CA
public class LocalCA extends Object implements CA
This implementation is meant for testing.
System properties used:
Modifier and Type | Field | Description |
---|---|---|
protected HashMap<String,X509Certificate> |
cacerts |
temporary CA certificate for different keyalgorithms used to sign requests (generated at instantiation)
|
protected static String |
caDN |
DN of local CA
|
protected HashMap<String,PrivateKey> |
cakeys |
temporary CA private key for different keyalgorithms used to sign requests (generated at instantiation)
|
protected static Logger |
logger |
|
protected static int |
serial |
serial number of last generated certificate
|
protected static int |
validtime |
number of seconds into the future generated certificates are valid
|
Constructor | Description |
---|---|
LocalCA() |
Creates a new LocalCA and generates a self-signed certificate to
sign with.
|
Modifier and Type | Method | Description |
---|---|---|
X509Certificate |
downloadCertificate(PKCS10CertificationRequest req,
Properties info) |
Creates and returns a certificate for the request.
|
String |
encodeCertificationRequest(PKCS10CertificationRequest req,
Properties info) |
Just returns the PEM encoded version of the request.
|
protected void |
generateCaCert(String keyalgname) |
Generates a new CA key/certificate combination for the given algorithm
|
protected X509Certificate |
getCaCert(String keyalgname) |
Return CA certificate for key algorithm.
|
X509Certificate |
getCACertificate() |
Return default CA certificate, which is for the RSA algorithm.
|
X509Certificate |
getCACertificate(String keyalgname) |
|
protected PrivateKey |
getCaKey(String keyalgname) |
Return CA private key for key algorithm.
|
boolean |
isCertificationRequestProcessed(PKCS10CertificationRequest req,
Properties info) |
This local CA always processes a certificate on the fly, so it returns always true.
|
boolean |
isIssuer(X509Certificate cert) |
Return whether a certificate was issued by this CA
|
String |
signCertificationRequest(PKCS10CertificationRequest req,
Properties info,
PrivateKey oldKey,
X509Certificate oldCert) |
LocalCA does no renewals, so this is equal to
#encodeCertificationRequest |
void |
uploadCertificationRequest(String req,
Properties info) |
Obtain a new serial number for the certificate signing request / certificate
|
protected static final Logger logger
protected HashMap<String,X509Certificate> cacerts
protected HashMap<String,PrivateKey> cakeys
protected static int serial
protected static String caDN
protected static int validtime
public LocalCA() throws CertificateException, KeyException, NoSuchAlgorithmException, IllegalStateException, NoSuchProviderException, SignatureException
By default, an RSA CA certificate is generated. If other key algorithms (like DSA or ECDSA) are discovered in a CSR, a new CA of that type is generated on the fly.
protected void generateCaCert(String keyalgname) throws CertificateException, KeyException, NoSuchAlgorithmException, IllegalStateException, NoSuchProviderException, SignatureException
protected X509Certificate getCaCert(String keyalgname) throws IOException
If no CA certificate for that key algorithm name exists, generate one on the fly.
keyalgname
- key algorithmIOException
- when CA generation failsprotected PrivateKey getCaKey(String keyalgname) throws IOException
If no CA key for that key algorithm name exists, generate one on the fly.
keyalgname
- key algorithmIOException
- when CA generation failspublic String encodeCertificationRequest(PKCS10CertificationRequest req, Properties info) throws IOException
encodeCertificationRequest
in interface CA
req
- certificate signing requestinfo
- extra information that may be sent with the request (implementation-dependent)IOException
public String signCertificationRequest(PKCS10CertificationRequest req, Properties info, PrivateKey oldKey, X509Certificate oldCert) throws IOException
#encodeCertificationRequest
signCertificationRequest
in interface CA
req
- certificate signing requestinfo
- extra information that may be sent with the request (implementation-dependent)oldKey
- key to sign request witholdCert
- certificate to sign request withIOException
public void uploadCertificationRequest(String req, Properties info) throws IOException
uploadCertificationRequest
in interface CA
req
- certification signing requestinfo
- extra information that may be sent with the request (implementation-dependant)IOException
public boolean isCertificationRequestProcessed(PKCS10CertificationRequest req, Properties info) throws IOException
isCertificationRequestProcessed
in interface CA
req
- the certificate signing request that was sentinfo
- properties supplied to previous methods as wellIOException
public X509Certificate downloadCertificate(PKCS10CertificationRequest req, Properties info) throws IOException
downloadCertificate
in interface CA
req
- the certificate signing request that was sentinfo
- properties supplied to previous methods as wellIOException
public X509Certificate getCACertificate(String keyalgname) throws IOException
IOException
public X509Certificate getCACertificate() throws IOException
getCACertificate
in interface CA
IOException
public boolean isIssuer(X509Certificate cert)
Copyright © 2010-2018 Nikhef / Stichting FOM. All Rights Reserved.