All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.cert.X509v1CertificateBuilder Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified.

There is a newer version: 2.0.7
Show newest version
package org.bouncycastle.cert;

import java.math.BigInteger;
import java.util.Date;
import java.util.Locale;

import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.operator.ContentSigner;


/**
 * class to produce an X.509 Version 1 certificate.
 */
public class X509v1CertificateBuilder
{
    private V1TBSCertificateGenerator   tbsGen;

    /**
     * Create a builder for a version 1 certificate.
     *
     * @param issuer the certificate issuer
     * @param serial the certificate serial number
     * @param notBefore the date before which the certificate is not valid
     * @param notAfter the date after which the certificate is not valid
     * @param subject the certificate subject
     * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
     */
    public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
    {
        this(issuer, serial, new Time(notBefore), new Time(notAfter), subject, publicKeyInfo);
    }

   /**
    * Create a builder for a version 1 certificate. You may need to use this constructor if the default locale
    * doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
    *
    * @param issuer the certificate issuer
    * @param serial the certificate serial number
    * @param notBefore the date before which the certificate is not valid
    * @param notAfter the date after which the certificate is not valid
    * @param dateLocale locale to be used for date interpretation.
    * @param subject the certificate subject
    * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
    */
   public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, Locale dateLocale, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
   {
       this(issuer, serial, new Time(notBefore, dateLocale), new Time(notAfter, dateLocale), subject, publicKeyInfo);
   }

   /**
    * Create a builder for a version 1 certificate.
    *
    * @param issuer the certificate issuer
    * @param serial the certificate serial number
    * @param notBefore the Time before which the certificate is not valid
    * @param notAfter the Time after which the certificate is not valid
    * @param subject the certificate subject
    * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
    */
   public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
   {
       if (issuer == null)
       {
           throw new IllegalArgumentException("issuer must not be null");
       }

       if (publicKeyInfo == null)
       {
           throw new IllegalArgumentException("publicKeyInfo must not be null");
       }

       tbsGen = new V1TBSCertificateGenerator();
       tbsGen.setSerialNumber(new ASN1Integer(serial));
       tbsGen.setIssuer(issuer);
       tbsGen.setStartDate(notBefore);
       tbsGen.setEndDate(notAfter);
       tbsGen.setSubject(subject);
       tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
   }

    /**
     * Generate an X509 certificate, based on the current issuer and subject
     * using the passed in signer.
     *
     * @param signer the content signer to be used to generate the signature validating the certificate.
     * @return a holder containing the resulting signed certificate.
     */
    public X509CertificateHolder build(
        ContentSigner signer)
    {
        tbsGen.setSignature(signer.getAlgorithmIdentifier());

        return CertUtils.generateFullCert(signer, tbsGen.generateTBSCertificate());
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy