public static class PKCS10CertificateSigningRequest.Builder extends Object
Builder
to configure and generate a PKCS10CertificateSigningRequest
.Modifier and Type | Method and Description |
---|---|
PKCS10CertificateSigningRequest.Builder |
addExtension(boolean critical,
String extensionName,
String extensionValue)
Add an X.509 certificate extension that should be included in the certificate signing request using
the given extension name and string value.
|
PKCS10CertificateSigningRequest.Builder |
addExtension(X509CertificateExtension extension)
Add an X.509 certificate extension that should be included in the certificate signing request.
|
PKCS10CertificateSigningRequest |
build()
Attempt to generate a PKCS #10 certificate signing request.
|
PKCS10CertificateSigningRequest.Builder |
setCertificate(Certificate certificate)
Set the certificate.
|
PKCS10CertificateSigningRequest.Builder |
setSignatureAlgorithmName(String signatureAlgorithmName)
Set the signature algorithm name.
|
PKCS10CertificateSigningRequest.Builder |
setSigningKey(PrivateKey signingKey)
Set the signing key.
|
PKCS10CertificateSigningRequest.Builder |
setSubjectDn(X500Principal subjectDn)
Set the subject DN.
|
public PKCS10CertificateSigningRequest.Builder setCertificate(Certificate certificate)
certificate
- the certificate (must not be null
)public PKCS10CertificateSigningRequest.Builder setSigningKey(PrivateKey signingKey)
signingKey
- the signing key (must not be null
)public PKCS10CertificateSigningRequest.Builder setSubjectDn(X500Principal subjectDn)
subjectDn
- the subject DN (must not be null
)public PKCS10CertificateSigningRequest.Builder setSignatureAlgorithmName(String signatureAlgorithmName)
signatureAlgorithmName
- the signature algorithm name (must not be null
)public PKCS10CertificateSigningRequest.Builder addExtension(X509CertificateExtension extension) throws IllegalArgumentException
extension
- the extension to add (must not be null
)IllegalArgumentException
- if an extension with the same OID has already been addedpublic PKCS10CertificateSigningRequest.Builder addExtension(boolean critical, String extensionName, String extensionValue) throws IllegalArgumentException
name: BasicConstraints
value: ca:{true|false}[,pathlen:<len>]
where ca
indicates whether or not the subject
is a CA. If ca
is true, pathlen
indicates the path length constraint.
name: KeyUsage
value: usage(,usage)*
where value
is a list of the allowed key usages, where each
usage
value must be one of the following (usage
values are case-sensitive):
digitalSignature
nonRepudiation
keyEncipherment
dataEncipherment
keyAgreement
keyCertSign
cRLSign
encipherOnly
decipherOnly
name: ExtendedKeyUsage
value: usage(,usage)*
where value
is a list of the allowed key purposes, where each
usage
value must be one of the following (usage
values are case-sensitive):
serverAuth
clientAuth
codeSigning
emailProtection
timeStamping
OCSPSigning
name SubjectAlternativeName
value: type:val(,type:val)*
where value
is a list of type:val
pairs, where
type
can be EMAIL
, URI
, DNS
, IP
, or OID
and val
is a string value for the type
.
name: IssuerAlternativeName
value: type:val(,type:val)*
where value
is a list of type:val
pairs, where
type
can be EMAIL
, URI
, DNS
, IP
, or OID
and val
is a string value for the type
.
name: AuthorityInformationAccess
value: method:location-type:location-value(,method:location-type:location-value)*
where
value
is a list of method:location-type:location-value
triples, where method
can be
ocsp
, caIssuers
, or any OID and location-type:location-value
can be any
type:val
pair as defined for the SubjectAlternativeName
extension.
name: SubjectInformationAccess
value: method:location-type:location-value(,method:location-type:location-value)*
where
value
is a list of method:location-type:location-value
triples, where method
can be
timeStamping
, caRepository
, or any OID and location-type:location-value
can be
any type:val
pair as defined for the SubjectAlternativeName
extension.
critical
- whether the extension should be marked as criticalextensionName
- the extension name (must not be null
)extensionValue
- the extension value, as a string (must not be null
)IllegalArgumentException
- if an extension with the same name has already been added or if an
error occurs while attempting to add the extensionpublic PKCS10CertificateSigningRequest build() throws IllegalArgumentException
IllegalArgumentException
- if a required builder parameter is missing or invalidCopyright © 2019 JBoss by Red Hat. All rights reserved.