java.lang.Object
- net.maritimeconnectivity.pki.CertificateBuilder

```
public class CertificateBuilder
extends Object
```
Class that contains functions for generating client certificates

Constructor Summary

Constructors
Constructor Description

CertificateBuilder(KeystoreHandler keystoreHandler)

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`X509Certificate`	`buildAndSignCert(BigInteger serialNumber, PrivateKey signerPrivateKey, PublicKey signerPublicKey, PublicKey subjectPublicKey, org.bouncycastle.asn1.x500.X500Name issuer, org.bouncycastle.asn1.x500.X500Name subject, Map<String,String> customAttrs, String type, String ocspUrl, String crlUrl, AuthProvider p11AuthProvider, int validityPeriod)`	Builds and signs a certificate.
`static String`	`escapeSpecialCharacters(String string)`	Escapes characters that are reserved for DN attributes according to RFC 4514 and Distinguished Names (Microsoft).
`X509Certificate`	`generateCertForEntity(BigInteger serialNumber, String country, String orgName, String type, String callName, String email, String uid, int validityPeriod, PublicKey publicKey, Map<String,String> customAttr, String signingAlias, String baseCrlOcspURI, AuthProvider p11AuthProvider)`	Generates a signed certificate for an entity.
`static KeyPair`	`generateKeyPair(PKIConfiguration pkiConfiguration)`	Generates a keypair (public and private) based on Elliptic curves.
`static KeyPair`	`generateKeyPairPKCS11(P11PKIConfiguration p11PKIConfiguration)`	Generates a keypair (public and private) based on Elliptic curves on an HSM using PKCS#11
`BigInteger`	`generateSerialNumber(PKIConfiguration pkiConfiguration)`	Generate a unique serial number to uniquely identify certificates.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateBuilder

public CertificateBuilder(KeystoreHandler keystoreHandler)

Method Detail

buildAndSignCert

public X509Certificate buildAndSignCert(BigInteger serialNumber,
                                        PrivateKey signerPrivateKey,
                                        PublicKey signerPublicKey,
                                        PublicKey subjectPublicKey,
                                        org.bouncycastle.asn1.x500.X500Name issuer,
                                        org.bouncycastle.asn1.x500.X500Name subject,
                                        Map<String,String> customAttrs,
                                        String type,
                                        String ocspUrl,
                                        String crlUrl,
                                        AuthProvider p11AuthProvider,
                                        int validityPeriod)
                                 throws NoSuchAlgorithmException,
                                        org.bouncycastle.cert.CertIOException,
                                        org.bouncycastle.operator.OperatorCreationException,
                                        CertificateException

Builds and signs a certificate. The certificate will be build on the given subject-public-key and signed with the given issuer-private-key. The issuer and subject will be identified in the strings provided.

Parameters:: serialNumber - The serial number of the new certificate.; signerPrivateKey - Private key for signing the certificate; signerPublicKey - Public key of the signing certificate; subjectPublicKey - Public key for the new certificate; issuer - DN of the signing certificate; subject - DN of the new certificate; customAttrs - The custom MC attributes to include in the certificate; type - Type of certificate, can be "ROOT", "INTERMEDIATE" or "ENTITY".; ocspUrl - OCSP endpoint; crlUrl - CRL endpoint - can be null; p11AuthProvider - The provider that should be used - can be null; validityPeriod - How many months the certificate should be valid
Returns:: A signed X509Certificate
Throws:: NoSuchAlgorithmException - if the needed underlying algorithms don't exist in the crypto provider; org.bouncycastle.cert.CertIOException - if extensions cannot be added to the certificate; org.bouncycastle.operator.OperatorCreationException - if the certificate signer cannot be instantiated; CertificateException - if the certificate cannot be built

generateCertForEntity

public X509Certificate generateCertForEntity(BigInteger serialNumber,
                                             String country,
                                             String orgName,
                                             String type,
                                             String callName,
                                             String email,
                                             String uid,
                                             int validityPeriod,
                                             PublicKey publicKey,
                                             Map<String,String> customAttr,
                                             String signingAlias,
                                             String baseCrlOcspURI,
                                             AuthProvider p11AuthProvider)
                                      throws CertificateException,
                                             org.bouncycastle.operator.OperatorCreationException,
                                             org.bouncycastle.cert.CertIOException,
                                             NoSuchAlgorithmException

Generates a signed certificate for an entity.

Parameters:: serialNumber - The serial number of the certificate; country - The country of org/entity; orgName - The name of the organization the entity belongs to; type - The type of the entity; callName - The name of the entity; email - The email of the entity; uid - The UID of the certificate; validityPeriod - How many months the certificate should be valid; publicKey - The public key of the entity; customAttr - Custom attributes that should be added to the certificate; signingAlias - The alias of the CA that should be used to sign the certificate; baseCrlOcspURI - The base URI used for the CRL and OCSP endpoint. This will be prepended: (ocsp|crl)/urn:mrn:mcl:ca:...; p11AuthProvider - The provider that should be used - can be null
Returns:: Returns a signed X509Certificate
Throws:: CertificateException - if the certificate cannot be built; org.bouncycastle.operator.OperatorCreationException - if the certificate cannot be built; org.bouncycastle.cert.CertIOException - if the certificate cannot be built; NoSuchAlgorithmException - if the certificate cannot be built

generateKeyPair
```
public static KeyPair generateKeyPair(PKIConfiguration pkiConfiguration)
```
Generates a keypair (public and private) based on Elliptic curves.

Parameters:

pkiConfiguration - a configuration for the PKI

Returns:

The generated keypair

generateKeyPairPKCS11
```
public static KeyPair generateKeyPairPKCS11(P11PKIConfiguration p11PKIConfiguration)
```
Generates a keypair (public and private) based on Elliptic curves on an HSM using PKCS#11

Parameters:

p11PKIConfiguration - a PKCS#11 configuration for the PKI

Returns:

The generated keypair

generateSerialNumber
```
public BigInteger generateSerialNumber(PKIConfiguration pkiConfiguration)
```
Generate a unique serial number to uniquely identify certificates.

Parameters:

pkiConfiguration - a configuration for the PKI

Returns:

a unique serialnumber

escapeSpecialCharacters
```
public static String escapeSpecialCharacters(String string)
```
Escapes characters that are reserved for DN attributes according to RFC 4514 and Distinguished Names (Microsoft).

Parameters:

string - The string that is going to be escaped

Returns:

A string where reserved characters have been escaped

Class CertificateBuilder

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CertificateBuilder

Method Detail

buildAndSignCert

generateCertForEntity

generateKeyPair

generateKeyPairPKCS11

generateSerialNumber

escapeSpecialCharacters