/**
* Set the subject distinguished name. The subject describes the entity associated with the public
* key.
*/
public void setSubjectDN(X500Principal subject) {
try {
tbsGen.setSubject(new X509Principal(subject.getEncoded()));
} catch (IOException e) {
throw new IllegalArgumentException("can't process principal: " + e);
}
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign
* the certificate.
*/
public void setIssuerDN(X500Principal issuer) {
try {
tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
} catch (IOException e) {
throw new IllegalArgumentException("can't process principal: " + e);
}
}
/** set the serial number for the certificate. */
public void setSerialNumber(BigInteger serialNumber) {
if (serialNumber.compareTo(BigInteger.ZERO) <= 0) {
throw new IllegalArgumentException("serial number must be a positive integer");
}
tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
}
public void setPublicKey(PublicKey key) {
try {
tbsGen.setSubjectPublicKeyInfo(
new SubjectPublicKeyInfo(
(ASN1Sequence)
new ASN1InputStream(new ByteArrayInputStream(key.getEncoded())).readObject()));
} catch (Exception e) {
throw new IllegalArgumentException("unable to process key - " + e.toString());
}
}
/**
* Set the signature algorithm. This can be either a name or an OID, names are treated as case
* insensitive.
*
* @param signatureAlgorithm string representation of the algorithm name.
*/
public void setSignatureAlgorithm(String signatureAlgorithm) {
this.signatureAlgorithm = signatureAlgorithm;
try {
sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
} catch (Exception e) {
throw new IllegalArgumentException("Unknown signature type requested");
}
sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
tbsGen.setSignature(sigAlgId);
}
/**
* generate an X509 certificate, based on the current issuer and subject using the default
* provider and the passed in source of randomness
*
* <p><b>Note:</b> this differs from the deprecated method in that the default provider is used -
* not "BC".
*/
public X509Certificate generate(PrivateKey key, SecureRandom random)
throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException,
SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
public void setNotAfter(Date date) {
tbsGen.setEndDate(new Time(date));
}
public void setNotBefore(Date date) {
tbsGen.setStartDate(new Time(date));
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign
* the certificate.
*/
public void setIssuerDN(X509Name issuer) {
tbsGen.setIssuer(issuer);
}
/**
* Set the subject distinguished name. The subject describes the entity associated with the public
* key.
*/
public void setSubjectDN(X509Name subject) {
tbsGen.setSubject(subject);
}