Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.novell.security.japi.pki
Class NPKITcertificate

java.lang.Object
  |
  +--com.novell.security.japi.pki.NPKIToolbox
        |
        +--com.novell.security.japi.pki.NPKITcertificate
public class NPKITcertificate
extends NPKIToolbox

This class can be used to create PKCS#10 CSRs (Certificate Signing Requests), self-signed certificates, and their matching wrapped private keys. It can used to sign certificates and to create various ASN.1 encoded extension to be used when creating or signing certificates.

Field Summary
static int NPKI_CSR
          Used to specify that a PKCS#10 CSR (Certificate Signing Request) should be created.
static int NPKI_KEY_DEFAULT
          Used to specify the default key generation options.
static int NPKI_RAW_PRIVATE_KEY
          Use this flag to indicate a raw private key (PKCS#1).
static int NPKI_RAW_PRIVATE_KEY_INFO
          Use this flag to indicate raw private key info (PKCS#8).
static int NPKI_SELF_SIGNED_CERTIFICATE
          Used to specify that a self-signed certificate should be created.
static int NPKI_WRAPPED_PRIVATE_KEY
          Converts Key flags.
static int X509_CA
          Specifies that the certificate is a CA (Certificate Authoruty).
static int X509_CA_PATH_LENGTH_UNLIMITED
          Specifies that the path constraint (or path length) is unlimited.
static int X509_EXTENDED_KEY_USAGE_ANY
          Designates that any Extended Key Usage is acceptable.
static int X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION
          Designates that the key is to be used for client authenticateion.
static int X509_EXTENDED_KEY_USAGE_CODE_SIGNING
          Designates that the key is to be used for code signing.
static int X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
          Designates that the key is to be used for email protectction.
static int X509_EXTENDED_KEY_USAGE_OCSP_SIGNING
          Designates that the key is to be used for OCSP signing.
static int X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION
          Designates that the key is to be used for server authenticateion.
static int X509_EXTENDED_KEY_USAGE_TIME_STAMPING
          Designates that the key is to be used for time stamping.
static int X509_NON_CA
          The X.509 basic constraints extension is used to specify whether a certificate belongs to a CA (CA).
 
Constructor Summary
NPKITcertificate()
          Constructor.
 
Method Summary
 void certificateInfo(byte[][] certificate)
          Use to retrieve a newly created X.509 certificate.
 void convertKeyFormat(int inputFlags, int outputFlags, byte[] inputKey, byte[][] outputKey)
          Use to convert the format of an RSA private key.
 void create(int keyType, int keySize, java.lang.String subjectDN, int signatureAlgorithm, int flags, int validFrom, int validTo, int publicKeyFlags, int privateKeyFlags, com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
          Create a Public Private key pair as well as a self-signed certificate and/or a PKCS#10 CSR (Certificate Signing Request).
 void createContext()
          Creates a new NPKIT certificate context and initializes it with default values.
 void csrInfo(byte[][] csr)
          Use to retrieve a newly created PKCS #10 CSR (Certificate Signing Request).
 void encodeBasicConstraintsExtension(int cA, int pathConstraint, int critical, byte[][] encodedBasicConstraintsExtension)
          Use to create an ASN.1 encoded Basic Constraints extension to be used when calling either create or signCertificate.
 void encodeExtendedKeyUsageExtension(int extendedKeyUsageBits, int critical, byte[][] encodedExtendedKeyUsageExtension)
          Use to create an ASN.1 encoded Extended Key Usage extension to be used when calling either create or signCertificate.
 void encodeKeyUsageExtension(int keyUsageBits, int critical, byte[][] encodedKeyUsageExtension)
          Use to create an ASN.1 encoded Key Usage extension to be used when calling either create or signCertificate.
 void encodeSubjectAltNamesExtension(com.novell.security.japi.pki.NPKI_ExtAltNames altNames, int critical, byte[][] encodedSubjectAltNamesExtension)
          Use to create an ASN.1 encoded Subject Alternative Names extension to be used when calling either create or signCertificate.
 void freeContext()
          Frees a previously allocated NPKIT certificate context and all associated memory
 void initialize()
          Initializes NPKITcertificate.
 void signCertificate(com.novell.security.japi.pki.NPKITcache signingCA, int flags, byte[] csr, java.lang.String subjectDN, int validFrom, int validTo, com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
          Creates a Certifcate using the CSR supplied.
 void signData(int signingContext, int signingAlgorithm, byte[] data, byte[][] signedData)
          Used to digitally sign a block of data
 void wrappedPrivateKeyInfo(byte[][] wrappedPrivateKey)
          Use to retrieve a newly created private key which has been cryptographically wrapped to protect it from disclosure.
 
Methods inherited from class com.novell.security.japi.pki.NPKIToolbox
decodeCSR, destroy, finalize, getUTCString, loadLibrary, version
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NPKI_CSR

public static final int NPKI_CSR
Used to specify that a PKCS#10 CSR (Certificate Signing Request) should be created.

( NPKI_CSR = 0x0001)

See Also:
Constant Field Values

NPKI_SELF_SIGNED_CERTIFICATE

public static final int NPKI_SELF_SIGNED_CERTIFICATE
Used to specify that a self-signed certificate should be created.

(NPKI_SELF_SIGNED_CERTIFICATE = 0x0002)

See Also:
Constant Field Values

NPKI_KEY_DEFAULT

public static final int NPKI_KEY_DEFAULT
Used to specify the default key generation options.

(NPKI_KEY_DEFAULT = 0x0000)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_ANY

public static final int X509_EXTENDED_KEY_USAGE_ANY
Designates that any Extended Key Usage is acceptable.

(X509_EXTENDED_KEY_USAGE_ANY = 0x0001)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION

public static final int X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION
Designates that the key is to be used for server authenticateion.

(X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION = 0x0002)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION

public static final int X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION
Designates that the key is to be used for client authenticateion.

(X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION = 0x0004)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_CODE_SIGNING

public static final int X509_EXTENDED_KEY_USAGE_CODE_SIGNING
Designates that the key is to be used for code signing.

(X509_EXTENDED_KEY_USAGE_CODE_SIGNING = 0x0008)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION

public static final int X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
Designates that the key is to be used for email protectction.

(X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION = 0x0010)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_TIME_STAMPING

public static final int X509_EXTENDED_KEY_USAGE_TIME_STAMPING
Designates that the key is to be used for time stamping.

(X509_EXTENDED_KEY_USAGE_TIME_STAMPING = 0x0020)

See Also:
Constant Field Values

X509_EXTENDED_KEY_USAGE_OCSP_SIGNING

public static final int X509_EXTENDED_KEY_USAGE_OCSP_SIGNING
Designates that the key is to be used for OCSP signing.

(X509_EXTENDED_KEY_USAGE_OCSP_SIGNING = 0x0040)

See Also:
Constant Field Values

X509_NON_CA

public static final int X509_NON_CA

The X.509 basic constraints extension is used to specify whether a certificate belongs to a CA (CA). The X.509 basic constraints extension has essentially two parts:

CAs MUST have the basic constraints extension encoded. Certificates for non-CAs MAY have the basic constraints extension encoded. /** Specifies that the certificate is not a CA (that is, the certificate is a user or server certificate).

(X509_NON_CA = 0x00)

See Also:
Constant Field Values

X509_CA

public static final int X509_CA
Specifies that the certificate is a CA (Certificate Authoruty).

(X509_CA = 0xFF)

See Also:
Constant Field Values

X509_CA_PATH_LENGTH_UNLIMITED

public static final int X509_CA_PATH_LENGTH_UNLIMITED
Specifies that the path constraint (or path length) is unlimited.

(X509_CA_PATH_LENGTH_UNLIMITED = 0xFFFFFFFF)

See Also:
Constant Field Values

NPKI_WRAPPED_PRIVATE_KEY

public static final int NPKI_WRAPPED_PRIVATE_KEY
Converts Key flags.

Use this flag to indicate a wrapped private key.

(NPKI_WRAPPED_PRIVATE_KEY = 0x0001)

See Also:
Constant Field Values

NPKI_RAW_PRIVATE_KEY_INFO

public static final int NPKI_RAW_PRIVATE_KEY_INFO
Use this flag to indicate raw private key info (PKCS#8).

(NPKI_RAW_PRIVATE_KEY_INFO = 0x0002)

See Also:
Constant Field Values

NPKI_RAW_PRIVATE_KEY

public static final int NPKI_RAW_PRIVATE_KEY
Use this flag to indicate a raw private key (PKCS#1).

(NPKI_RAW_PRIVATE_KEY = 0x0004)

See Also:
Constant Field Values
Constructor Detail

NPKITcertificate

public NPKITcertificate()
                 throws NPKI_Exception
Constructor.

Throws:
NPKI_Exception - Throws a PKI error code if not successful.
Method Detail

initialize

public void initialize()
                throws NPKI_Exception
Initializes NPKITcertificate.

Overrides:
initialize in class NPKIToolbox
Throws:
NPKI_Exception - Throws a PKI error code if not successful.

createContext

public void createContext()
                   throws NPKI_Exception
Creates a new NPKIT certificate context and initializes it with default values.

Specified by:
createContext in class NPKIToolbox
Throws:
NPKI_Exception - Throws a PKI error code if not successful.
See Also:
freeContext

freeContext

public void freeContext()
Frees a previously allocated NPKIT certificate context and all associated memory

Specified by:
freeContext in class NPKIToolbox
See Also:
createContext

create

public void create(int keyType,
                   int keySize,
                   java.lang.String subjectDN,
                   int signatureAlgorithm,
                   int flags,
                   int validFrom,
                   int validTo,
                   int publicKeyFlags,
                   int privateKeyFlags,
                   com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
            throws NPKI_Exception
Create a Public Private key pair as well as a self-signed certificate and/or a PKCS#10 CSR (Certificate Signing Request).

Parameters:
keyType - (IN) Specifies the type of key that is to be generated. For this release, the only supported key type is RSA or a value of PKI_RSA_ALGORITHM.
keySize - (IN) Specifies the requested size of the key to be generated. If the key size requested could not be generated, an exception will be thrown and no key will be generated.
subjectDN - (IN) Specifies the subjectDN. This is the name to be encoded in the subject field in the X.509 certificate. The subject field identifies the entity associated with the public/private key pair. (For more information see RFC 3280 Section 4.1.2.6.)
signatureAlgorithm - (IN) Specifies which signature algorithm will be used to sign the certificate. For this release, use one of the following:
  • PKI_SIGN_WITH_RSA_AND_MD2
  • PKI_SIGN_WITH_RSA_AND_MD5
  • PKI_SIGN_WITH_RSA_AND_SHA1
  • PKI_SIGN_WITH_RSA_AND_SHA_256
  • PKI_SIGN_WITH_RSA_AND_SHA_384
  • PKI_SIGN_WITH_RSA_AND_SHA_512
flags - (IN) Specifies what should be created either a certificate and/or a PKCS#10 CSR. Use one or more of the following flags:
  • NPKI_CSR - Use this flag to create a PKCS#10 CSR (Certificate Signing Request).
  • NPKI_SELF_SIGNED_CERTIFICATE - Use this flag to create a self-signed certificate.
validFrom - (IN) Specifies the beginning of the period of validity, represented as the number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent the current time on the server.
validTo - (IN) Specifies the end of the period of validity, represented as the number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent the greatest validity period available on the server.
publicKeyFlags - (IN) Currently reserved -- Pass a zero value or NPKI_KEY_DEFAULT.
privateKeyFlags - (IN) Specifies the private key options to use when creating the key pair. Pass a value of NPKI_KEY_DEFAULT OR'ed with any optional flags. There currently is one optional Private Key Flag PRIVATE_KEY_EXTRACTABLE.
extensions - (IN) Specifies any generic ASN.1 encoded extensions to add to the certificate.
Throws:
NPKI_Exception - ***Returns 0 if successful, or an eDirectory or PKI error code if not successful.
See Also:
createContext, freeContext, certificateInfo, csrInfo, wrappedPrivateKeyInfo, encodeKeyUsageExtension, encodeExtendedKeyUsageExtension, encodeBasicConstraintsExtension, encodeSubjectAltNamesExtension

signCertificate

public void signCertificate(com.novell.security.japi.pki.NPKITcache signingCA,
                            int flags,
                            byte[] csr,
                            java.lang.String subjectDN,
                            int validFrom,
                            int validTo,
                            com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
                     throws NPKI_Exception
Creates a Certifcate using the CSR supplied. The CA used will be the one contained in the NPKITcache signingCA.

Parameters:
signingCA - (IN) Specifies the NPKITcache object containing the CA Private Key and Certificate that will be used to sign the new certificate.
flags - (IN) Currently reserved -- Pass a zero value.
subjectDN - (IN) Specifies the subjectDN. This is the name to be encoded in the subject field in the X.509 certificate. The subject field identifies the entity associated with the public/private key pair. (For more information see RFC 3280 Section 4.1.2.6.)
validFrom - (IN) Specifies the beginning of the period of validity, represented as the number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent the current time on the server.
validTo - (IN) Specifies the end of the period of validity, represented as the number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent the greatest validity period available on the server.
extensions - (IN) Specifies any generic ASN.1 encoded extensions to add to the certificate.
NPKI_Exception
See Also:
createContext, freeContext, certificateInfo, encodeKeyUsageExtension, encodeExtendedKeyUsageExtension, encodeBasicConstraintsExtension, encodeSubjectAltNamesExtension

certificateInfo

public void certificateInfo(byte[][] certificate)
                     throws NPKI_Exception
Use to retrieve a newly created X.509 certificate.

A successful call to either create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions) or signCertificate(com.novell.security.japi.pki.NPKITcache, int, byte[], java.lang.String, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions). must have been made just prior to calling this routine.

Parameters:
certificate - (OUT) Returns the certificate.
NPKI_Exception
See Also:
createContext, freeContext, create, signCertificate, csrInfo, wrappedPrivateKeyInfo

csrInfo

public void csrInfo(byte[][] csr)
             throws NPKI_Exception
Use to retrieve a newly created PKCS #10 CSR (Certificate Signing Request).

A successful call to create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions) must have been made just prior to calling this routine.

Parameters:
csr - (OUT) Returns the csr.
NPKI_Exception
See Also:
createContext, freeContext, create, certificateInfo, wrappedPrivateKeyInfo

convertKeyFormat

public void convertKeyFormat(int inputFlags,
                             int outputFlags,
                             byte[] inputKey,
                             byte[][] outputKey)
                      throws NPKI_Exception
Use to convert the format of an RSA private key.

Parameters:
inputFlags - (IN) Specifies the format of the input key:
  • NPKI_WRAPPED_PRIVATE_KEY - Use this flag to specify the input key is wrapped in the NICI storage key.
  • NPKI_RAW_PRIVATE_KEY_INFO - Use this flag to specify the data is in the format of a PrivateKeyInfo (PKCS#8).
  • NPKI_RAW_PRIVATE_KEY - Use this flag to specify the input key is in the format of a raw PrivateKey (PKCS#1).
outputFlags - (IN) Specifies the output format of the key:
  • NPKI_WRAPPED_PRIVATE_KEY - Use this flag to request the Wrapped Private Key format.
  • NPKI_RAW_PRIVATE_KEY_INFO - Use this flag to request the PrivateKeyInfo format (PKCS#8).
  • NPKI_RAW_PRIVATE_KEY - Use this flag to request a raw PrivateKey format (PKCS#1).
outputKey - (OUT) Returns the key in the specified format.
NPKI_Exception
See Also:
createContext, freeContext, wrappedPrivateKeyInfo

signData

public void signData(int signingContext,
                     int signingAlgorithm,
                     byte[] data,
                     byte[][] signedData)
              throws NPKI_Exception
Used to digitally sign a block of data

Parameters:
signingContext - (IN) Specifies the cache context to use for signing
signingAlgorithm - (IN) Specifies which signature algorithm will be used to sign the certificate. For this release use:

wrappedPrivateKeyInfo

public void wrappedPrivateKeyInfo(byte[][] wrappedPrivateKey)
                           throws NPKI_Exception
Use to retrieve a newly created private key which has been cryptographically wrapped to protect it from disclosure.

A successful call to create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions) must have been made just prior to calling this routine.

Parameters:
wrappedPrivateKey - (OUT) Returns the wrapped private key.
NPKI_Exception
See Also:
createContext, freeContext, create, certificateInfo, wrappedPrivateKeyInfo

encodeKeyUsageExtension

public void encodeKeyUsageExtension(int keyUsageBits,
                                    int critical,
                                    byte[][] encodedKeyUsageExtension)
                             throws NPKI_Exception
Use to create an ASN.1 encoded Key Usage extension to be used when calling either create or signCertificate. See X.509 Extensions and Key Usage Extension sections for more details.

Parameters:
keyUsageBits - (IN) Specifes which Key Usages are to be encoded. Use one or more of the following values OR'ed together:
critical - (IN) Specifies whether the extension is to encoded as critical or not. Use one of the two following values:
NPKI_Exception
See Also:
createContext, freeContext, create, signCertificate

encodeExtendedKeyUsageExtension

public void encodeExtendedKeyUsageExtension(int extendedKeyUsageBits,
                                            int critical,
                                            byte[][] encodedExtendedKeyUsageExtension)
                                     throws NPKI_Exception
Use to create an ASN.1 encoded Extended Key Usage extension to be used when calling either create or signCertificate. See X.509 Extensions and Extended Key Usage Extension sections for more details.

Parameters:
extendedKeyUsageBits - (IN) Specifes which Extended Key Usages are to be encoded. Use one or more of the following values OR'ed together:
critical - (IN) Specifies whether the extension is to encoded as critical or not. Use one of the two following values:
encodedExtendedKeyUsageExtension - (OUT) Returns the ASN.1 encoded Extended Key Usage extension.
NPKI_Exception
See Also:
createContext, freeContext, create, signCertificate

encodeBasicConstraintsExtension

public void encodeBasicConstraintsExtension(int cA,
                                            int pathConstraint,
                                            int critical,
                                            byte[][] encodedBasicConstraintsExtension)
                                     throws NPKI_Exception
Use to create an ASN.1 encoded Basic Constraints extension to be used when calling either create or signCertificate. See the Basic Constraints Extension for more details.

Parameters:
cA - (IN) Specifes whether the certificate is a CA (Certificate Authority) or not. Use one of following values:
  • X509_NON_CA - Specifies that the certificate is not a CA.
  • X509_CA - Specifies that the certificate is a CA.
pathConstraint - (IN) Specifes how many subordinate levels of a certificate chain that the CA can certify. The pathConstraint can range from zero, meaning that the CA cannot certify other CAs but can still certify leaf objects (that is, user and server certificates) to infinite. Use either an interger value (zero or greater) or the value X509_CA_PATH_LENGTH_UNLIMITED if you do not want to the path to be constrained.

NOTE: The pathConstraint value only has meaning if the extension is for a CA (that is, when cA is set to the value X509_CA).

critical - (IN) Specifies whether the extension is to encoded as critical or not. Use one of the two following values:
encodedBasicConstraintsExtension - (OUT) Returns the ASN.1 encoded Basic Constraints extension.
NPKI_Exception
See Also:
createContext, freeContext, create, signCertificate

encodeSubjectAltNamesExtension

public void encodeSubjectAltNamesExtension(com.novell.security.japi.pki.NPKI_ExtAltNames altNames,
                                           int critical,
                                           byte[][] encodedSubjectAltNamesExtension)
                                    throws NPKI_Exception
Use to create an ASN.1 encoded Subject Alternative Names extension to be used when calling either create or signCertificate.

Parameters:
altNames - (IN) Specifies the X.509 subject alternative name extension. See X.509 Extensions and Subject Alternative Names Extension section for more details.
critical - (IN) Specifies whether the extension is to encoded as critical or not. Use one of the two following values:
encodedSubjectAltNamesExtension - (OUT) Returns the ASN.1 encoded Subject Alternative Names extension.
NPKI_Exception
See Also:
createContext, freeContext, create, signCertificate
Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD