eu.emi.security.authn.x509.helpers.proxy

Class X509v3CertificateBuilder

java.lang.Object

eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder

public class X509v3CertificateBuilder
extends java.lang.Object

Class to produce an X.509 Version 3 certificate. Based on the BC bcmail library and deprecated class of the BC. We don't use BC mail as adding an another big dependency only for the certificate creation doesn't make much sense.

Field Summary

Fields

Modifier and Type	Field and Description
private org.bouncycastle.asn1.x509.ExtensionsGenerator	extGenerator
private org.bouncycastle.asn1.x509.V3TBSCertificateGenerator	tbsGen

Constructor Summary

Constructors

Constructor and Description
X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) Create a builder for a version 3 certificate.

Method Summary

Modifier and Type	Method and Description
X509v3CertificateBuilder	addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Object value) Add a given extension field for the standard extensions tag (tag 3)
java.security.cert.X509Certificate	build(java.security.PrivateKey key, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, java.lang.String sigAlgName, java.lang.String provider, java.security.SecureRandom random) Generate the certificate, signing it with the provided private key and using the specified algorithm.
private byte[]	calculateSignature(java.lang.String sigName, java.lang.String provider, java.security.PrivateKey key, java.security.SecureRandom random, org.bouncycastle.asn1.ASN1Object object)
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	extractAlgorithmId(java.security.cert.X509Certificate cert) Extracts the full algorithm identifier from the given certificate.
private java.security.cert.X509Certificate	sign(org.bouncycastle.asn1.x509.TBSCertificate toSign, org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg, java.lang.String sigAlgName, java.security.PrivateKey key, java.lang.String provider, java.security.SecureRandom random)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

tbsGen

private org.bouncycastle.asn1.x509.V3TBSCertificateGenerator tbsGen

extGenerator

private org.bouncycastle.asn1.x509.ExtensionsGenerator extGenerator

Constructor Detail

X509v3CertificateBuilder

public X509v3CertificateBuilder(org.bouncycastle.asn1.x500.X500Name issuer,
                                java.math.BigInteger serial,
                                java.util.Date notBefore,
                                java.util.Date notAfter,
                                org.bouncycastle.asn1.x500.X500Name subject,
                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)

Create a builder for a version 3 certificate.

Parameters:

issuer - the certificate issuer

serial - the certificate serial number

notBefore - the date before which the certificate is not valid

notAfter - the date after which the certificate is not valid

subject - the certificate subject

publicKeyInfo - the info structure for the public key to be associated with this certificate.

Method Detail

addExtension

public X509v3CertificateBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                             boolean isCritical,
                                             org.bouncycastle.asn1.ASN1Object value)
                                      throws java.io.IOException

Add a given extension field for the standard extensions tag (tag 3)

Parameters:

oid - the OID defining the extension type.

isCritical - true if the extension is critical, false otherwise.

value - the ASN.1 structure that forms the extension's value.

Returns:

this builder object.

Throws:

java.io.IOException - IO exception

build

public java.security.cert.X509Certificate build(java.security.PrivateKey key,
                                                org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
                                                java.lang.String sigAlgName,
                                                java.lang.String provider,
                                                java.security.SecureRandom random)
                                         throws java.security.InvalidKeyException,
                                                java.security.cert.CertificateParsingException,
                                                java.security.NoSuchProviderException,
                                                java.security.NoSuchAlgorithmException,
                                                java.security.SignatureException,
                                                java.io.IOException

Generate the certificate, signing it with the provided private key and using the specified algorithm.

Parameters:

key - to be used for signing

sigAlg - oid and paramters of the signature alg

sigAlgName - name of the signature alg

provider - can be null -> default will be used

random - can be null -> default will be used

Returns:

generated certificate

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.cert.CertificateParsingException - certificate parsing exception

java.security.NoSuchProviderException - no such provider exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.SignatureException - signature exception

java.io.IOException - IO exception

sign

private java.security.cert.X509Certificate sign(org.bouncycastle.asn1.x509.TBSCertificate toSign,
                                                org.bouncycastle.asn1.x509.AlgorithmIdentifier sigAlg,
                                                java.lang.String sigAlgName,
                                                java.security.PrivateKey key,
                                                java.lang.String provider,
                                                java.security.SecureRandom random)
                                         throws java.security.InvalidKeyException,
                                                java.security.NoSuchProviderException,
                                                java.security.NoSuchAlgorithmException,
                                                java.security.SignatureException,
                                                java.io.IOException,
                                                java.security.cert.CertificateParsingException

Throws:

java.security.InvalidKeyException

java.security.NoSuchProviderException

java.security.NoSuchAlgorithmException

java.security.SignatureException

java.io.IOException

java.security.cert.CertificateParsingException

calculateSignature

private byte[] calculateSignature(java.lang.String sigName,
                                  java.lang.String provider,
                                  java.security.PrivateKey key,
                                  java.security.SecureRandom random,
                                  org.bouncycastle.asn1.ASN1Object object)
                           throws java.io.IOException,
                                  java.security.NoSuchProviderException,
                                  java.security.NoSuchAlgorithmException,
                                  java.security.InvalidKeyException,
                                  java.security.SignatureException

Throws:

java.io.IOException

java.security.NoSuchProviderException

java.security.NoSuchAlgorithmException

java.security.InvalidKeyException

java.security.SignatureException

extractAlgorithmId

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier extractAlgorithmId(java.security.cert.X509Certificate cert)
                                                                         throws java.io.IOException

Extracts the full algorithm identifier from the given certificate.

Parameters:

cert - input certificate

Returns:

extracted algorithm id

Throws:

java.io.IOException - if parameters of the algorithm can not be parsed