/**
* Generate an X.509 certificate, based on the current issuer and subject using the passed in
* signer.
*
* @param signer the content signer to be used to generate the signature validating the
* certificate.
* @return a holder containing the resulting signed certificate.
*/
public X509CertificateHolder build(ContentSigner signer) {
tbsGen.setSignature(signer.getAlgorithmIdentifier());
if (!extGenerator.isEmpty()) {
tbsGen.setExtensions(extGenerator.generate());
}
return CertUtils.generateFullCert(signer, tbsGen.generateTBSCertificate());
}
/**
* Create a builder for a version 3 certificate.
*
* @param issuer the certificate issuer
* @param serial the certificate serial number
* @param notBefore the date before which the certificate is not valid
* @param notAfter the date after which the certificate is not valid
* @param subject the certificate subject
* @param publicKeyInfo the info structure for the public key to be associated with this
* certificate.
*/
public X509v3CertificateBuilder(
X500Name issuer,
BigInteger serial,
Date notBefore,
Date notAfter,
X500Name subject,
SubjectPublicKeyInfo publicKeyInfo) {
tbsGen = new V3TBSCertificateGenerator();
tbsGen.setSerialNumber(new DERInteger(serial));
tbsGen.setIssuer(issuer);
tbsGen.setStartDate(new Time(notBefore));
tbsGen.setEndDate(new Time(notAfter));
tbsGen.setSubject(subject);
tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
extGenerator = new X509ExtensionsGenerator();
}
/**
* Set the issuerUniqueID - note: it is very rare that it is correct to do this.
*
* @param uniqueID a boolean array representing the bits making up the issuerUniqueID.
* @return this builder object.
*/
public X509v3CertificateBuilder setIssuerUniqueID(boolean[] uniqueID) {
tbsGen.setIssuerUniqueID(CertUtils.booleanToBitString(uniqueID));
return this;
}
