Class CSRBuilder

java.lang.Object
org.shredzone.acme4j.util.CSRBuilder

public class CSRBuilder extends Object
Generator for a CSR (Certificate Signing Request) suitable for ACME servers.

Requires Bouncy Castle. The BouncyCastleProvider must also be added as security provider.

  • Constructor Details

  • Method Details

    • addDomain

      public void addDomain(String domain)
      Adds a domain name to the CSR. The first domain name added will also be the Common Name. All domain names will be added as Subject Alternative Name.

      IDN domain names are ACE encoded automatically.

      For wildcard certificates, the domain name must be prefixed with "*.".

      Parameters:
      domain - Domain name to add
    • addDomains

      public void addDomains(Collection<String> domains)
      Adds a Collection of domains.

      IDN domain names are ACE encoded automatically.

      Parameters:
      domains - Collection of domain names to add
    • addDomains

      public void addDomains(String... domains)
      Adds multiple domain names.

      IDN domain names are ACE encoded automatically.

      Parameters:
      domains - Domain names to add
    • addIP

      public void addIP(InetAddress address)
      Adds an InetAddress. All IP addresses will be set as iPAddress Subject Alternative Name.
      Parameters:
      address - InetAddress to add
      Since:
      2.4
    • addIPs

      public void addIPs(Collection<InetAddress> ips)
      Adds a Collection of IP addresses.
      Parameters:
      ips - Collection of IP addresses to add
      Since:
      2.4
    • addIPs

      public void addIPs(InetAddress... ips)
      Adds multiple IP addresses.
      Parameters:
      ips - IP addresses to add
      Since:
      2.4
    • addIdentifier

      public void addIdentifier(Identifier id)
      Adds an Identifier. Only DNS and IP types are supported.
      Parameters:
      id - Identifier to add
      Since:
      2.7
    • addIdentifiers

      public void addIdentifiers(Collection<Identifier> ids)
      Parameters:
      ids - Collection of Identifiers to add
      Since:
      2.7
    • addIdentifiers

      public void addIdentifiers(Identifier... ids)
      Adds multiple Identifier.
      Parameters:
      ids - Identifiers to add
      Since:
      2.7
    • addValue

      public void addValue(String attName, String value)
      Sets an entry of the subject used for the CSR.

      This method is meant as "expert mode" for setting attributes that are not covered by the other methods. It is at the discretion of the ACME server to accept this parameter.

      Parameters:
      attName - The BCStyle attribute name
      value - The value
      Since:
      2.14
    • addValue

      public void addValue(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, String value)
      Sets an entry of the subject used for the CSR.

      This method is meant as "expert mode" for setting attributes that are not covered by the other methods. It is at the discretion of the ACME server to accept this parameter.

      Parameters:
      oid - The OID of the attribute to be added
      value - The value
      Since:
      2.14
    • setOrganization

      public void setOrganization(String o)
      Sets the organization.

      Note that it is at the discretion of the ACME server to accept this parameter.

    • setOrganizationalUnit

      public void setOrganizationalUnit(String ou)
      Sets the organizational unit.

      Note that it is at the discretion of the ACME server to accept this parameter.

    • setLocality

      public void setLocality(String l)
      Sets the city or locality.

      Note that it is at the discretion of the ACME server to accept this parameter.

    • setState

      public void setState(String st)
      Sets the state or province.

      Note that it is at the discretion of the ACME server to accept this parameter.

    • setCountry

      public void setCountry(String c)
      Sets the country.

      Note that it is at the discretion of the ACME server to accept this parameter.

    • sign

      public void sign(KeyPair keypair) throws IOException
      Signs the completed CSR.
      Parameters:
      keypair - KeyPair to sign the CSR with
      Throws:
      IOException
    • getCSR

      public org.bouncycastle.pkcs.PKCS10CertificationRequest getCSR()
      Gets the PKCS#10 certification request.
    • getEncoded

      public byte[] getEncoded() throws IOException
      Gets an encoded PKCS#10 certification request.
      Throws:
      IOException
    • write

      public void write(Writer w) throws IOException
      Writes the signed certificate request to a Writer.
      Parameters:
      w - Writer to write the PEM file to. The Writer is closed after use.
      Throws:
      IOException
    • write

      public void write(OutputStream out) throws IOException
      Writes the signed certificate request to an OutputStream.
      Parameters:
      out - OutputStream to write the PEM file to. The OutputStream is closed after use.
      Throws:
      IOException
    • toString

      public String toString()
      Overrides:
      toString in class Object