CertificateManager class

Drop-in replacement for Pode’s certificate helpers, powered by Bouncy Castle.

public static class CertificateManager

Public Members

name description
static BuildPrivateKeyJwt(…) Builds a Private Key JWT for client authentication using the specified certificate. (2 methods)
static BuildPrivateKeyJwtFromJwkJson(…) Builds a Private Key JWT for client authentication using the specified JWK JSON string.
static CreateJwkJsonFromCertificate(…) Builds a JWK JSON (RSA) representation of the given certificate. By default only public parameters are included (safe for publishing as JWKS). Set includePrivateParameters to true if you want a full private JWK (for local storage only – never publish it).
static CreateJwkJsonFromRsa(…) Creates an RSA JWK JSON from a given RSA instance (must contain private key).
static CreateJwkJsonFromRsaPrivateKeyPem(…) Creates an RSA JWK JSON from a PKCS#1 or PKCS#8 RSA private key in PEM format.
static CreateSelfSignedCertificateFromJwk(…) Creates a self-signed X509 certificate from the provided RSA JWK JSON string.
static Export(…) Exports the specified X509 certificate to a file in the given format, with optional password and private key inclusion. (2 methods)
static ExportPemFromJwkJson(…) Creates a self-signed certificate from the given RSA JWK JSON and exports it as a PEM certificate (optionally including the private key) to the specified path. (2 methods)
static GetPurposes(…) Gets the enhanced key usage purposes (EKU) from the specified X509 certificate.
static Import(…) Imports an X509 certificate from the specified file path, with optional password and private key file. (4 methods)
static NewCertificateRequest(…) Creates a new Certificate Signing Request (CSR) and returns the PEM-encoded CSR and the private key.
static NewSelfSigned(…) Creates a new self-signed X509 certificate using the specified options.
static Validate(…) Validates the specified X509 certificate according to the provided options.

See Also