java.lang.Object
- org.shredzone.acme4j.util.CertificateUtils

```
public final class CertificateUtils
extends Object
```
Utility class offering convenience methods for certificates.
Requires Bouncy Castle.

Field Summary

Fields
Modifier and Type Field Description

static org.bouncycastle.asn1.ASN1ObjectIdentifier ACME_VALIDATION
The acmeValidation object identifier.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static X509Certificate`	`createTestCertificate(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, Instant notBefore, Instant notAfter, X509Certificate issuer, PrivateKey issuerPrivateKey)`	Creates a signed end entity certificate from the given CSR.
`static X509Certificate`	`createTestIntermediateCertificate(String subject, Instant notBefore, Instant notAfter, PublicKey intermediatePublicKey, X509Certificate issuer, PrivateKey issuerPrivateKey)`	Creates an intermediate certificate that is signed by an issuer.
`static X509Certificate`	`createTestRootCertificate(String subject, Instant notBefore, Instant notAfter, KeyPair keypair)`	Creates a self-signed root certificate.
`static X509Certificate`	`createTlsAlpn01Certificate(KeyPair keypair, Identifier id, byte[] acmeValidation)`	Creates a self-signed `X509Certificate` that can be used for the `TlsAlpn01Challenge`.
`static org.bouncycastle.pkcs.PKCS10CertificationRequest`	`readCSR(InputStream in)`	Reads a CSR PEM file.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACME_VALIDATION

public static final org.bouncycastle.asn1.ASN1ObjectIdentifier ACME_VALIDATION

The acmeValidation object identifier.

Since:: 2.1

Method Detail

readCSR

public static org.bouncycastle.pkcs.PKCS10CertificationRequest readCSR(InputStream in)
                                                                throws IOException

Reads a CSR PEM file.

Parameters:: in - InputStream to read the CSR from. The InputStream is closed after use.
Returns:: CSR that was read
Throws:: IOException

createTlsAlpn01Certificate
```
public static X509Certificate createTlsAlpn01Certificate(KeyPair keypair,
                                                         Identifier id,
                                                         byte[] acmeValidation)
                                                  throws IOException
```
Creates a self-signed X509Certificate that can be used for the TlsAlpn01Challenge. The certificate is valid for 7 days.

Parameters:

keypair - A domain KeyPair to be used for the challenge

id - The Identifier that is to be validated

acmeValidation - The value that is returned by TlsAlpn01Challenge.getAcmeValidation()

Returns:

Created certificate

Throws:

IOException

Since:

2.6

createTestRootCertificate

public static X509Certificate createTestRootCertificate(String subject,
                                                        Instant notBefore,
                                                        Instant notAfter,
                                                        KeyPair keypair)

Creates a self-signed root certificate.

The generated certificate is only meant for testing purposes!

Parameters:: subject - This certificate's subject X.500 name.; notBefore - Instant before which the certificate is not valid.; notAfter - Instant after which the certificate is not valid.; keypair - KeyPair that is to be used for this certificate.
Returns:: Generated X509Certificate
Since:: 2.8

createTestIntermediateCertificate

public static X509Certificate createTestIntermediateCertificate(String subject,
                                                                Instant notBefore,
                                                                Instant notAfter,
                                                                PublicKey intermediatePublicKey,
                                                                X509Certificate issuer,
                                                                PrivateKey issuerPrivateKey)

Creates an intermediate certificate that is signed by an issuer.

The generated certificate is only meant for testing purposes!

Parameters:: subject - This certificate's subject X.500 name.; notBefore - Instant before which the certificate is not valid.; notAfter - Instant after which the certificate is not valid.; intermediatePublicKey - PublicKey of this certificate; issuer - The issuer's X509Certificate.; issuerPrivateKey - PrivateKey of the issuer. This is not the private key of this intermediate certificate.
Returns:: Generated X509Certificate
Since:: 2.8

createTestCertificate
```
public static X509Certificate createTestCertificate(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                                                    Instant notBefore,
                                                    Instant notAfter,
                                                    X509Certificate issuer,
                                                    PrivateKey issuerPrivateKey)
```
Creates a signed end entity certificate from the given CSR.
This method is only meant for testing purposes! Do not use it in a real-world CA implementation.
Do not assume that real-world certificates have a similar structure. It's up to the discretion of the CA which distinguished names, validity dates, extensions and other parameters are transferred from the CSR to the generated certificate.

Parameters:

csr - CSR to create the certificate from

notBefore - Instant before which the certificate is not valid.

notAfter - Instant after which the certificate is not valid.

issuer - The issuer's X509Certificate.

issuerPrivateKey - PrivateKey of the issuer. This is not the private key the CSR was signed with.

Returns:

Generated X509Certificate

Since:

2.8

Class CertificateUtils

Field Summary