|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.novell.security.japi.pki.NPKIToolbox | +--com.novell.security.japi.pki.NPKITcertificate
This class can be used to create PKCS#10 CSRs (Certificate Signing Requests), self-signed certificates, and their matching wrapped private keys. It can used to sign certificates and to create various ASN.1 encoded extension to be used when creating or signing certificates.
Field Summary | |
static int |
NPKI_CSR
Used to specify that a PKCS#10 CSR (Certificate Signing Request) should be created. |
static int |
NPKI_KEY_DEFAULT
Used to specify the default key generation options. |
static int |
NPKI_RAW_PRIVATE_KEY
Use this flag to indicate a raw private key (PKCS#1). |
static int |
NPKI_RAW_PRIVATE_KEY_INFO
Use this flag to indicate raw private key info (PKCS#8). |
static int |
NPKI_SELF_SIGNED_CERTIFICATE
Used to specify that a self-signed certificate should be created. |
static int |
NPKI_WRAPPED_PRIVATE_KEY
Converts Key flags. |
static int |
X509_CA
Specifies that the certificate is a CA (Certificate Authoruty). |
static int |
X509_CA_PATH_LENGTH_UNLIMITED
Specifies that the path constraint (or path length) is unlimited. |
static int |
X509_EXTENDED_KEY_USAGE_ANY
Designates that any Extended Key Usage is acceptable. |
static int |
X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION
Designates that the key is to be used for client authenticateion. |
static int |
X509_EXTENDED_KEY_USAGE_CODE_SIGNING
Designates that the key is to be used for code signing. |
static int |
X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
Designates that the key is to be used for email protectction. |
static int |
X509_EXTENDED_KEY_USAGE_OCSP_SIGNING
Designates that the key is to be used for OCSP signing. |
static int |
X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION
Designates that the key is to be used for server authenticateion. |
static int |
X509_EXTENDED_KEY_USAGE_TIME_STAMPING
Designates that the key is to be used for time stamping. |
static int |
X509_NON_CA
The X.509 basic constraints extension is used to specify whether a certificate belongs to a CA (CA). |
Constructor Summary | |
NPKITcertificate()
Constructor. |
Method Summary | |
void |
certificateInfo(byte[][] certificate)
Use to retrieve a newly created X.509 certificate. |
void |
convertKeyFormat(int inputFlags,
int outputFlags,
byte[] inputKey,
byte[][] outputKey)
Use to convert the format of an RSA private key. |
void |
create(int keyType,
int keySize,
java.lang.String subjectDN,
int signatureAlgorithm,
int flags,
int validFrom,
int validTo,
int publicKeyFlags,
int privateKeyFlags,
com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
Create a Public Private key pair as well as a self-signed certificate and/or a PKCS#10 CSR (Certificate Signing Request). |
void |
createContext()
Creates a new NPKIT certificate context and initializes it with default values. |
void |
csrInfo(byte[][] csr)
Use to retrieve a newly created PKCS #10 CSR (Certificate Signing Request). |
void |
encodeBasicConstraintsExtension(int cA,
int pathConstraint,
int critical,
byte[][] encodedBasicConstraintsExtension)
Use to create an ASN.1 encoded Basic Constraints extension to be used when calling either create or signCertificate . |
void |
encodeExtendedKeyUsageExtension(int extendedKeyUsageBits,
int critical,
byte[][] encodedExtendedKeyUsageExtension)
Use to create an ASN.1 encoded Extended Key Usage extension to be used when calling either create or signCertificate . |
void |
encodeKeyUsageExtension(int keyUsageBits,
int critical,
byte[][] encodedKeyUsageExtension)
Use to create an ASN.1 encoded Key Usage extension to be used when calling either create or signCertificate . |
void |
encodeSubjectAltNamesExtension(com.novell.security.japi.pki.NPKI_ExtAltNames altNames,
int critical,
byte[][] encodedSubjectAltNamesExtension)
Use to create an ASN.1 encoded Subject Alternative Names extension to be used when calling either create or signCertificate . |
void |
freeContext()
Frees a previously allocated NPKIT certificate context and all associated memory |
void |
initialize()
Initializes NPKITcertificate. |
void |
signCertificate(com.novell.security.japi.pki.NPKITcache signingCA,
int flags,
byte[] csr,
java.lang.String subjectDN,
int validFrom,
int validTo,
com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions)
Creates a Certifcate using the CSR supplied. |
void |
signData(int signingContext,
int signingAlgorithm,
byte[] data,
byte[][] signedData)
Used to digitally sign a block of data |
void |
wrappedPrivateKeyInfo(byte[][] wrappedPrivateKey)
Use to retrieve a newly created private key which has been cryptographically wrapped to protect it from disclosure. |
Methods inherited from class com.novell.security.japi.pki.NPKIToolbox |
decodeCSR, destroy, finalize, getUTCString, loadLibrary, version |
Methods inherited from class java.lang.Object |
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int NPKI_CSR
( NPKI_CSR = 0x0001)
public static final int NPKI_SELF_SIGNED_CERTIFICATE
(NPKI_SELF_SIGNED_CERTIFICATE = 0x0002)
public static final int NPKI_KEY_DEFAULT
(NPKI_KEY_DEFAULT = 0x0000)
public static final int X509_EXTENDED_KEY_USAGE_ANY
(X509_EXTENDED_KEY_USAGE_ANY = 0x0001)
public static final int X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION
(X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION = 0x0002)
public static final int X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION
(X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION = 0x0004)
public static final int X509_EXTENDED_KEY_USAGE_CODE_SIGNING
(X509_EXTENDED_KEY_USAGE_CODE_SIGNING = 0x0008)
public static final int X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
(X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION = 0x0010)
public static final int X509_EXTENDED_KEY_USAGE_TIME_STAMPING
(X509_EXTENDED_KEY_USAGE_TIME_STAMPING = 0x0020)
public static final int X509_EXTENDED_KEY_USAGE_OCSP_SIGNING
(X509_EXTENDED_KEY_USAGE_OCSP_SIGNING = 0x0040)
public static final int X509_NON_CA
The X.509 basic constraints extension is used to specify whether a certificate belongs to a CA (CA). The X.509 basic constraints extension has essentially two parts:
CAs MUST have the basic constraints extension encoded. Certificates for non-CAs MAY have the basic constraints extension encoded. /** Specifies that the certificate is not a CA (that is, the certificate is a user or server certificate).
(X509_NON_CA = 0x00)
public static final int X509_CA
(X509_CA = 0xFF)
public static final int X509_CA_PATH_LENGTH_UNLIMITED
(X509_CA_PATH_LENGTH_UNLIMITED = 0xFFFFFFFF)
public static final int NPKI_WRAPPED_PRIVATE_KEY
Use this flag to indicate a wrapped private key.
(NPKI_WRAPPED_PRIVATE_KEY = 0x0001)
public static final int NPKI_RAW_PRIVATE_KEY_INFO
(NPKI_RAW_PRIVATE_KEY_INFO = 0x0002)
public static final int NPKI_RAW_PRIVATE_KEY
(NPKI_RAW_PRIVATE_KEY = 0x0004)
Constructor Detail |
public NPKITcertificate() throws NPKI_Exception
NPKI_Exception
- Throws a PKI error code if not successful.Method Detail |
public void initialize() throws NPKI_Exception
initialize
in class NPKIToolbox
NPKI_Exception
- Throws a PKI error code if not successful.public void createContext() throws NPKI_Exception
createContext
in class NPKIToolbox
NPKI_Exception
- Throws a PKI error code if not successful.freeContext
public void freeContext()
freeContext
in class NPKIToolbox
createContext
public void create(int keyType, int keySize, java.lang.String subjectDN, int signatureAlgorithm, int flags, int validFrom, int validTo, int publicKeyFlags, int privateKeyFlags, com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions) throws NPKI_Exception
keyType
- (IN) Specifies the type of key that is to be generated. For
this release, the only supported key type is RSA or a value of
PKI_RSA_ALGORITHM.keySize
- (IN) Specifies the requested size of the key to be generated. If the key size
requested could not be generated, an exception will be thrown and no
key will be generated.subjectDN
- (IN) Specifies the subjectDN. This is the name to be encoded in the subject
field in the X.509 certificate. The subject field identifies the entity associated with the
public/private key pair. (For more information see RFC 3280 Section 4.1.2.6.)signatureAlgorithm
- (IN) Specifies which signature algorithm will be used to sign the
certificate. For this release, use one of the following:PKI_SIGN_WITH_RSA_AND_MD2
PKI_SIGN_WITH_RSA_AND_MD5
PKI_SIGN_WITH_RSA_AND_SHA1
PKI_SIGN_WITH_RSA_AND_SHA_256
PKI_SIGN_WITH_RSA_AND_SHA_384
PKI_SIGN_WITH_RSA_AND_SHA_512
flags
- (IN) Specifies what should be created either a certificate and/or a PKCS#10 CSR. Use one
or more of the following flags:validFrom
- (IN) Specifies the beginning of the period of validity, represented as the
number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to
represent the current time on the server.validTo
- (IN) Specifies the end of the period of validity, represented as the number
of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent
the greatest validity period available on the server.publicKeyFlags
- (IN) Currently reserved -- Pass a zero value or NPKI_KEY_DEFAULT
.privateKeyFlags
- (IN) Specifies the private key options to use when creating the key pair.
Pass a value of NPKI_KEY_DEFAULT
OR'ed with any optional flags. There currently is one
optional Private Key Flag PRIVATE_KEY_EXTRACTABLE.extensions
- (IN) Specifies any generic ASN.1 encoded extensions to add to the
certificate.
NPKI_Exception
- ***Returns 0 if successful, or an eDirectory or PKI error code if not successful.createContext
,
freeContext
,
certificateInfo
,
csrInfo
,
wrappedPrivateKeyInfo
,
encodeKeyUsageExtension
,
encodeExtendedKeyUsageExtension
,
encodeBasicConstraintsExtension
,
encodeSubjectAltNamesExtension
public void signCertificate(com.novell.security.japi.pki.NPKITcache signingCA, int flags, byte[] csr, java.lang.String subjectDN, int validFrom, int validTo, com.novell.security.japi.pki.NPKI_ASN1_Extensions extensions) throws NPKI_Exception
signingCA
.
signingCA
- (IN) Specifies the NPKITcache object containing the CA Private Key and Certificate
that will be used to sign the new certificate.flags
- (IN) Currently reserved -- Pass a zero value.subjectDN
- (IN) Specifies the subjectDN. This is the name to be encoded in the subject
field in the X.509 certificate. The subject field identifies the entity associated with the
public/private key pair. (For more information see RFC 3280 Section 4.1.2.6.)validFrom
- (IN) Specifies the beginning of the period of validity, represented as the
number of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to
represent the current time on the server.validTo
- (IN) Specifies the end of the period of validity, represented as the number
of seconds since 00:00:00 UTC Jan 1, 1970, or 0xFFFFFFFF to represent
the greatest validity period available on the server.extensions
- (IN) Specifies any generic ASN.1 encoded extensions to add to the certificate.
NPKI_Exception
createContext
,
freeContext
,
certificateInfo
,
encodeKeyUsageExtension
,
encodeExtendedKeyUsageExtension
,
encodeBasicConstraintsExtension
,
encodeSubjectAltNamesExtension
public void certificateInfo(byte[][] certificate) throws NPKI_Exception
A successful call to either create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions)
or signCertificate(com.novell.security.japi.pki.NPKITcache, int, byte[], java.lang.String, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions)
. must have been
made just prior to calling this routine.
certificate
- (OUT) Returns the certificate.
NPKI_Exception
createContext
,
freeContext
,
create
,
signCertificate
,
csrInfo
,
wrappedPrivateKeyInfo
public void csrInfo(byte[][] csr) throws NPKI_Exception
A successful call to create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions)
must have been made just prior to calling this routine.
csr
- (OUT) Returns the csr.
NPKI_Exception
createContext
,
freeContext
,
create
,
certificateInfo
,
wrappedPrivateKeyInfo
public void convertKeyFormat(int inputFlags, int outputFlags, byte[] inputKey, byte[][] outputKey) throws NPKI_Exception
inputFlags
- (IN) Specifies the format of the input key: NPKI_WRAPPED_PRIVATE_KEY
- Use this flag to specify the input key is wrapped in the NICI storage key.NPKI_RAW_PRIVATE_KEY_INFO
- Use this flag to specify the data is in the format of a PrivateKeyInfo (PKCS#8).NPKI_RAW_PRIVATE_KEY
- Use this flag to specify the input key is in the format of a raw PrivateKey (PKCS#1).outputFlags
- (IN) Specifies the output format of the key: NPKI_WRAPPED_PRIVATE_KEY
- Use this flag to request the Wrapped Private Key format.NPKI_RAW_PRIVATE_KEY_INFO
- Use this flag to request the PrivateKeyInfo format (PKCS#8).NPKI_RAW_PRIVATE_KEY
- Use this flag to request a raw PrivateKey format (PKCS#1).outputKey
- (OUT) Returns the key in the specified format.
NPKI_Exception
createContext
,
freeContext
,
wrappedPrivateKeyInfo
public void signData(int signingContext, int signingAlgorithm, byte[] data, byte[][] signedData) throws NPKI_Exception
signingContext
- (IN) Specifies the cache context to use for signingsigningAlgorithm
- (IN) Specifies which signature algorithm will be used to sign the
certificate. For this release use: PKI_SIGN_WITH_RSA_AND_SHA1
data
- (IN) Specifies the data to be signed.signedData
- (OUT) Returns the signed data
NPKI_Exception
createContext
,
freeContext
public void wrappedPrivateKeyInfo(byte[][] wrappedPrivateKey) throws NPKI_Exception
A successful call to create(int, int, java.lang.String, int, int, int, int, int, int, com.novell.security.japi.pki.NPKI_ASN1_Extensions)
must have been made just prior to calling this routine.
wrappedPrivateKey
- (OUT) Returns the wrapped private key.
NPKI_Exception
createContext
,
freeContext
,
create
,
certificateInfo
,
wrappedPrivateKeyInfo
public void encodeKeyUsageExtension(int keyUsageBits, int critical, byte[][] encodedKeyUsageExtension) throws NPKI_Exception
create
or signCertificate
. See X.509 Extensions and
Key Usage Extension sections for more details.
keyUsageBits
- (IN) Specifes which Key Usages are to be encoded. Use one or more of the
following values OR'ed together:NPKIAPI.X509_KEY_USAGE_DIGITAL_SIGNATURE
- Designates that the key is used to create digital signatures.
NPKIAPI.X509_KEY_USAGE_NON_REPUDIATION
- Designates that the key is used for non-repudiation. This type of key
usually has legal ramifications.
NPKIAPI.X509_KEY_USAGE_KEY_ENCIPHERMENT
- Designates that the key is used to encrypt other keys.
NPKIAPI.X509_KEY_USAGE_DATA_ENCIPHERMENT
- Designates that the key is used to directly encrypt data.
NPKIAPI.X509_KEY_USAGE_KEY_AGREEMENT
- Not valid for RSA keys.
NPKIAPI.X509_KEY_USAGE_KEY_CERT_SIGN
- Designates that the key is used to sign certificates.
NPKIAPI.X509_KEY_USAGE_CRL_SIGN
- Designates that the key is used to sign CRLs (Certificate Revocation Lists).
NPKIAPI.X509_KEY_USAGE_ENCIPHER_ONLY
- Not valid for RSA keys.
NPKIAPI.X509_KEY_USAGE_DECIPHER_ONLY
- Not valid for RSA keys.critical
- (IN) Specifies whether the extension is to encoded as critical or not. Use
one of the two following values:NPKIAPI.PKI_EXTENSION_NON_CRITICAL
- Specifies a non-critical extension.
NPKIAPI.PKI_EXTENSION_CRITICAL
- Specifies a critical extension.NPKI_Exception
createContext
,
freeContext
,
create
,
signCertificate
public void encodeExtendedKeyUsageExtension(int extendedKeyUsageBits, int critical, byte[][] encodedExtendedKeyUsageExtension) throws NPKI_Exception
create
or signCertificate
. See X.509 Extensions and
Extended Key Usage Extension sections for more details.
extendedKeyUsageBits
- (IN) Specifes which Extended Key Usages are to be encoded. Use one or more of the
following values OR'ed together:X509_EXTENDED_KEY_USAGE_ANY
- Designates that any Extended Key Usage is acceptable.
X509_EXTENDED_KEY_USAGE_SERVER_AUTHENTICATION
- Designates that the key is to be used for
server authenticateion.
X509_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION
- Designates that the key is to be used for
client authenticateion.
X509_EXTENDED_KEY_USAGE_CODE_SIGNING
- Designates that the key is to be used for
code signing.
X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
- Designates that the key is to be used for
email protectction.
X509_EXTENDED_KEY_USAGE_TIME_STAMPING
- Designates that the key is to be used for
time stamping.
X509_EXTENDED_KEY_USAGE_OCSP_SIGNING
- Designates that the key is to be used for
OCSP signing.critical
- (IN) Specifies whether the extension is to encoded as critical or not. Use
one of the two following values:NPKIAPI.PKI_EXTENSION_NON_CRITICAL
- Specifies a non-critical extension.
NPKIAPI.PKI_EXTENSION_CRITICAL
- Specifies a critical extension.encodedExtendedKeyUsageExtension
- (OUT) Returns the ASN.1 encoded Extended Key Usage extension.
NPKI_Exception
createContext
,
freeContext
,
create
,
signCertificate
public void encodeBasicConstraintsExtension(int cA, int pathConstraint, int critical, byte[][] encodedBasicConstraintsExtension) throws NPKI_Exception
create
or signCertificate
. See the Basic Constraints Extension for
more details.
cA
- (IN) Specifes whether the certificate is a CA (Certificate Authority) or not. Use one of
following values:X509_NON_CA
- Specifies that the certificate is not a CA.
X509_CA
- Specifies that the certificate is a CA.pathConstraint
- (IN) Specifes how many subordinate levels of a certificate chain that the CA can
certify. The pathConstraint can range from zero, meaning that the CA cannot certify other CAs but can
still certify leaf objects (that is, user and server certificates) to infinite. Use either an interger
value (zero or greater) or the value X509_CA_PATH_LENGTH_UNLIMITED
if you do not want to the
path to be constrained.
NOTE: The pathConstraint
value only has meaning if the extension is for a CA
(that is, when cA
is set to the value X509_CA
).
critical
- (IN) Specifies whether the extension is to encoded as critical or not. Use
one of the two following values:NPKIAPI.PKI_EXTENSION_NON_CRITICAL
- Specifies a non-critical extension.
NPKIAPI.PKI_EXTENSION_CRITICAL
- Specifies a critical extension.encodedBasicConstraintsExtension
- (OUT) Returns the ASN.1 encoded Basic Constraints extension.
NPKI_Exception
createContext
,
freeContext
,
create
,
signCertificate
public void encodeSubjectAltNamesExtension(com.novell.security.japi.pki.NPKI_ExtAltNames altNames, int critical, byte[][] encodedSubjectAltNamesExtension) throws NPKI_Exception
create
or signCertificate
.
altNames
- (IN) Specifies the X.509 subject alternative name extension. See X.509
Extensions and Subject Alternative Names Extension section for more details.critical
- (IN) Specifies whether the extension is to encoded as critical or not. Use
one of the two following values:NPKIAPI.PKI_EXTENSION_NON_CRITICAL
- Specifies a non-critical extension.
NPKIAPI.PKI_EXTENSION_CRITICAL
- Specifies a critical extension.encodedSubjectAltNamesExtension
- (OUT) Returns the ASN.1 encoded Subject Alternative Names extension.
NPKI_Exception
createContext
,
freeContext
,
create
,
signCertificate
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |