the current value of the extension for OID.
      Parameters:
      oid - the OID for the extension we want to fetch.
      Returns:
      true if a matching extension is present, false otherwise.
    • setSubjectUniqueID

      public X509v3CertificateBuilder setSubjectUniqueID(boolean[] uniqueID)
      Set the subjectUniqueID - note: it is very rare that it is correct to do this.
      Parameters:
      uniqueID - a boolean array representing the bits making up the subjectUniqueID.
      Returns:
      this builder object.
    • setIssuerUniqueID

      public X509v3CertificateBuilder setIssuerUniqueID(boolean[] uniqueID)
      Set the issuerUniqueID - note: it is very rare that it is correct to do this.
      Parameters:
      uniqueID - a boolean array representing the bits making up the issuerUniqueID.
      Returns:
      this builder object.
    • addExtension

      public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3)
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      value - the ASN.1 structure that forms the extension's value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the OID oid has already been used.
    • addExtension

      public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.x509.Extension extension) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3).
      Parameters:
      extension - the full extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the OID oid has already been used.
    • addExtension

      public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      encodedValue - a byte array representing the encoding of the extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the OID oid has already been allocated.
    • replaceExtension

      public X509v3CertificateBuilder replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value) throws CertIOException
      Replace the extension field for the passed in extension's extension ID with a new version.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      value - the ASN.1 structure that forms the extension's value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.
    • replaceExtension

      public X509v3CertificateBuilder replaceExtension(org.bouncycastle.asn1.x509.Extension extension) throws CertIOException
      Replace the extension field for the passed in extension's extension ID with a new version.
      Parameters:
      extension - the full extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.
    • replaceExtension

      public X509v3CertificateBuilder replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue) throws CertIOException
      Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      encodedValue - a byte array representing the encoding of the extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.
    • removeExtension

      public X509v3CertificateBuilder removeExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Remove the extension indicated by OID.
      Parameters:
      oid - the OID of the extension to be removed.
      Returns:
      this builder object.
      Throws:
      IllegalArgumentException - if the extension to be removed is not present.
    • copyAndAddExtension

      public X509v3CertificateBuilder copyAndAddExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder)
      Add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the copied extension is to be marked as critical, false otherwise.
      certHolder - the holder for the certificate that the extension is to be copied from.
      Returns:
      this builder object.
    • build

      public X509CertificateHolder build(ContentSigner signer)
      Generate an X.509 certificate, based on the current issuer and subject using the passed in signer.
      Parameters:
      signer - the content signer to be used to generate the signature validating the certificate.
      Returns:
      a holder containing the resulting signed certificate.