Package org.gnome.gio

Class TlsCertificate.Builder<B extends TlsCertificate.Builder<B>>

java.lang.Object

io.github.jwharm.javagi.gobject.Builder<B>

org.gnome.gobject.GObject.Builder<B>

org.gnome.gio.TlsCertificate.Builder<B>

Type Parameters:

B - the type of the Builder that is returned

All Implemented Interfaces:

BuilderInterface

Enclosing class:

TlsCertificate

public static class TlsCertificate.Builder<B extends TlsCertificate.Builder<B>>
extends GObject.Builder<B>

Inner class implementing a builder pattern to construct a GObject with properties.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	Builder()	Default constructor for a Builder object.

Method Summary

Modifier and Type	Method	Description
TlsCertificate	build()	Finish building the TlsCertificate object.
B	setCertificate(byte[] certificate)	The DER (binary) encoded representation of the certificate.
B	setCertificatePem(String certificatePem)	The PEM (ASCII) encoded representation of the certificate.
B	setIssuer(TlsCertificate issuer)	A GTlsCertificate representing the entity that issued this certificate.
B	setPassword(String password)	An optional password used when constructed with GTlsCertificate:pkcs12-data.
B	setPkcs11Uri(String pkcs11Uri)	A URI referencing the PKCS \\#11 objects containing an X.509 certificate and optionally a private key.
B	setPkcs12Data(byte[] pkcs12Data)	The PKCS 12 formatted data used to construct the object.
B	setPrivateKey(byte[] privateKey)	The DER (binary) encoded representation of the certificate's private key, in either PKCS \\#1 format or unencrypted PKCS \\#8 format. PKCS \\8 format is supported since 2.32; earlier releases only support PKCS \\1.
B	setPrivateKeyPem(String privateKeyPem)	The PEM (ASCII) encoded representation of the certificate's private key in either PKCS \\#1 format ("BEGIN RSA PRIVATE KEY") or unencrypted PKCS \\#8 format ("BEGIN PRIVATE KEY").
B	setPrivateKeyPkcs11Uri(String privateKeyPkcs11Uri)	A URI referencing a PKCS \\#11 object containing a private key.

Methods inherited from class org.gnome.gobject.GObject.Builder

onNotify

Methods inherited from class io.github.jwharm.javagi.gobject.Builder

addBuilderProperty, connect, connect, connectSignals, getArena, getNames, getValues

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Builder

protected Builder()

Default constructor for a Builder object.

Method Details

build

public TlsCertificate build()

Finish building the TlsCertificate object. This will call GObject.withProperties(org.gnome.glib.Type, java.lang.String[], org.gnome.gobject.Value[]) to create a new GObject instance, which is then cast to TlsCertificate.

Overrides:

build in class GObject.Builder<B extends TlsCertificate.Builder<B>>

Returns:

a new instance of TlsCertificate with the properties that were set in the Builder object.

setCertificate

public B setCertificate(byte[] certificate)

The DER (binary) encoded representation of the certificate. This property and the GTlsCertificate:certificate-pem property represent the same data, just in different forms.

Parameters:

certificate - the value for the certificate property

Returns:

the Builder instance is returned, to allow method chaining

setCertificatePem

public B setCertificatePem(String certificatePem)

The PEM (ASCII) encoded representation of the certificate. This property and the GTlsCertificate:certificate property represent the same data, just in different forms.

Parameters:

certificatePem - the value for the certificate-pem property

Returns:

the Builder instance is returned, to allow method chaining

setIssuer

public B setIssuer(TlsCertificate issuer)

A GTlsCertificate representing the entity that issued this certificate. If null, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

Beware the issuer certificate may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib's TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used. Accordingly, this property cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.

Parameters:

issuer - the value for the issuer property

Returns:

the Builder instance is returned, to allow method chaining

setPassword

public B setPassword(String password)

An optional password used when constructed with GTlsCertificate:pkcs12-data.

Parameters:

password - the value for the password property

Returns:

the Builder instance is returned, to allow method chaining

setPkcs11Uri

public B setPkcs11Uri(String pkcs11Uri)

A URI referencing the PKCS \\#11 objects containing an X.509 certificate and optionally a private key.

If null, the certificate is either not backed by PKCS \\11 or the GTlsBackend does not support PKCS \\11.

Parameters:

pkcs11Uri - the value for the pkcs11-uri property

Returns:

the Builder instance is returned, to allow method chaining

setPkcs12Data

public B setPkcs12Data(byte[] pkcs12Data)

The PKCS 12 formatted data used to construct the object.

See also: g_tls_certificate_new_from_pkcs12()

Parameters:

pkcs12Data - the value for the pkcs12-data property

Returns:

the Builder instance is returned, to allow method chaining

setPrivateKey

public B setPrivateKey(byte[] privateKey)

The DER (binary) encoded representation of the certificate's private key, in either PKCS \\#1 format or unencrypted PKCS \\#8 format. PKCS \\8 format is supported since 2.32; earlier releases only support PKCS \\1. You can use the openssl rsa tool to convert PKCS \\8 keys to PKCS \\1.

This property (or the GTlsCertificate:private-key-pem property) can be set when constructing a key (for example, from a file). Since GLib 2.70, it is now also readable; however, be aware that if the private key is backed by a PKCS \\11 URI – for example, if it is stored on a smartcard – then this property will be null. If so, the private key must be referenced via its PKCS \\11 URI, GTlsCertificate:private-key-pkcs11-uri. You must check both properties to see if the certificate really has a private key. When this property is read, the output format will be unencrypted PKCS \\8.

Parameters:

privateKey - the value for the private-key property

Returns:

the Builder instance is returned, to allow method chaining

setPrivateKeyPem

public B setPrivateKeyPem(String privateKeyPem)

The PEM (ASCII) encoded representation of the certificate's private key in either PKCS \\#1 format ("BEGIN RSA PRIVATE KEY") or unencrypted PKCS \\#8 format ("BEGIN PRIVATE KEY"). PKCS \\8 format is supported since 2.32; earlier releases only support PKCS \\1. You can use the openssl rsa tool to convert PKCS \\8 keys to PKCS \\1.

This property (or the GTlsCertificate:private-key property) can be set when constructing a key (for example, from a file). Since GLib 2.70, it is now also readable; however, be aware that if the private key is backed by a PKCS \\11 URI - for example, if it is stored on a smartcard - then this property will be null. If so, the private key must be referenced via its PKCS \\11 URI, GTlsCertificate:private-key-pkcs11-uri. You must check both properties to see if the certificate really has a private key. When this property is read, the output format will be unencrypted PKCS \\8.

Parameters:

privateKeyPem - the value for the private-key-pem property

Returns:

the Builder instance is returned, to allow method chaining

setPrivateKeyPkcs11Uri

public B setPrivateKeyPkcs11Uri(String privateKeyPkcs11Uri)

A URI referencing a PKCS \\#11 object containing a private key.

Parameters:

privateKeyPkcs11Uri - the value for the private-key-pkcs11-uri property

Returns:

the Builder instance is returned, to allow method chaining