Allow to set a complete X500Name to CSRBuilder in addition to the single set-methods about acme4j HOT 5 CLOSED

Hi @kimmerin!

The CSRBuilder was designed for simplicity. acme4j itself does not care much about where the CSR comes from, it just expects a binary encoded CSR document. So you could also implement your own CSR generator if you have further demands on its contents.

Internally BouncyCastle's X500NameBuilder is used, so there is no way to offer a setX500Name() or setRDN() method without having to do major rewrites of the CSRBuilder.

However, what I could offer is to add a modifyX500Name(Consumer<X500NameBuilder> builder) method that permits to add further RDN to the X500NameBuilder, e.g.:

CSRBuilder csrb = new CSRBuilder();
csrb.addDomain("example.org");

// add a custom UID RDN
csrb.modifyX500Name(b -> b.addRDN(BCStyle.UID, "123456"));

csrb.sign(domainKeyPair);
byte[] csr = csrb.getEncoded();

Would that help you?

from acme4j.

I was thinking of something like this:

public void addValue(String attName, String value) {
    ASN1ObjectIdentifier oid = X500Name.getDefaultStyle().attrNameToOID(attName);
    addValue(oid, value);
}

public void addValue(ASN1ObjectIdentifier oid, String value) {
    if (oid.equals(BCStyle.CN)) {
        addDomain(value);
        return;
    }
    namebuilder.addRDN(oid, value);
}

I can do this change, add javadocs, create unit tests around it and start a pull request if you want.

from acme4j.

Sure, a pull request would be fine! Thank you! 😄

from acme4j.

Closed via #129.

from acme4j.

Sorry for the delay! Your change is now published in acme4j v2.14. It is available in the release section, and should be available at Maven Central within the next couple of hours.

from acme4j.