X509CryptoService (XWiki Platform - Cryptographic Services 5.2-milestone-2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.xwiki.crypto.x509
Interface X509CryptoService

@Role public interface X509CryptoService

Service allowing components to sign text, determine the validity and signer of already signed text, create keys, and register new certificates.

Since:: 2.5M1
Version:: $Id: 381ae489b9ffbdc967fab215d14603dbb9624a6d $

Method Summary
`XWikiX509Certificate`	`certFromPEM(String pemFormatCert)` Deserialize an X509 certificate from a PEM formatted string.
`XWikiX509Certificate[]`	`certsFromSpkac(String spkacSerialization, int daysOfValidity)` Creates an array of Base64 encoded DER formatted X509Certificates containing: 1.
`XWikiX509KeyPair`	`keyPairFromBase64(String keyPairAsBase64)` Deserialize an `XWikiX509KeyPair` from a base64 encoded String.
`XWikiX509KeyPair`	`newCertAndPrivateKey(int daysOfValidity, String password)` Creates an XWikiX509Certificate and matching private key.
`String`	`signText(String textToSign, XWikiX509KeyPair toSignWith, String password)` Produce a pkcs#7 signature for the given text.
`XWikiX509Certificate`	`verifyText(String signedText, String base64Signature)` Verify a pkcs#7 signature and return the certificate of the user who signed it.

Method Detail

certsFromSpkac

XWikiX509Certificate[] certsFromSpkac(String spkacSerialization,
                                      int daysOfValidity)
                                      throws GeneralSecurityException

Creates an array of Base64 encoded DER formatted X509Certificates containing: 1. A certificate from the given SPKAC 2. A certificate authority certificate which will validate the first certificate in the array. Safari, Firefox, Opera, return through the element an SPKAC request (see the specification in html5)

Parameters:: spkacSerialization - a SPKAC Certificate Signing Request; daysOfValidity - number of days before the certificate should become invalid.
Returns:: an array of 2 X509Certificates in Base64 encoded DER format.
Throws:: GeneralSecurityException - if something goes wrong while creating the certificate.

newCertAndPrivateKey

XWikiX509KeyPair newCertAndPrivateKey(int daysOfValidity,
                                      String password)
                                      throws GeneralSecurityException

Creates an XWikiX509Certificate and matching private key. This certificate will be self signed since it is expected to be used only on the server. This certificate will also have it's non-repudiation bit cleared because it is expected to reside on the server where it is more vulnerable than a client side certificate.

Parameters:: daysOfValidity - number of days before the certificate should become invalid.; password - the password to set on the resulting XWikiX509KeyPair.
Returns:: object containing certificate and private key.
Throws:: GeneralSecurityException - if something goes wrong while creating the certificate.

signText

String signText(String textToSign,
                XWikiX509KeyPair toSignWith,
                String password)
                throws GeneralSecurityException

Produce a pkcs#7 signature for the given text. Text will be signed with the key belonging to the author of the code which calls this.

Parameters:: textToSign - the text which the user wishes to sign.; toSignWith - the certificate and matching private key to sign the text with.; password - to access the private key in the key pair.
Returns:: a signature which can be used to validate the signed text.
Throws:: GeneralSecurityException - if anything goes wrong during signing.

verifyText

XWikiX509Certificate verifyText(String signedText,
                                String base64Signature)
                                throws GeneralSecurityException

Verify a pkcs#7 signature and return the certificate of the user who signed it.

Parameters:: signedText - the text which has been signed.; base64Signature - the signature on the text in Base64 encoded DER format.
Returns:: the certificate used to sign the text or null if it's invalid.
Throws:: GeneralSecurityException - if anything goes wrong.

certFromPEM

XWikiX509Certificate certFromPEM(String pemFormatCert)
                                 throws GeneralSecurityException

Deserialize an X509 certificate from a PEM formatted string.

Parameters:: pemFormatCert - a String created by XWikiX509Certificate.toPEMString() or from OpenSSL or any other standards compliant X509 certificate generator in PEM format.
Returns:: an XWikiX509Certificate which extends X509Certificate and can be used by methods in this class as well as with third party encryption tools.
Throws:: GeneralSecurityException - If there isn't a valid XWikiX509Certificate.CERT_BEGIN or XWikiX509Certificate.CERT_END tag, or if there is an exception parsing the content inbetween.

keyPairFromBase64

XWikiX509KeyPair keyPairFromBase64(String keyPairAsBase64)
                                   throws GeneralSecurityException

Deserialize an XWikiX509KeyPair from a base64 encoded String.

Parameters:: keyPairAsBase64 - a String created by calling XWikiX509KeyPair.serializeAsBase64()
Returns:: a new XWikiX509KeyPair
Throws:: GeneralSecurityException - if the data has become corrupted or if something fails during the deserialization process.