Interface X509ExtensionBuilder


  • @Role
    public interface X509ExtensionBuilder
    Builder to build X.509 extension set.
    Since:
    5.4
    Version:
    $Id: c4ae8051505d0986238e777239581f64f4098e73 $
    • Method Detail

      • addExtension

        X509ExtensionBuilder addExtension​(String oid,
                                          boolean critical,
                                          byte[] value)
                                   throws IOException
        Add an extension with the given oid and the passed in value to be included in the OCTET STRING associated with the extension.
        Parameters:
        oid - OID for the extension.
        critical - true if critical, false otherwise.
        value - the ASN.1 object to be included in the extension.
        Returns:
        this extensions builder to allow chaining.
        Throws:
        IOException - on encoding error.
      • addExtensions

        X509ExtensionBuilder addExtensions​(X509Extensions extensionSet)
                                    throws IOException
        Add all extension in an existing extension set to the currently built extension set.
        Parameters:
        extensionSet - the extension set to copy.
        Returns:
        this extensions builder to allow chaining.
        Throws:
        IOException - on encoding error.
      • build

        X509Extensions build()
        Returns:
        the final resulting X.509 extensions
      • isEmpty

        boolean isEmpty()
        Returns:
        true if no extension has been ever added.
      • addBasicConstraints

        X509ExtensionBuilder addBasicConstraints​(boolean isCertificateAuthority)
        Add the BasicConstraints extension.
        Parameters:
        isCertificateAuthority - should be true for a CA certificate.
        Returns:
        this extensions builder to allow chaining.
      • addBasicConstraints

        X509ExtensionBuilder addBasicConstraints​(int pathLen)
        Add the BasicConstraints extension for a CA with a limited path length.
        Parameters:
        pathLen - the maximum path len for this CA.
        Returns:
        this extensions builder to allow chaining.
      • addKeyUsage

        X509ExtensionBuilder addKeyUsage​(EnumSet<KeyUsage> usages)
        Add a critical key usage extensions.
        Parameters:
        usages - a set of key usage.
        Returns:
        this extensions builder to allow chaining.
      • addKeyUsage

        X509ExtensionBuilder addKeyUsage​(boolean critical,
                                         EnumSet<KeyUsage> usages)
        Add a key usage extensions.
        Parameters:
        critical - should be true for a critical extension, false otherwise.
        usages - a set of key usage.
        Returns:
        this extensions builder to allow chaining.
      • addExtendedKeyUsage

        X509ExtensionBuilder addExtendedKeyUsage​(boolean critical,
                                                 ExtendedKeyUsages usages)
        Add a extended key usage extensions.
        Parameters:
        critical - should be true for a critical extension, false otherwise.
        usages - a set of extended key usage.
        Returns:
        this extensions builder to allow chaining.
      • addAuthorityKeyIdentifier

        X509ExtensionBuilder addAuthorityKeyIdentifier​(CertifiedPublicKey issuer)
        Add the authority key identifier extension. This extension is automatically added by the certificate builder.
        Parameters:
        issuer - the certifierd public key of the issuer.
        Returns:
        this extensions builder to allow chaining.
      • addAuthorityKeyIdentifier

        X509ExtensionBuilder addAuthorityKeyIdentifier​(PublicKeyParameters issuer)
        Add the authority key identifier extension for self signed certificates. This extension is automatically added by the certificate builder.
        Parameters:
        issuer - the public key parameters of the subject.
        Returns:
        this extensions builder to allow chaining.
      • addSubjectKeyIdentifier

        X509ExtensionBuilder addSubjectKeyIdentifier​(PublicKeyParameters subject)
        Add the subject key identifier extension. This extension is automatically added by the certificate builder.
        Parameters:
        subject - the public key parameters of the subject.
        Returns:
        this extensions builder to allow chaining.
      • addSubjectAltName

        X509ExtensionBuilder addSubjectAltName​(boolean critical,
                                               X509GeneralName[] names)
        Add the subject alternative names extension.
        Parameters:
        critical - should be true if the subject field is empty, false otherwise.
        names - a collection of X.509 general name.
        Returns:
        this extensions builder to allow chaining.
      • addIssuerAltName

        X509ExtensionBuilder addIssuerAltName​(X509GeneralName[] names)
        Add the issuer alternative names extension.
        Parameters:
        names - a collection of X.509 general name.
        Returns:
        this extensions builder to allow chaining.