|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.dstc.security.pki.X509CertGen
Class for generating X.509 certificates. The following code snippet illustrates the typical usage for this object:
Signature caSignature = Signature.getInstance("RSA"); caSignature.initSign(caPrivateKey); X509CertGen cg = new X509CertGen(caSignature, caCert); cg.setPublicKey(userPublicKey); cg.setSerialNumber(BigInteger.valueOf((long)12345678 )); cg.setSubjectDN("CN = John Smith, OU=Security, O=DSTC, C=AU"); cg.setValidity(365); cg.setSubjectEmail("jsmith@dstc.qut.edu.au"); X509Certificate userCert = cg.getCertificate();
Note: A self-signed (CA) certificate can be generated
starting from the constructor X509CertGen(String issName,
Signature sig)
Field Summary | |
static int |
MODE_BASE64_PKCS7
|
static int |
MODE_BASE64_X509
|
static int |
MODE_RAW_PKCS7
|
static int |
MODE_RAW_X509
|
Constructor Summary | |
X509CertGen()
Default constructor |
|
X509CertGen(PrivateKey key,
String alg,
String provider,
X509Certificate cert)
Constructs X509CertGen from the signer's private key,
the signature algorithm, the provider for the Signature
object to be used and the signer's certificate. |
|
X509CertGen(PrivateKey key,
String alg,
X509Certificate cert)
Constructs X509CertGen from the signer's private
key, the signature algorithm and signer's certificate |
|
X509CertGen(Signature sigObject,
X509Certificate cert)
Constructs X509CertGen from a(n initialized)
Signature object. |
|
X509CertGen(String issName,
Signature sig)
Constructor using IssuerName and Signature (useful for generating self-signed certificates) |
Method Summary | |
X509Certificate |
getCertificate()
Returns the X.509 certificate being generated by this X509CertGen object. |
byte[] |
getEncoded(int mode)
Returns the DER encoding of the certificate generated by this X509CertGen object. |
void |
processPKCS10(byte[] reqEncoding)
Process a PKCS10 Certification Request. |
void |
reset()
Resets X509CertGen object so that a new User Certificate can be generated. |
void |
setAuthorityKeyIdentifier(byte[] keyId)
Set the issuer's AuthorityKeyIdentifier
extension for this certificate. |
void |
setBasicConstraints(boolean isCA,
int length)
Set the Basic Constraints extension of this certificate. |
void |
setIssuerDirectoryName(String name)
Set the issuer's DirectoryName as part of the IssuerAltName
extension for this certificate. |
void |
setIssuerDNSName(String name)
Set the issuer's DNSName as part of the IssuerAltName
extension for this certificate. |
void |
setIssuerEmail(String email)
Set the issuer's e-mail address as part of the IssuerAltName
extension for this certificate. |
void |
setIssuerIPAddress(String name)
Set the issuer's IP address as part of the IssuerAltName
extension for this certificate. |
void |
setIssuerURL(String name)
Set the issuer's URL as part of the IssuerAltName
extension for this certificate. |
void |
setKeyUsage(boolean[] usage)
Set the Key Usage extension of this certificate. |
void |
setNetscapeCertType(boolean[] usage)
Set the NetscapeCertType
extension for this certificate. |
void |
setPublicKey(PublicKey pubKey)
Set the subject's PublicKey in this certificate. |
void |
setSerialNumber(BigInteger serial)
Set the serial number of this certificate. |
void |
setSubjectDirectoryName(String name)
Set the subject's DirectoryName as part of the SubjectAltName
extension for this certificate. |
void |
setSubjectDN(String dn)
Set the subject's Distinguished Name (DN). |
void |
setSubjectDNSName(String name)
Set the subject's DNSName as part of the SubjectAltName
extension for this certificate. |
void |
setSubjectEmail(String email)
Set the subject's e-mail address as part of the SubjectAltName
extension for this certificate. |
void |
setSubjectIPAddress(String name)
Set the subject's IP address as part of the SubjectAltName
extension for this certificate. |
void |
setSubjectKeyIdentifier(byte[] keyId)
Set the subject's SubjectKeyIdentifier
extension for this certificate. |
void |
setSubjectURL(String name)
Set the subject's URL as part of the SubjectAltName
extension for this certificate. |
void |
setValidity(Date notBefore,
Date notAfter)
Set the validity period of this certificate. |
void |
setValidity(int days)
Set the validity period (in days) of this certificate. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final int MODE_RAW_X509
public static final int MODE_RAW_PKCS7
public static final int MODE_BASE64_X509
public static final int MODE_BASE64_PKCS7
Constructor Detail |
public X509CertGen()
public X509CertGen(PrivateKey key, String alg, X509Certificate cert) throws X509CertGenException
Constructs X509CertGen
from the signer's private
key, the signature algorithm and signer's certificate
key
- the signer's private key.alg
- the algorithm used to sign the certificate.cert
- the signer's certificate (the CA cert).public X509CertGen(PrivateKey key, String alg, String provider, X509Certificate cert) throws X509CertGenException
Constructs X509CertGen
from the signer's private key,
the signature algorithm, the provider for the Signature
object to be used and the signer's certificate.
key
- the signer's private key.alg
- the algorithm used to sign the certificate.provider
- the provider to use for the internal Signature
instance.cert
- the signer's certificate (the CA cert).public X509CertGen(Signature sigObject, X509Certificate cert)
Constructs X509CertGen
from a(n initialized)
Signature
object.
sigObject
- the (initialized) Signature
object used
to sign the certificate.cert
- the signer's certificate (the CA cert).public X509CertGen(String issName, Signature sig)
issName
- String
representing the X500Name of
the issuer.sig
- the (initialized) Signature
object used
to sign the certificate.Method Detail |
public void setPublicKey(PublicKey pubKey)
Set the subject's PublicKey
in this certificate.
pubkey
- the subject's public key.public void setSerialNumber(BigInteger serial)
Set the serial number of this certificate.
serial
- the serial number of this certificate.public void setSubjectDN(String dn)
Set the subject's Distinguished Name (DN).
The Distinguished Name is a String consisting of a sequence of type-value pairs separated by commas. Currently, the following types are supported:
CN - common name C - country S(T) - state L - locality O - organization OU - organizational unit EmailAddress - e-mail address
Note: It is recommended that e-mail addresses are set using the setSubjectEmail() method, which places the e-mail address in the SubjectAltName extension to the certificate, rather than in the subject's DN.
dn
- the subject's Distinguished Name (DN).public void setValidity(int days)
Set the validity period (in days) of this certificate.
days
- the validity period of this certificate.public void setValidity(Date notBefore, Date notAfter)
Set the validity period of this certificate.
notBefore
- the date before which the certificate is invalid.notAfter
- the date after which the certificate is invalid.public void setBasicConstraints(boolean isCA, int length)
Set the Basic Constraints extension of this certificate.
isCA
- true if this certificate is a CA certificate.length
- if isCA == true
this parameter sets
the maximum number of CA certificates that may follow this certificate
in the certification path.public void setKeyUsage(boolean[] usage) throws X509CertGenException
Set the Key Usage extension of this certificate.
The Key Usage extension is described by a boolean array indicating the purposes for which the public key in this certificate can be used. The entries of the array are described as follows:
digitalSignature [0] nonRepudiation [1] keyEncipherment [2] dataEncipherment [3] keyAgreement [4] keyCertSign [5] cRLSign [6] encipherOnly [7] decipherOnly [8]
usage
- an array of boolean values indicating the usage of the
public key in this certificate.public void setSubjectEmail(String email)
Set the subject's e-mail address as part of the SubjectAltName
extension for this certificate.
email
- the subject's e-mail address.public void setSubjectDNSName(String name)
Set the subject's DNSName as part of the SubjectAltName
extension for this certificate.
name
- the subject's DNSName.public void setSubjectDirectoryName(String name)
Set the subject's DirectoryName as part of the SubjectAltName
extension for this certificate.
name
- the subject's DirectoryName.public void setSubjectURL(String name)
Set the subject's URL as part of the SubjectAltName
extension for this certificate.
name
- the subject's URL.public void setSubjectIPAddress(String name)
Set the subject's IP address as part of the SubjectAltName
extension for this certificate.
name
- the subject's IP address.public void setIssuerEmail(String email)
Set the issuer's e-mail address as part of the IssuerAltName
extension for this certificate.
email
- the issuer's e-mail address.public void setIssuerDNSName(String name)
Set the issuer's DNSName as part of the IssuerAltName
extension for this certificate.
name
- the issuer's DNSName.public void setIssuerDirectoryName(String name)
Set the issuer's DirectoryName as part of the IssuerAltName
extension for this certificate.
name
- the issuer's DirectoryName.public void setIssuerURL(String name)
Set the issuer's URL as part of the IssuerAltName
extension for this certificate.
name
- the issuer's URL.public void setIssuerIPAddress(String name)
Set the issuer's IP address as part of the IssuerAltName
extension for this certificate.
name
- the issuer's IP address.public void setSubjectKeyIdentifier(byte[] keyId) throws X509CertGenException
Set the subject's SubjectKeyIdentifier
extension for this certificate.
keyId
- a byte array which identifies the subject's key pair.public void setAuthorityKeyIdentifier(byte[] keyId) throws X509CertGenException
Set the issuer's AuthorityKeyIdentifier
extension for this certificate.
keyId
- a byte array which identifies the issuer's key pair.public void setNetscapeCertType(boolean[] usage)
Set the NetscapeCertType
extension for this certificate.
The NetscapeCertType extension is described by a boolean array indicating the purposes for which this certificate should be used. The entries of the array are described as follows:
SSL_CLIENT [0] SSL_SERVER [1] SMIME [2] OBJECT_SIGNING [3] SSL_CA [4] SMIME_CA [5] OBJECT_SIGNING_CA [6]
usage
- an array of boolean values indicating the usage of the
this certificate in a Netscape application.public void processPKCS10(byte[] reqEncoding) throws X509CertGenException
Process a PKCS10 Certification Request.
Note: CA must still manually set the Validity and Serial Number.
reqEncoding
- the DER encoding of the PKCS10 Certification
Request.public X509Certificate getCertificate() throws X509CertGenException
Returns the X.509 certificate being generated by this
X509CertGen
object.
java.security.cert.X509Certificate
generated by this object.public byte[] getEncoded(int mode) throws X509CertGenException
Returns the DER encoding of the certificate generated by this
X509CertGen
object.
The certificate can be returned in one of 4 different ways:
in either X.509 or PKCS7 (generated certificate + CA certificate)
format, and either as a raw DER encoding, or as a Base64 encoding
with the contents bounded by -----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
(for X.509) or
-----BEGIN PKCS7-----
-----END PKCS7-----
(for PKCS7). The return mode is described by the following input
arguments:
MODE_RAW_X509 = 0 MODE_RAW_PKCS7 = 1 MODE_BASE64_X509 = 2 MODE_BASE64_PKCS7 = 3For example, to create an ascii file "foo.crt" containing the base64 encoding of the certificate, one might use the following code:
X509CertGen cg = new X509CertGen(sig, caCert);
// set the various fields here
byte[] c = cg.getEncoded(2);
FileOutputStream fos = new FileOutputStream("foo.crt");
fos.write(c);
fos.close();
mode
- the mode describing the format of the returned
certificate.public void reset() throws X509CertGenException
Resets X509CertGen object so that a new User Certificate can be generated.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |