Class KeyCertUtil
java.lang.Object
com.netscape.cmscore.security.KeyCertUtil
This class provides all the base methods to generate the key for different
kinds of certificates.
- Version:
- $Revision$, $Date$
- Author:
- Christine Ho
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidaddCertToDB(netscape.ldap.LDAPConnection conn, String dn, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static Stringbase64Encode(byte[] bytes) static voidstatic byte[]convertB64EToByteArray(String b64E) static org.mozilla.jss.netscape.security.x509.KeyIdentifiercreateKeyIdentifier(KeyPair keypair) static KeyPairgenerateKeyPair(String tokenName, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) static KeyPairgenerateKeyPair(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyPairAlgorithm kpAlg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) static org.mozilla.jss.netscape.security.x509.AlgorithmIdgetAlgorithmId(String algname, IConfigStore store) static org.mozilla.jss.crypto.PQGParamsgetCAPQG(int keysize, IConfigStore store) static org.mozilla.jss.crypto.X509CertificategetCertificate(String tokenname, String nickname) static org.mozilla.jss.netscape.security.pkcs.PKCS10getCertRequest(String subjectName, KeyPair keyPair) static org.mozilla.jss.netscape.security.pkcs.PKCS10getCertRequest(String subjectName, KeyPair keyPair, org.mozilla.jss.netscape.security.x509.Extensions exts) static StringgetCertSubjectName(String tokenname, String nickname) static org.mozilla.jss.netscape.security.x509.CertificateExtensionsgetExtensions(String tokenname, String nickname) static org.mozilla.jss.crypto.X509CertificategetInternalCertificate(byte[] b, String nickname, String certType) static KeyPairgetKeyPair(String tokenname, String nickname) static org.mozilla.jss.crypto.PQGParamsgetPQG(int keysize) static PrivateKeygetPrivateKey(String tokenname, String nickname) static BigIntegergetSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN) static org.mozilla.jss.crypto.SignatureAlgorithmgetSigningAlgorithm(String keyType) static org.mozilla.jss.crypto.SignatureAlgorithmgetSigningAlgorithm(String keyType, String hashtype) static StringgetTokenNames(org.mozilla.jss.CryptoManager manager) static org.mozilla.jss.crypto.X509CertificateimportCert(byte[] b, String nickname, String certType) static org.mozilla.jss.crypto.X509CertificateimportCert(String b64E, String nickname, String certType) static org.mozilla.jss.crypto.X509CertificateimportCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) static booleanisBadDSAKeyPair(KeyPair pair) Test for a DSA key pair that will trigger a bug in NSS.static byte[]makeDSSParms(BigInteger P, BigInteger Q, BigInteger G) static voidsetAuthInfoAccess(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetAuthorityKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetBasicConstraintsExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetDERExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test with configuration wizard: MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==static voidsetExtendedKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, org.mozilla.jss.netscape.security.x509.KeyUsageExtension keyUsage) static voidsetNetscapeCertificateExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetOCSPNoCheck(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetOCSPSigning(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidsetSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN, BigInteger serial) static voidsetSubjectKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static voidstatic org.mozilla.jss.netscape.security.x509.X509CertImplsignCert(PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CA_SIGNINGCERT_NICKNAME
- See Also:
-
-
Constructor Details
-
KeyCertUtil
public KeyCertUtil()
-
-
Method Details
-
checkCertificateExt
- Throws:
EBaseException
-
getTokenNames
public static String getTokenNames(org.mozilla.jss.CryptoManager manager) throws org.mozilla.jss.crypto.TokenException - Throws:
org.mozilla.jss.crypto.TokenException
-
base64Encode
- Throws:
IOException
-
makeDSSParms
- Throws:
IOException
-
getPrivateKey
public static PrivateKey getPrivateKey(String tokenname, String nickname) throws org.mozilla.jss.crypto.TokenException, EBaseException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.NotInitializedException, CertificateException, CertificateEncodingException, EBaseException, org.mozilla.jss.crypto.ObjectNotFoundException - Throws:
org.mozilla.jss.crypto.TokenExceptionEBaseExceptionorg.mozilla.jss.NoSuchTokenExceptionorg.mozilla.jss.NotInitializedExceptionCertificateExceptionCertificateEncodingExceptionorg.mozilla.jss.crypto.ObjectNotFoundException
-
getCertSubjectName
public static String getCertSubjectName(String tokenname, String nickname) throws org.mozilla.jss.crypto.TokenException, EBaseException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.NotInitializedException, CertificateException, CertificateEncodingException, EBaseException - Throws:
org.mozilla.jss.crypto.TokenExceptionEBaseExceptionorg.mozilla.jss.NoSuchTokenExceptionorg.mozilla.jss.NotInitializedExceptionCertificateExceptionCertificateEncodingException
-
signCert
public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert(PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg) throws org.mozilla.jss.NoSuchTokenException, EBaseException, org.mozilla.jss.NotInitializedException - Throws:
org.mozilla.jss.NoSuchTokenExceptionEBaseExceptionorg.mozilla.jss.NotInitializedException
-
getSigningAlgorithm
-
getSigningAlgorithm
-
getAlgorithmId
public static org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException - Throws:
EBaseException
-
getCertificate
public static org.mozilla.jss.crypto.X509Certificate getCertificate(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.NoSuchTokenException, EBaseException, org.mozilla.jss.crypto.TokenException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.NoSuchTokenExceptionEBaseExceptionorg.mozilla.jss.crypto.TokenException
-
getKeyPair
public static KeyPair getKeyPair(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, EBaseException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.NoSuchTokenExceptionorg.mozilla.jss.crypto.TokenExceptionorg.mozilla.jss.crypto.ObjectNotFoundExceptionEBaseException
-
getPQG
public static org.mozilla.jss.crypto.PQGParams getPQG(int keysize) -
getCAPQG
public static org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, IConfigStore store) throws EBaseException - Throws:
EBaseException
-
generateKeyPair
public static KeyPair generateKeyPair(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyPairAlgorithm kpAlg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws NoSuchAlgorithmException, org.mozilla.jss.crypto.TokenException, InvalidAlgorithmParameterException, InvalidParameterException, org.mozilla.jss.crypto.PQGParamGenException - Throws:
NoSuchAlgorithmExceptionorg.mozilla.jss.crypto.TokenExceptionInvalidAlgorithmParameterExceptionInvalidParameterExceptionorg.mozilla.jss.crypto.PQGParamGenException
-
isBadDSAKeyPair
Test for a DSA key pair that will trigger a bug in NSS. The problem occurs when the first byte of the key is 0. This happens when the value otherwise would have been negative, and a zero byte is prepended to force it to be positive. This is blackflag bug 602548. -
generateKeyPair
public static KeyPair generateKeyPair(String tokenName, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException - Throws:
EBaseException
-
getCertRequest
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 getCertRequest(String subjectName, KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException -
getCertRequest
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 getCertRequest(String subjectName, KeyPair keyPair, org.mozilla.jss.netscape.security.x509.Extensions exts) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException -
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.crypto.TokenExceptionCertificateEncodingExceptionorg.mozilla.jss.UserCertConflictExceptionorg.mozilla.jss.NicknameConflictExceptionorg.mozilla.jss.crypto.NoSuchItemOnTokenExceptionCertificateException
-
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(String b64E, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.crypto.TokenExceptionCertificateEncodingExceptionorg.mozilla.jss.UserCertConflictExceptionorg.mozilla.jss.NicknameConflictExceptionorg.mozilla.jss.crypto.NoSuchItemOnTokenExceptionCertificateException
-
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(byte[] b, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.crypto.TokenExceptionCertificateEncodingExceptionorg.mozilla.jss.UserCertConflictExceptionorg.mozilla.jss.NicknameConflictExceptionorg.mozilla.jss.crypto.NoSuchItemOnTokenExceptionCertificateException
-
getInternalCertificate
public static org.mozilla.jss.crypto.X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.crypto.TokenExceptionCertificateEncodingExceptionorg.mozilla.jss.UserCertConflictExceptionorg.mozilla.jss.NicknameConflictExceptionorg.mozilla.jss.crypto.NoSuchItemOnTokenExceptionCertificateException
-
setTrust
-
convertB64EToByteArray
- Throws:
CertificateExceptionIOException
-
setDERExtension
public static void setDERExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test with configuration wizard: MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==- Throws:
IOException
-
setBasicConstraintsExtension
public static void setBasicConstraintsExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException - Throws:
IOException
-
setExtendedKeyUsageExtension
public static void setExtendedKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException - Throws:
IOExceptionCertificateException
-
setNetscapeCertificateExtension
public static void setNetscapeCertificateExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException - Throws:
IOExceptionCertificateException
-
setOCSPNoCheck
public static void setOCSPNoCheck(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setOCSPSigning
public static void setOCSPSigning(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setAuthInfoAccess
public static void setAuthInfoAccess(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setAuthorityKeyIdentifier
public static void setAuthorityKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setSubjectKeyIdentifier
public static void setSubjectKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setKeyUsageExtension
public static void setKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, org.mozilla.jss.netscape.security.x509.KeyUsageExtension keyUsage) throws IOException - Throws:
IOException
-
createKeyIdentifier
public static org.mozilla.jss.netscape.security.x509.KeyIdentifier createKeyIdentifier(KeyPair keypair) throws NoSuchAlgorithmException, InvalidKeyException -
getSerialNumber
public static BigInteger getSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPExceptionEBaseException
-
setSerialNumber
public static void setSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN, BigInteger serial) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPExceptionEBaseException
-
addCertToDB
public static void addCertToDB(netscape.ldap.LDAPConnection conn, String dn, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPExceptionEBaseException
-
getExtensions
public static org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, IOException, CertificateException - Throws:
org.mozilla.jss.NotInitializedExceptionorg.mozilla.jss.crypto.TokenExceptionorg.mozilla.jss.crypto.ObjectNotFoundExceptionIOExceptionCertificateException
-