public static final class HeldCertificate.Builder
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private java.util.List<java.lang.String> |
altNames |
private java.lang.String |
cn |
private static long |
DEFAULT_DURATION_MILLIS |
private java.lang.String |
keyAlgorithm |
private java.security.KeyPair |
keyPair |
private int |
keySize |
private int |
maxIntermediateCas |
private long |
notAfter |
private long |
notBefore |
private java.lang.String |
ou |
private java.math.BigInteger |
serialNumber |
private HeldCertificate |
signedBy |
Constructor and Description |
---|
Builder() |
Modifier and Type | Method and Description |
---|---|
HeldCertificate.Builder |
addSubjectAlternativeName(java.lang.String altName)
Adds a subject alternative name (SAN) to the certificate.
|
HeldCertificate |
build() |
private javax.security.auth.x500.X500Principal |
buildSubject() |
HeldCertificate.Builder |
certificateAuthority(int maxIntermediateCas)
Set this certificate to be a signing certificate, with up to
maxIntermediateCas
intermediate signing certificates beneath it. |
HeldCertificate.Builder |
commonName(java.lang.String cn)
Set this certificate's common name (CN).
|
HeldCertificate.Builder |
duration(long duration,
java.util.concurrent.TimeUnit unit)
Sets the certificate to be valid immediately and until the specified duration has elapsed.
|
HeldCertificate.Builder |
ecdsa256()
Configure the certificate to generate a 256-bit ECDSA key, which provides about 128 bits of
security.
|
private java.security.KeyPair |
generateKeyPair() |
HeldCertificate.Builder |
keyPair(java.security.KeyPair keyPair)
Sets the public/private key pair used for this certificate.
|
HeldCertificate.Builder |
keyPair(java.security.PublicKey publicKey,
java.security.PrivateKey privateKey)
Sets the public/private key pair used for this certificate.
|
HeldCertificate.Builder |
organizationalUnit(java.lang.String ou)
Sets the certificate's organizational unit (OU).
|
HeldCertificate.Builder |
rsa2048()
Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of
security.
|
HeldCertificate.Builder |
serialNumber(java.math.BigInteger serialNumber)
Sets this certificate's serial number.
|
HeldCertificate.Builder |
serialNumber(long serialNumber)
Sets this certificate's serial number.
|
HeldCertificate.Builder |
signedBy(HeldCertificate signedBy)
Set the certificate that will issue this certificate.
|
HeldCertificate.Builder |
validityInterval(long notBefore,
long notAfter)
Sets the certificate to be valid in
[notBefore..notAfter] . |
private static final long DEFAULT_DURATION_MILLIS
private long notBefore
private long notAfter
@Nullable private java.lang.String cn
@Nullable private java.lang.String ou
private final java.util.List<java.lang.String> altNames
@Nullable private java.math.BigInteger serialNumber
@Nullable private java.security.KeyPair keyPair
@Nullable private HeldCertificate signedBy
private int maxIntermediateCas
@Nullable private java.lang.String keyAlgorithm
private int keySize
public HeldCertificate.Builder validityInterval(long notBefore, long notAfter)
[notBefore..notAfter]
. Both endpoints are
specified in the format of System.currentTimeMillis()
. Specify -1L for both values
to use the default interval, 24 hours starting when the certificate is created.public HeldCertificate.Builder duration(long duration, java.util.concurrent.TimeUnit unit)
public HeldCertificate.Builder addSubjectAlternativeName(java.lang.String altName)
public HeldCertificate.Builder commonName(java.lang.String cn)
subject alternative names
. If unset a random string will
be used.public HeldCertificate.Builder organizationalUnit(java.lang.String ou)
public HeldCertificate.Builder serialNumber(java.math.BigInteger serialNumber)
public HeldCertificate.Builder serialNumber(long serialNumber)
public HeldCertificate.Builder keyPair(java.security.KeyPair keyPair)
public HeldCertificate.Builder keyPair(java.security.PublicKey publicKey, java.security.PrivateKey privateKey)
public HeldCertificate.Builder signedBy(HeldCertificate signedBy)
public HeldCertificate.Builder certificateAuthority(int maxIntermediateCas)
maxIntermediateCas
intermediate signing certificates beneath it.
By default this certificate cannot not sign other certificates. Set this to 0 so this certificate can sign other certificates (but those certificates cannot themselves sign certificates). Set this to 1 so this certificate can sign intermediate certificates that can themselves sign certificates. Add one for each additional layer of intermediates to permit.
public HeldCertificate.Builder ecdsa256()
This is the default configuration and has been since this API was introduced in OkHttp 3.11.0. Note that the default may change in future releases.
public HeldCertificate.Builder rsa2048()
public HeldCertificate build()
private javax.security.auth.x500.X500Principal buildSubject()
private java.security.KeyPair generateKeyPair()