public abstract class SSLCertFactory
extends java.lang.Object
Before starting to generate certificates, a root CA needs to be generated. This will be used for signing all the issued certificates.
Modifier and Type | Field and Description |
---|---|
protected java.math.BigInteger |
exponent
The public key exponent.
|
protected int |
keyStrength
The private key size:
MIN_RSA_KEY_STRENGTH bits or better. |
static int |
MIN_RSA_KEY_STRENGTH
The minimum length (in bits) of a RSA key.
|
Constructor and Description |
---|
SSLCertFactory() |
Modifier and Type | Method and Description |
---|---|
abstract java.security.PrivateKey |
decryptPrivateKey(byte[] encrypted,
java.lang.String password)
Decrypt a private key which was previously encrypted with the given password.
|
abstract byte[] |
encryptPrivateKey(java.security.Key key,
java.lang.String password)
Encrypt the given key using the provided password.
|
abstract java.lang.String |
generateCertificate(java.lang.String alias,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a certificate and sign it with the already generated root CA.
|
abstract java.lang.String |
generateRootCA(java.lang.String alias,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a root CA certificate, which will be used to sign all the issues certificates.
|
abstract java.lang.String |
generateSelfSignedCertificate(java.lang.String alias,
boolean certificateAuthority,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a self-signed certificate.
|
abstract java.util.Map<java.lang.String,java.lang.String> |
getMandatorySubjectFields()
Get the map with the mandatory subject attributes.
|
void |
init(java.lang.Integer keyStrength,
java.math.BigInteger exponent)
Initialize this SSL certificate factory.
|
abstract void |
setRootCA(java.security.cert.X509Certificate cert,
java.security.PrivateKey pk)
Set the details for the root CA certificate.
|
public static final int MIN_RSA_KEY_STRENGTH
protected java.math.BigInteger exponent
protected int keyStrength
MIN_RSA_KEY_STRENGTH
bits or better.public abstract java.security.PrivateKey decryptPrivateKey(byte[] encrypted, java.lang.String password) throws SSLCertGenException
encrypted
- The bytes representing the encrypted private key.password
- The encryption password.private key
.SSLCertGenException
- If the private key could not be decrypted.public abstract byte[] encryptPrivateKey(java.security.Key key, java.lang.String password) throws SSLCertGenException
key
- The key to be encrypted.password
- The encryption password.SSLCertGenException
- If the key could not be encrypted.public abstract java.lang.String generateCertificate(java.lang.String alias, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract void setRootCA(java.security.cert.X509Certificate cert, java.security.PrivateKey pk) throws SSLCertGenException
cert
- The certificate.pk
- The private key.SSLCertGenException
public abstract java.lang.String generateRootCA(java.lang.String alias, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public root CA certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract java.lang.String generateSelfSignedCertificate(java.lang.String alias, boolean certificateAuthority, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.certificateAuthority
- Flag indicating if the generated self-signed certificate will be used as the root
CA.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract java.util.Map<java.lang.String,java.lang.String> getMandatorySubjectFields()
public void init(java.lang.Integer keyStrength, java.math.BigInteger exponent) throws SSLCertGenException
keyStrength
- The private key size: MIN_RSA_KEY_STRENGTH
bits or better.
If null
, defaults to MIN_RSA_KEY_STRENGTH
.exponent
- The public key exponent. If null
, defaults to 65537.
WARNING: a wrong value may result in vulnerable SSL private keys and also 3rd party
software might not accept them. Use with care.SSLCertGenException
- If the factory could not be instantiated.