Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.xwiki.crypto.x509.internal
Class X509Keymaker

java.lang.Object
  extended by org.xwiki.crypto.x509.internal.X509Keymaker

public class X509Keymaker
extends java.lang.Object

Keymaker allows you to create keypairs and X509Certificates.

Since:
2.5M1
Version:
$Id$

Constructor Summary
X509Keymaker()
           
 
Method Summary
 java.security.cert.X509Certificate getAuthorityCertificate()
           
 java.security.cert.X509Certificate makeCertificateAuthority(java.security.KeyPair keyPair, int daysOfValidity, java.lang.String commonName)
          Create a new self signed X509 certificate authority certificate.
 java.security.cert.X509Certificate[] makeClientAndAuthorityCertificates(java.security.PublicKey forCert, int daysOfValidity, boolean nonRepudiable, java.lang.String webId, java.lang.String userName)
          Create a new X509 client certificate and a certificate authority certificate.
 java.security.cert.X509Certificate makeClientCertificate(java.security.PublicKey forCert, java.security.KeyPair toSignWith, int daysOfValidity, boolean nonRepudiable, java.lang.String webId, java.lang.String userName)
          Create a new X509 client certificate.
 java.security.KeyPair newKeyPair()
           
 void setAuthorityCertificate(java.security.cert.X509Certificate authorityCertificate)
          If called then all future client certificates will be packaged with this certificate authority.
 void setAuthorityKeyPair(java.security.KeyPair authorityKeyPair)
          If called then all future client certificates will be signed with this KeyPair.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509Keymaker

public X509Keymaker()
Method Detail

newKeyPair

public java.security.KeyPair newKeyPair()
Returns:
a newly generated RSA KeyPair.

setAuthorityKeyPair

public void setAuthorityKeyPair(java.security.KeyPair authorityKeyPair)
If called then all future client certificates will be signed with this KeyPair. Excluding reflection, you can be assured that the KeyPair set here will not leave this object.

Parameters:
authorityKeyPair - the KeyPair to sign all client keys with.

setAuthorityCertificate

public void setAuthorityCertificate(java.security.cert.X509Certificate authorityCertificate)
If called then all future client certificates will be packaged with this certificate authority. It's important that this certificate is either the same public key as authorityKeyPair or the holder of this certificate has signed the certificate associated with authorityKeyPair.

Parameters:
authorityCertificate - the certificate authority to provide with client certificates.

getAuthorityCertificate

public java.security.cert.X509Certificate getAuthorityCertificate()
Returns:
the certificate authority designated for providing with client certificates.

makeClientAndAuthorityCertificates

public java.security.cert.X509Certificate[] makeClientAndAuthorityCertificates(java.security.PublicKey forCert,
                                                                               int daysOfValidity,
                                                                               boolean nonRepudiable,
                                                                               java.lang.String webId,
                                                                               java.lang.String userName)
                                                                        throws java.security.GeneralSecurityException
Create a new X509 client certificate and a certificate authority certificate. This method will use authorityKeyPair if it is set, this method is also guaranteed to use the same authorityKeyPair for both the client cert signature and the CA cert.

Parameters:
forCert - the public key which will be embedded in the certificate, whoever has the matching private key "owns" the certificate.
daysOfValidity - number of days the cert should be valid for.
nonRepudiable - this should only be true if the private key is not stored on the server.
webId - the URI to put as the alternative name (for FOAFSSL webId compatibility)
userName - a String representation of the name of the user getting the certificate.
Returns:
an array of 2 new X509 certificates, with the client certificate at 0-th index, and CA cert at 1-st index
Throws:
java.security.GeneralSecurityException - if something goes wrong.

makeClientCertificate

public java.security.cert.X509Certificate makeClientCertificate(java.security.PublicKey forCert,
                                                                java.security.KeyPair toSignWith,
                                                                int daysOfValidity,
                                                                boolean nonRepudiable,
                                                                java.lang.String webId,
                                                                java.lang.String userName)
                                                         throws java.security.GeneralSecurityException
Create a new X509 client certificate.

Parameters:
forCert - the public key which will be embedded in the certificate, whoever has the matching private key "owns" the certificate.
toSignWith - the private key in this pair will be used to sign the certificate.
daysOfValidity - number of days the cert should be valid for.
nonRepudiable - this should only be true if the private key is not stored on the server.
webId - the URI to put as the alternative name (for FOAFSSL webId compatibility)
userName - a String representation of the name of the user getting the certificate.
Returns:
a new X509 certificate.
Throws:
java.security.GeneralSecurityException - if something goes wrong.

makeCertificateAuthority

public java.security.cert.X509Certificate makeCertificateAuthority(java.security.KeyPair keyPair,
                                                                   int daysOfValidity,
                                                                   java.lang.String commonName)
                                                            throws java.security.GeneralSecurityException
Create a new self signed X509 certificate authority certificate.

Parameters:
keyPair - the public key will appear in the certificate and the private key will be used to sign it.
daysOfValidity - number of days the cert should be valid for.
commonName - what to put in the common name field, this field will identify this certificate authority in the list on the user's browser.
Returns:
a new X509 certificate authority.
Throws:
java.security.GeneralSecurityException - if something goes wrong.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2011 XWiki. All Rights Reserved.