/** * Generate an X.509 certificate, based on the current issuer and subject using the passed in * signer. * * @param signer the content signer to be used to generate the signature validating the * certificate. * @return a holder containing the resulting signed certificate. */ public X509CertificateHolder build(ContentSigner signer) { tbsGen.setSignature(signer.getAlgorithmIdentifier()); if (!extGenerator.isEmpty()) { tbsGen.setExtensions(extGenerator.generate()); } return CertUtils.generateFullCert(signer, tbsGen.generateTBSCertificate()); }
/** * Create a builder for a version 3 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the date before which the certificate is not valid * @param notAfter the date after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated with this * certificate. */ public X509v3CertificateBuilder( X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSerialNumber(new DERInteger(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(new Time(notBefore)); tbsGen.setEndDate(new Time(notAfter)); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); extGenerator = new X509ExtensionsGenerator(); }
/** * Set the issuerUniqueID - note: it is very rare that it is correct to do this. * * @param uniqueID a boolean array representing the bits making up the issuerUniqueID. * @return this builder object. */ public X509v3CertificateBuilder setIssuerUniqueID(boolean[] uniqueID) { tbsGen.setIssuerUniqueID(CertUtils.booleanToBitString(uniqueID)); return this; }