Modifier and Type | Field | Description |
---|---|---|
protected String |
baseCaCert |
CA entry point: CA cert
|
protected String |
baseQuery |
CA entry point: query
|
protected String |
baseSubmit |
CA entry point: submission
|
protected static X509Certificate |
cacert |
CA certificate (cached)
|
protected String |
caDN |
CA DN
|
protected static Logger |
logger |
Constructor | Description |
---|---|
DutchGridCA() |
Create new DutchGridCA
|
Modifier and Type | Method | Description |
---|---|---|
X509Certificate |
downloadCertificate(PKCS10CertificationRequest req,
Properties info) |
Download a certificate from the DutchGrid CA
|
String |
encodeCertificationRequest(PKCS10CertificationRequest req,
Properties info) |
Just returns the PEM encoded version of the request.
|
X509Certificate |
getCACertificate() |
Return the CA certificate
|
boolean |
isCertificationRequestProcessed(PKCS10CertificationRequest req,
Properties info) |
Checks to see if a certificate signing request was processed by a CA.
|
boolean |
isIssuer(X509Certificate cert) |
Return whether a certificate was issued by this CA
|
String |
signCertificationRequest(PKCS10CertificationRequest req,
Properties info,
PrivateKey oldKey,
X509Certificate oldCert) |
PEM-encodes request and puts it in a S/MIME signed form.
|
void |
uploadCertificationRequest(String req,
Properties info) |
Uploads a user certificate signing request onto the DutchGrid CA.
|
protected static final Logger logger
protected String baseSubmit
protected String baseQuery
protected String baseCaCert
protected String caDN
protected static X509Certificate cacert
public DutchGridCA() throws NoSuchAlgorithmException, KeyManagementException
public String encodeCertificationRequest(PKCS10CertificationRequest req, Properties info) throws IOException
encodeCertificationRequest
in interface CA
req
- certificate signing requestinfo
- extra information that may be sent with the request (implementation-dependent)IOException
public String signCertificationRequest(PKCS10CertificationRequest req, Properties info, PrivateKey oldKey, X509Certificate oldCert) throws IOException
Sets the property renewal
to true
.
signCertificationRequest
in interface CA
req
- certificate signing requestinfo
- extra information that may be sent with the request (implementation-dependent)oldKey
- key to sign request witholdCert
- certificate to sign request withIOException
public void uploadCertificationRequest(String req, Properties info) throws IOException
The field email
is used to supply the user's email address to the CA
for notifying the user when the request is processed, and the field agreecps
must be true
to succeed; the latter corresponds to the "I agree to the
privacy policy" checkbox on the website. The field fullname
should contain
the user's full name. The optional field comments
is used for additional
comments.
uploadCertificationRequest
in interface CA
req
- certification signing requestinfo
- extra information that may be sent with the request (implementation-dependant); email
, fullname
and agreecps
are used here.IOException
public boolean isCertificationRequestProcessed(PKCS10CertificationRequest req, Properties info) throws IOException
CA
When true, the certificate can be downloaded using CA.downloadCertificate(org.bouncycastle.jce.PKCS10CertificationRequest, java.util.Properties)
.
Implementers of this CA interface could, for example, just return if
CA.downloadCertificate(org.bouncycastle.jce.PKCS10CertificationRequest, java.util.Properties)
would complete without errors, optionally caching the
fetched certificate.
isCertificationRequestProcessed
in interface CA
req
- the certificate signing request that was sentinfo
- properties supplied to previous methods as wellIOException
public X509Certificate downloadCertificate(PKCS10CertificationRequest req, Properties info) throws IOException
downloadCertificate
in interface CA
req
- the certificate signing request that was sentinfo
- properties supplied to previous methods as well (not used by DutchGridCA)IOException
public X509Certificate getCACertificate() throws IOException
CA certificate is downloaded once each program run.
getCACertificate
in interface CA
IOException
public boolean isIssuer(X509Certificate cert)
Copyright © 2010-2018 Nikhef / Stichting FOM. All Rights Reserved.