okhttp3.tls

Class HeldCertificate.Builder

java.lang.Object

okhttp3.tls.HeldCertificate.Builder

Enclosing class:

HeldCertificate

public static final class HeldCertificate.Builder
extends Object

Build a held certificate with reasonable defaults.

Constructor Summary

Constructors

Constructor and Description
Builder()

Method Summary

Modifier and Type	Method and Description
HeldCertificate.Builder	addSubjectAlternativeName(String altName) Adds a subject alternative name (SAN) to the certificate.
HeldCertificate	build()
HeldCertificate.Builder	certificateAuthority(int maxIntermediateCas) Set this certificate to be a signing certificate, with up to maxIntermediateCas intermediate signing certificates beneath it.
HeldCertificate.Builder	commonName(String cn) Set this certificate's common name (CN).
HeldCertificate.Builder	duration(long duration, TimeUnit unit) Sets the certificate to be valid immediately and until the specified duration has elapsed.
HeldCertificate.Builder	ecdsa256() Configure the certificate to generate a 256-bit ECDSA key, which provides about 128 bits of security.
HeldCertificate.Builder	keyPair(KeyPair keyPair) Sets the public/private key pair used for this certificate.
HeldCertificate.Builder	keyPair(PublicKey publicKey, PrivateKey privateKey) Sets the public/private key pair used for this certificate.
HeldCertificate.Builder	organizationalUnit(String ou) Sets the certificate's organizational unit (OU).
HeldCertificate.Builder	rsa2048() Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of security.
HeldCertificate.Builder	serialNumber(BigInteger serialNumber) Sets this certificate's serial number.
HeldCertificate.Builder	serialNumber(long serialNumber) Sets this certificate's serial number.
HeldCertificate.Builder	signedBy(HeldCertificate signedBy) Set the certificate that will issue this certificate.
HeldCertificate.Builder	validityInterval(long notBefore, long notAfter) Sets the certificate to be valid in [notBefore..notAfter].

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder()

Method Detail

validityInterval

public HeldCertificate.Builder validityInterval(long notBefore,
                                                long notAfter)

Sets the certificate to be valid in [notBefore..notAfter]. Both endpoints are specified in the format of System.currentTimeMillis(). Specify -1L for both values to use the default interval, 24 hours starting when the certificate is created.

duration

public HeldCertificate.Builder duration(long duration,
                                        TimeUnit unit)

Sets the certificate to be valid immediately and until the specified duration has elapsed. The precision of this field is seconds; further precision will be truncated.

addSubjectAlternativeName

public HeldCertificate.Builder addSubjectAlternativeName(String altName)

Adds a subject alternative name (SAN) to the certificate. This is usually a literal hostname, a literal IP address, or a hostname pattern. If no subject alternative names are added that extension will be omitted.

commonName

public HeldCertificate.Builder commonName(String cn)

Set this certificate's common name (CN). Historically this held the hostname of TLS certificate, but that practice was deprecated by RFC 2818 and replaced with subject alternative names. If unset a random string will be used.

organizationalUnit

public HeldCertificate.Builder organizationalUnit(String ou)

Sets the certificate's organizational unit (OU). If unset this field will be omitted.

serialNumber

public HeldCertificate.Builder serialNumber(BigInteger serialNumber)

Sets this certificate's serial number. If unset the serial number will be 1.

serialNumber

public HeldCertificate.Builder serialNumber(long serialNumber)

Sets this certificate's serial number. If unset the serial number will be 1.

keyPair

public HeldCertificate.Builder keyPair(KeyPair keyPair)

Sets the public/private key pair used for this certificate. If unset a key pair will be generated.

keyPair

public HeldCertificate.Builder keyPair(PublicKey publicKey,
                                       PrivateKey privateKey)

Sets the public/private key pair used for this certificate. If unset a key pair will be generated.

signedBy

public HeldCertificate.Builder signedBy(HeldCertificate signedBy)

Set the certificate that will issue this certificate. If unset the certificate will be self-signed.

certificateAuthority

public HeldCertificate.Builder certificateAuthority(int maxIntermediateCas)

Set this certificate to be a signing certificate, with up to maxIntermediateCas intermediate signing certificates beneath it.

By default this certificate cannot not sign other certificates. Set this to 0 so this certificate can sign other certificates (but those certificates cannot themselves sign certificates). Set this to 1 so this certificate can sign intermediate certificates that can themselves sign certificates. Add one for each additional layer of intermediates to permit.

ecdsa256

public HeldCertificate.Builder ecdsa256()

Configure the certificate to generate a 256-bit ECDSA key, which provides about 128 bits of security. ECDSA keys are noticeably faster than RSA keys.

This is the default configuration and has been since this API was introduced in OkHttp 3.11.0. Note that the default may change in future releases.

rsa2048

public HeldCertificate.Builder rsa2048()

Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of security. RSA keys are interoperable with very old clients that don't support ECDSA.

build

public HeldCertificate build()