Package com.netscape.cmscore.security
Class KeyCertUtil
java.lang.Object
com.netscape.cmscore.security.KeyCertUtil
This class provides all the base methods to generate the key for different
kinds of certificates.
- Version:
- $Revision$, $Date$
- Author:
- Christine Ho
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addCertToDB
(netscape.ldap.LDAPConnection conn, String dn, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static String
base64Encode
(byte[] bytes) static void
static byte[]
convertB64EToByteArray
(String b64E) static org.mozilla.jss.netscape.security.x509.KeyIdentifier
createKeyIdentifier
(KeyPair keypair) static KeyPair
generateKeyPair
(String tokenName, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) static KeyPair
generateKeyPair
(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyPairAlgorithm kpAlg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) static org.mozilla.jss.netscape.security.x509.AlgorithmId
getAlgorithmId
(String algname, ConfigStore store) static org.mozilla.jss.crypto.PQGParams
getCAPQG
(int keysize, ConfigStore store) static org.mozilla.jss.crypto.X509Certificate
getCertificate
(String tokenname, String nickname) static org.mozilla.jss.netscape.security.pkcs.PKCS10
getCertRequest
(String subjectName, KeyPair keyPair) static org.mozilla.jss.netscape.security.pkcs.PKCS10
getCertRequest
(String subjectName, KeyPair keyPair, org.mozilla.jss.netscape.security.x509.Extensions exts) static String
getCertSubjectName
(String tokenname, String nickname) static org.mozilla.jss.netscape.security.x509.CertificateExtensions
getExtensions
(String tokenname, String nickname) static org.mozilla.jss.crypto.X509Certificate
getInternalCertificate
(byte[] b, String nickname, String certType) static KeyPair
getKeyPair
(String tokenname, String nickname) static org.mozilla.jss.crypto.PQGParams
getPQG
(int keysize) static PrivateKey
getPrivateKey
(String tokenname, String nickname) static BigInteger
getSerialNumber
(netscape.ldap.LDAPConnection conn, String baseDN) static org.mozilla.jss.crypto.SignatureAlgorithm
getSigningAlgorithm
(String keyType) static org.mozilla.jss.crypto.SignatureAlgorithm
getSigningAlgorithm
(String keyType, String hashtype) static String
getTokenNames
(org.mozilla.jss.CryptoManager manager) static org.mozilla.jss.crypto.X509Certificate
importCert
(byte[] b, String nickname, String certType) static org.mozilla.jss.crypto.X509Certificate
importCert
(String b64E, String nickname, String certType) static org.mozilla.jss.crypto.X509Certificate
importCert
(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) static boolean
isBadDSAKeyPair
(KeyPair pair) Test for a DSA key pair that will trigger a bug in NSS.static byte[]
makeDSSParms
(BigInteger P, BigInteger Q, BigInteger G) static void
setAuthInfoAccess
(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setAuthorityKeyIdentifier
(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setBasicConstraintsExtension
(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setDERExtension
(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test with configuration wizard: MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==static void
setExtendedKeyUsageExtension
(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setKeyUsageExtension
(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, org.mozilla.jss.netscape.security.x509.KeyUsageExtension keyUsage) static void
setNetscapeCertificateExtension
(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setOCSPNoCheck
(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setOCSPSigning
(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
setSerialNumber
(netscape.ldap.LDAPConnection conn, String baseDN, BigInteger serial) static void
setSubjectKeyIdentifier
(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) static void
static org.mozilla.jss.netscape.security.x509.X509CertImpl
signCert
(PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg)
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CA_SIGNINGCERT_NICKNAME
- See Also:
-
-
Constructor Details
-
KeyCertUtil
public KeyCertUtil()
-
-
Method Details
-
checkCertificateExt
- Throws:
EBaseException
-
getTokenNames
public static String getTokenNames(org.mozilla.jss.CryptoManager manager) throws org.mozilla.jss.crypto.TokenException - Throws:
org.mozilla.jss.crypto.TokenException
-
base64Encode
- Throws:
IOException
-
makeDSSParms
- Throws:
IOException
-
getPrivateKey
public static PrivateKey getPrivateKey(String tokenname, String nickname) throws org.mozilla.jss.crypto.TokenException, EBaseException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.NotInitializedException, CertificateException, CertificateEncodingException, EBaseException, org.mozilla.jss.crypto.ObjectNotFoundException - Throws:
org.mozilla.jss.crypto.TokenException
EBaseException
org.mozilla.jss.NoSuchTokenException
org.mozilla.jss.NotInitializedException
CertificateException
CertificateEncodingException
EBaseException
org.mozilla.jss.crypto.ObjectNotFoundException
-
getCertSubjectName
public static String getCertSubjectName(String tokenname, String nickname) throws org.mozilla.jss.crypto.TokenException, EBaseException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.NotInitializedException, CertificateException, CertificateEncodingException, EBaseException - Throws:
org.mozilla.jss.crypto.TokenException
EBaseException
org.mozilla.jss.NoSuchTokenException
org.mozilla.jss.NotInitializedException
CertificateException
CertificateEncodingException
EBaseException
-
signCert
public static org.mozilla.jss.netscape.security.x509.X509CertImpl signCert(PrivateKey privateKey, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo, org.mozilla.jss.crypto.SignatureAlgorithm sigAlg) throws org.mozilla.jss.NoSuchTokenException, EBaseException, org.mozilla.jss.NotInitializedException - Throws:
org.mozilla.jss.NoSuchTokenException
EBaseException
org.mozilla.jss.NotInitializedException
-
getSigningAlgorithm
-
getSigningAlgorithm
-
getAlgorithmId
public static org.mozilla.jss.netscape.security.x509.AlgorithmId getAlgorithmId(String algname, ConfigStore store) throws EBaseException - Throws:
EBaseException
-
getCertificate
public static org.mozilla.jss.crypto.X509Certificate getCertificate(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.NoSuchTokenException, EBaseException, org.mozilla.jss.crypto.TokenException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.NoSuchTokenException
EBaseException
org.mozilla.jss.crypto.TokenException
-
getKeyPair
public static KeyPair getKeyPair(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.NoSuchTokenException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, EBaseException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.NoSuchTokenException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
EBaseException
-
getPQG
public static org.mozilla.jss.crypto.PQGParams getPQG(int keysize) -
getCAPQG
public static org.mozilla.jss.crypto.PQGParams getCAPQG(int keysize, ConfigStore store) throws EBaseException - Throws:
EBaseException
-
generateKeyPair
public static KeyPair generateKeyPair(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.KeyPairAlgorithm kpAlg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws NoSuchAlgorithmException, org.mozilla.jss.crypto.TokenException, InvalidAlgorithmParameterException, InvalidParameterException, org.mozilla.jss.crypto.PQGParamGenException - Throws:
NoSuchAlgorithmException
org.mozilla.jss.crypto.TokenException
InvalidAlgorithmParameterException
InvalidParameterException
org.mozilla.jss.crypto.PQGParamGenException
-
isBadDSAKeyPair
Test for a DSA key pair that will trigger a bug in NSS. The problem occurs when the first byte of the key is 0. This happens when the value otherwise would have been negative, and a zero byte is prepended to force it to be positive. This is blackflag bug 602548. -
generateKeyPair
public static KeyPair generateKeyPair(String tokenName, String alg, int keySize, org.mozilla.jss.crypto.PQGParams pqg) throws EBaseException - Throws:
EBaseException
-
getCertRequest
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 getCertRequest(String subjectName, KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException -
getCertRequest
public static org.mozilla.jss.netscape.security.pkcs.PKCS10 getCertRequest(String subjectName, KeyPair keyPair, org.mozilla.jss.netscape.security.x509.Extensions exts) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException -
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(org.mozilla.jss.netscape.security.x509.X509CertImpl signedCert, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
CertificateEncodingException
org.mozilla.jss.UserCertConflictException
org.mozilla.jss.NicknameConflictException
org.mozilla.jss.crypto.NoSuchItemOnTokenException
CertificateException
-
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(String b64E, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
CertificateEncodingException
org.mozilla.jss.UserCertConflictException
org.mozilla.jss.NicknameConflictException
org.mozilla.jss.crypto.NoSuchItemOnTokenException
CertificateException
-
importCert
public static org.mozilla.jss.crypto.X509Certificate importCert(byte[] b, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
CertificateEncodingException
org.mozilla.jss.UserCertConflictException
org.mozilla.jss.NicknameConflictException
org.mozilla.jss.crypto.NoSuchItemOnTokenException
CertificateException
-
getInternalCertificate
public static org.mozilla.jss.crypto.X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, CertificateEncodingException, org.mozilla.jss.UserCertConflictException, org.mozilla.jss.NicknameConflictException, org.mozilla.jss.crypto.NoSuchItemOnTokenException, CertificateException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
CertificateEncodingException
org.mozilla.jss.UserCertConflictException
org.mozilla.jss.NicknameConflictException
org.mozilla.jss.crypto.NoSuchItemOnTokenException
CertificateException
-
setTrust
-
convertB64EToByteArray
- Throws:
CertificateException
IOException
-
setDERExtension
public static void setDERExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test with configuration wizard: MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==- Throws:
IOException
-
setBasicConstraintsExtension
public static void setBasicConstraintsExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException - Throws:
IOException
-
setExtendedKeyUsageExtension
public static void setExtendedKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException - Throws:
IOException
CertificateException
-
setNetscapeCertificateExtension
public static void setNetscapeCertificateExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, CertificateException - Throws:
IOException
CertificateException
-
setOCSPNoCheck
public static void setOCSPNoCheck(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setOCSPSigning
public static void setOCSPSigning(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setAuthInfoAccess
public static void setAuthInfoAccess(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setAuthorityKeyIdentifier
public static void setAuthorityKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setSubjectKeyIdentifier
public static void setSubjectKeyIdentifier(KeyPair keypair, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, KeyCertData properties) throws IOException, NoSuchAlgorithmException, InvalidKeyException -
setKeyUsageExtension
public static void setKeyUsageExtension(org.mozilla.jss.netscape.security.x509.CertificateExtensions ext, org.mozilla.jss.netscape.security.x509.KeyUsageExtension keyUsage) throws IOException - Throws:
IOException
-
createKeyIdentifier
public static org.mozilla.jss.netscape.security.x509.KeyIdentifier createKeyIdentifier(KeyPair keypair) throws NoSuchAlgorithmException, InvalidKeyException -
getSerialNumber
public static BigInteger getSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPException
EBaseException
-
setSerialNumber
public static void setSerialNumber(netscape.ldap.LDAPConnection conn, String baseDN, BigInteger serial) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPException
EBaseException
-
addCertToDB
public static void addCertToDB(netscape.ldap.LDAPConnection conn, String dn, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws netscape.ldap.LDAPException, EBaseException - Throws:
netscape.ldap.LDAPException
EBaseException
-
getExtensions
public static org.mozilla.jss.netscape.security.x509.CertificateExtensions getExtensions(String tokenname, String nickname) throws org.mozilla.jss.NotInitializedException, org.mozilla.jss.crypto.TokenException, org.mozilla.jss.crypto.ObjectNotFoundException, IOException, CertificateException - Throws:
org.mozilla.jss.NotInitializedException
org.mozilla.jss.crypto.TokenException
org.mozilla.jss.crypto.ObjectNotFoundException
IOException
CertificateException
-