[OPENDJ-6174] Make X509CertificateBuilder a public API so that other product teams can use it Created: 04/Apr/19 Updated: 25/Sep/20
|Component/s:||common-repo, core apis, security|
|Epic Link:||Supportable SDK|
The org.forgerock.opendj.security.X509CertificateBuilder class provides a simple stable API for constructing X509 certificates which could be useful outside of the DJ code-base. In particular, the AM team use BouncyCastle for generating key-pairs in unit tests, but these break frequently as a result of changes to BC's APIs. In addition the BC APIs are hard to use.
It should be noted that the X509CertificateBuilder class only generates EC keys. We should be careful to keep this class relatively simple and lightweight.
|Comment by Cyril Quinton [ 03/May/19 ]|
The X509CertificateBuilder class does not generate the key-pair, it is the resposibility of the client to generate it. Hence it can be used with key-pairs other than EC, nevertheless it was only tested with EC keys.
|Comment by Matthew Swift [ 29/Jul/20 ]|
This issue depends on OPENDJ-6956 which simplifies the ASN.1 hierarchy to a single reader/writer implementation.