X509v3CertificateBuilder (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder

```
public class X509v3CertificateBuilder
extends Object
```
Class to produce an X.509 Version 3 certificate. Based on the BC bcmail library and deprecated class of the BC. We don't use BC mail as adding an another big dependency only for the certificate creation doesn't make much sense.

Constructor Summary

Constructors
Constructor and Description
`X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)` Create a builder for a version 3 certificate.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`X509v3CertificateBuilder`	`addExtension(ASN1ObjectIdentifier oid, boolean isCritical, ASN1Object value)` Add a given extension field for the standard extensions tag (tag 3)
`X509Certificate`	`build(PrivateKey key, AlgorithmIdentifier sigAlg, String sigAlgName, String provider, SecureRandom random)` Generate the certificate, signing it with the provided private key and using the specified algorithm.
`static AlgorithmIdentifier`	`extractAlgorithmId(X509Certificate cert)` Extracts the full algorithm identifier from the given certificate.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509v3CertificateBuilder

public X509v3CertificateBuilder(X500Name issuer,
                                BigInteger serial,
                                Date notBefore,
                                Date notAfter,
                                X500Name subject,
                                SubjectPublicKeyInfo publicKeyInfo)

Create a builder for a version 3 certificate.

Parameters:: issuer - the certificate issuer; serial - the certificate serial number; notBefore - the date before which the certificate is not valid; notAfter - the date after which the certificate is not valid; subject - the certificate subject; publicKeyInfo - the info structure for the public key to be associated with this certificate.

Method Detail

addExtension

public X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             ASN1Object value)
                                      throws IOException

Add a given extension field for the standard extensions tag (tag 3)

Parameters:: oid - the OID defining the extension type.; isCritical - true if the extension is critical, false otherwise.; value - the ASN.1 structure that forms the extension's value.
Returns:: this builder object.
Throws:: IOException - IO exception

build

public X509Certificate build(PrivateKey key,
                             AlgorithmIdentifier sigAlg,
                             String sigAlgName,
                             String provider,
                             SecureRandom random)
                      throws InvalidKeyException,
                             CertificateParsingException,
                             NoSuchProviderException,
                             NoSuchAlgorithmException,
                             SignatureException,
                             IOException

Generate the certificate, signing it with the provided private key and using the specified algorithm.

Parameters:: key - to be used for signing; sigAlg - oid and paramters of the signature alg; sigAlgName - name of the signature alg; provider - can be null -> default will be used; random - can be null -> default will be used
Returns:: generated certificate
Throws:: InvalidKeyException - invalid key exception; CertificateParsingException - certificate parsing exception; NoSuchProviderException - no such provider exception; NoSuchAlgorithmException - no such algorithm exception; SignatureException - signature exception; IOException - IO exception

extractAlgorithmId
```
public static AlgorithmIdentifier extractAlgorithmId(X509Certificate cert)
                                              throws IOException
```
Extracts the full algorithm identifier from the given certificate.

Parameters:

cert - input certificate

Returns:

extracted algorithm id

Throws:

IOException - if parameters of the algorithm can not be parsed

Class X509v3CertificateBuilder