Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.eparapher.core.crypto.cert
Class CertificateManager

java.lang.Object
  extended by org.eparapher.core.crypto.cert.CertificateManager

public class CertificateManager
extends Object

Constructor Summary
CertificateManager()
           
 
Method Summary
static X509Certificate[] buildChain(X509Certificate[] certs)
           
static String createSigningRequest(NewCertParams params, KeyPair keypair)
          Create a PKSC10 certification signing request using the Bouncycastle provider.
static String createSigningRequest(X509Certificate cert, PrivateKey privKey)
          Creates and returns the content of a new singing request for the specified certificate.
static X509Certificate createX509V3Certificate(KeyPair kp, int months, String issuerDN, String subjectDN, String domain, String signAlgoritm)
          Creates an X509 version3 certificate.
static List<X509Certificate> establishCertChain(X509Certificate certificate, boolean trustCACerts)
           
static KeyPair generateECKeyPair(String ecspecs)
           
static KeyPair generateKeyPair(NewCertParams params)
           
static KeyPair generateKeyPair(String algorithm, int keysize)
           
static KeyPair generateKeyPair(String algorithm, int keysize, String provider)
          Returns a new public & private key with the specified algorithm (e.g.
static X509Certificate[] generateNewCertificate(NewCertParams params, KeyPair keypair)
           
static X509CRL getCRLFromCertCDP(X509Certificate certificate)
           
static List<String> getPeerIdentities(X509Certificate x509Certificate)
          Returns the identities of the remote server as defined in the specified certificate.
static boolean isDSACertificate(KeyStore ksKeys, String domain)
          Returns true if an DSA certificate was found in the specified keystore for the specified domain.
static boolean isDSACertificate(X509Certificate certificate)
          Returns true if the specified certificate is using the DSA algorithm.
static boolean isECCertificate(X509Certificate certificate)
          Returns true if the specified certificate is using the Elliptic Curve (EC) algorithm.
static boolean isRSACertificate(KeyStore ksKeys, String domain)
          Returns true if an RSA certificate was found in the specified keystore for the specified domain.
static boolean isValidKeyUsageForEncryption(X509Certificate cert)
           
static boolean isValidKeyUsageForNonRepudiation(X509Certificate cert)
           
static boolean isValidKeyUsageForSignature(X509Certificate cert)
           
static boolean validateCertChain(X509Certificate[] certificate, boolean trustCACerts)
           
static boolean verify(X509Certificate certificate, Collection<X509Certificate[]> caCertPath)
          Check the certificate with CA certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateManager

public CertificateManager()
Method Detail

getPeerIdentities

public static List<String> getPeerIdentities(X509Certificate x509Certificate)
Returns the identities of the remote server as defined in the specified certificate. The identities are defined in the subjectDN of the certificate and it can also be defined in the subjectAltName extensions of type "xmpp". When the extension is being used then the identities defined in the extension are going to be returned. Otherwise, the value stored in the subjectDN is returned.

Parameters:
x509Certificate - the certificate the holds the identities of the remote server.
Returns:
the identities of the remote server as defined in the specified certificate.

isValidKeyUsageForEncryption

public static boolean isValidKeyUsageForEncryption(X509Certificate cert)

isValidKeyUsageForNonRepudiation

public static boolean isValidKeyUsageForNonRepudiation(X509Certificate cert)

isValidKeyUsageForSignature

public static boolean isValidKeyUsageForSignature(X509Certificate cert)

isRSACertificate

public static boolean isRSACertificate(KeyStore ksKeys,
                                       String domain)
                                throws KeyStoreException
Returns true if an RSA certificate was found in the specified keystore for the specified domain.

Parameters:
ksKeys - the keystore that contains the certificates.
domain - domain of the server signed by the certificate.
Returns:
true if an RSA certificate was found in the specified keystore for the specified domain.
Throws:
KeyStoreException

isDSACertificate

public static boolean isDSACertificate(KeyStore ksKeys,
                                       String domain)
                                throws KeyStoreException
Returns true if an DSA certificate was found in the specified keystore for the specified domain.

Parameters:
ksKeys - the keystore that contains the certificates.
domain - domain of the server signed by the certificate.
Returns:
true if an DSA certificate was found in the specified keystore for the specified domain.
Throws:
KeyStoreException

isDSACertificate

public static boolean isDSACertificate(X509Certificate certificate)
                                throws KeyStoreException
Returns true if the specified certificate is using the DSA algorithm. The DSA algorithm is not good for encryption but only for authentication. On the other hand, the RSA algorithm is good for encryption and authentication.

Parameters:
certificate - the certificate to analyze.
Returns:
true if the specified certificate is using the DSA algorithm.
Throws:
KeyStoreException

isECCertificate

public static boolean isECCertificate(X509Certificate certificate)
                               throws KeyStoreException
Returns true if the specified certificate is using the Elliptic Curve (EC) algorithm. This algorithm is good for signature operations.

Parameters:
certificate - the certificate to analyze.
Returns:
true if the specified certificate is using the DSA algorithm.
Throws:
KeyStoreException

createSigningRequest

public static String createSigningRequest(X509Certificate cert,
                                          PrivateKey privKey)
                                   throws Exception
Creates and returns the content of a new singing request for the specified certificate. Signing requests are required by Certificate Authorities as part of their signing process. The signing request contains information about the certificate issuer, subject DN, subject alternative names and public key. Private keys are not included. After the Certificate Authority verified and signed the certificate a new certificate is going to be returned. Use #installReply(java.security.KeyStore, java.security.KeyStore, String, String, java.io.InputStream, boolean, boolean) to import the CA reply.

Parameters:
cert - the certificate to create a signing request.
privKey - the private key of the certificate.
Returns:
the content of a new singing request for the specified certificate.
Throws:
Exception

createSigningRequest

public static String createSigningRequest(NewCertParams params,
                                          KeyPair keypair)
                                   throws InvalidKeyException,
                                          NoSuchAlgorithmException,
                                          NoSuchProviderException,
                                          SignatureException,
                                          IOException
Create a PKSC10 certification signing request using the Bouncycastle provider.
Save the CSR in a file.

Parameters:
params -
Returns:
the filename that contains the CSR
Throws:
SignatureException
NoSuchProviderException
NoSuchAlgorithmException
InvalidKeyException
IOException

generateNewCertificate

public static X509Certificate[] generateNewCertificate(NewCertParams params,
                                                       KeyPair keypair)
                                                throws CertificateEncodingException,
                                                       InvalidKeyException,
                                                       IllegalStateException,
                                                       NoSuchAlgorithmException,
                                                       SignatureException,
                                                       IOException,
                                                       NoSuchProviderException
Throws:
CertificateEncodingException
InvalidKeyException
IllegalStateException
NoSuchAlgorithmException
SignatureException
IOException
NoSuchProviderException

validateCertChain

public static boolean validateCertChain(X509Certificate[] certificate,
                                        boolean trustCACerts)
                                 throws Exception
Throws:
Exception

establishCertChain

public static List<X509Certificate> establishCertChain(X509Certificate certificate,
                                                       boolean trustCACerts)
                                                throws Exception
Throws:
Exception

createX509V3Certificate

public static X509Certificate createX509V3Certificate(KeyPair kp,
                                                      int months,
                                                      String issuerDN,
                                                      String subjectDN,
                                                      String domain,
                                                      String signAlgoritm)
                                               throws GeneralSecurityException,
                                                      IOException
Creates an X509 version3 certificate.

Parameters:
kp - KeyPair that keeps the public and private keys for the new certificate.
months - time to live
issuerDN - Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
subjectDN - Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
domain - Domain of the server.
signAlgoritm - Signature algorithm. This can be either a name or an OID.
Returns:
X509 V3 Certificate
Throws:
GeneralSecurityException
IOException

getCRLFromCertCDP

public static X509CRL getCRLFromCertCDP(X509Certificate certificate)
                                 throws CertificateParsingException
Throws:
CertificateParsingException

generateKeyPair

public static KeyPair generateKeyPair(NewCertParams params)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException,
                                      InvalidAlgorithmParameterException
Throws:
NoSuchAlgorithmException
NoSuchProviderException
InvalidAlgorithmParameterException

generateKeyPair

public static KeyPair generateKeyPair(String algorithm,
                                      int keysize,
                                      String provider)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException
Returns a new public & private key with the specified algorithm (e.g. DSA, RSA, etc.).

Parameters:
algorithm - DSA, RSA, etc.
keysize - the keysize. This is an algorithm-specific metric, such as modulus length, specified in number of bits.
Returns:
a new public & private key with the specified algorithm (e.g. DSA, RSA, etc.).
Throws:
NoSuchAlgorithmException
NoSuchProviderException
GeneralSecurityException

generateKeyPair

public static KeyPair generateKeyPair(String algorithm,
                                      int keysize)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException
Throws:
NoSuchAlgorithmException
NoSuchProviderException

generateECKeyPair

public static KeyPair generateECKeyPair(String ecspecs)
                                 throws NoSuchAlgorithmException,
                                        NoSuchProviderException,
                                        InvalidAlgorithmParameterException
Throws:
NoSuchAlgorithmException
NoSuchProviderException
InvalidAlgorithmParameterException

verify

public static boolean verify(X509Certificate certificate,
                             Collection<X509Certificate[]> caCertPath)
                      throws Exception
Check the certificate with CA certificate.

Parameters:
certificate - cert to verify
caCertPath - collection of X509Certificate
Returns:
true if verified OK, false if not
Throws:
Exception

buildChain

public static X509Certificate[] buildChain(X509Certificate[] certs)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009 eParapher Software Foundation. All Rights Reserved.