public abstract class SSLCertFactory
extends java.lang.Object
Before starting to generate certificates, a root CA needs to be generated. This will be used for signing all the issued certificates.
Modifier and Type | Class and Description |
---|---|
static class |
SSLCertFactory.CertificateSuite
Holds public and private certificates with trusted certificate chain up to a well-known CA.
|
Modifier and Type | Field and Description |
---|---|
protected java.math.BigInteger |
exponent
The public key exponent.
|
protected int |
keyStrength
The private key size:
MIN_RSA_KEY_STRENGTH bits or better. |
static int |
MIN_RSA_KEY_STRENGTH
The minimum length (in bits) of a RSA key.
|
Constructor and Description |
---|
SSLCertFactory() |
Modifier and Type | Method and Description |
---|---|
abstract java.security.PrivateKey |
decryptPrivateKey(byte[] encrypted,
java.lang.String password)
Decrypt a private key which was previously encrypted with the given password.
|
abstract byte[] |
encryptPrivateKey(java.security.Key key,
java.lang.String password)
Encrypt the given key using the provided password.
|
abstract java.lang.String |
generateCertificate(java.lang.String alias,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a certificate and sign it with the already generated root CA.
|
abstract java.lang.String |
generateRootCA(java.lang.String alias,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a root CA certificate, which will be used to sign all the issues certificates.
|
abstract java.lang.String |
generateSelfSignedCertificate(java.lang.String alias,
boolean certificateAuthority,
int validity,
java.lang.String commonName,
java.util.Map<java.lang.String,java.lang.String> fieldMap,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Generate a self-signed certificate.
|
abstract java.security.cert.Certificate[] |
getFullChainFromRoot()
Build a full chain from the root certificate up to the well-known authority.
|
abstract java.util.Map<java.lang.String,java.lang.String> |
getMandatorySubjectFields()
Get the map with the mandatory subject attributes.
|
void |
init(java.lang.Integer keyStrength,
java.math.BigInteger exponent)
Initialize this SSL certificate factory.
|
abstract SSLCertFactory.CertificateSuite |
loadCertificateSuite(java.lang.String certPemFile,
java.lang.String privateKeyPemFile,
java.lang.String certChainPemFile)
Loads externally generated certificate suite of public and private certificates with
trusted certificate chain if this PEM file is provided.
|
abstract java.lang.String |
saveRootCA(java.lang.String alias,
java.security.KeyStore certStore,
java.security.KeyStore certKeyStore)
Save the root CA into the provided certificate and private key stores to be accessed by the
given alias.
|
abstract void |
setCertificateChain(java.security.cert.Certificate[] chain)
Sets the trusted certificate chain.
|
abstract void |
setRootCA(java.security.cert.X509Certificate cert,
java.security.PrivateKey pk)
Set the details for the root CA certificate.
|
public static final int MIN_RSA_KEY_STRENGTH
protected java.math.BigInteger exponent
protected int keyStrength
MIN_RSA_KEY_STRENGTH
bits or better.public abstract java.security.PrivateKey decryptPrivateKey(byte[] encrypted, java.lang.String password) throws SSLCertGenException
encrypted
- The bytes representing the encrypted private key.password
- The encryption password.private key
.SSLCertGenException
- If the private key could not be decrypted.public abstract byte[] encryptPrivateKey(java.security.Key key, java.lang.String password) throws SSLCertGenException
key
- The key to be encrypted.password
- The encryption password.SSLCertGenException
- If the key could not be encrypted.public abstract java.lang.String generateCertificate(java.lang.String alias, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract void setRootCA(java.security.cert.X509Certificate cert, java.security.PrivateKey pk) throws SSLCertGenException
cert
- The certificate.pk
- The private key.SSLCertGenException
public abstract java.lang.String generateRootCA(java.lang.String alias, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public root CA certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract java.lang.String generateSelfSignedCertificate(java.lang.String alias, boolean certificateAuthority, int validity, java.lang.String commonName, java.util.Map<java.lang.String,java.lang.String> fieldMap, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
The encrypted private key will be saved in the specified certKeyStore
; the encrypt
password will be returned by this API.
The public certificate will be saved in the specified certStore
.
alias
- The certificate alias, used to store the private key and certificate.certificateAuthority
- Flag indicating if the generated self-signed certificate will be used as the root
CA.validity
- The certificate validity, in years.commonName
- The certificate's common name (CN).fieldMap
- A map with additional subject attributes.certStore
- The store where to save the certificate.certKeyStore
- The store where to save the private key.SSLCertGenException
- If the root CA is not yet generated or the certificate could not be generated.public abstract SSLCertFactory.CertificateSuite loadCertificateSuite(java.lang.String certPemFile, java.lang.String privateKeyPemFile, java.lang.String certChainPemFile) throws SSLCertGenException
certPemFile
- The PEM file that contains the public certificate signed by well-known authorities
or self-signed.privateKeyPemFile
- The PEM file that contains the private certificate signed by well-known authorities
or self-signed.certChainPemFile
- The PEM file that contains the intermediate certificates up to the well-known
authority CA certificate.SSLCertGenException
- If IO or parse exceptions are thrownpublic abstract java.lang.String saveRootCA(java.lang.String alias, java.security.KeyStore certStore, java.security.KeyStore certKeyStore) throws SSLCertGenException
alias
- The certificate aliascertStore
- The certificate storecertKeyStore
- The certificate private key storeSSLCertGenException
public abstract java.util.Map<java.lang.String,java.lang.String> getMandatorySubjectFields()
public void init(java.lang.Integer keyStrength, java.math.BigInteger exponent) throws SSLCertGenException
keyStrength
- The private key size: MIN_RSA_KEY_STRENGTH
bits or better.
If null
, defaults to MIN_RSA_KEY_STRENGTH
.exponent
- The public key exponent. If null
, defaults to 65537.
WARNING: a wrong value may result in vulnerable SSL private keys and also 3rd party
software might not accept them. Use with care.SSLCertGenException
- If the factory could not be instantiated.public abstract java.security.cert.Certificate[] getFullChainFromRoot()
public abstract void setCertificateChain(java.security.cert.Certificate[] chain)
chain
- The root certificate chain up to the well-known authority