public class CertificateManager extends Object
Constructor and Description |
---|
CertificateManager() |
Modifier and Type | Method and Description |
---|---|
static void |
addListener(CertificateEventListener listener)
Registers a listener to receive events.
|
static X509Certificate |
createDSACert(KeyStore ksKeys,
String keyPassword,
String alias,
String issuerDN,
String subjectDN,
String domain)
Creates a new X509 certificate using the DSA algorithm.
|
static X509Certificate |
createRSACert(KeyStore ksKeys,
String keyPassword,
String alias,
String issuerDN,
String subjectDN,
String domain)
Creates a new X509 certificate using the RSA algorithm.
|
static String |
createSigningRequest(X509Certificate cert,
PrivateKey privKey)
Creates and returns the content of a new singing request for the specified certificate.
|
static void |
deleteCertificate(KeyStore ksKeys,
String alias)
Deletes the specified certificate from the
|
static X509Certificate |
getEndEntityCertificate(Certificate[] chain,
KeyStore certStore,
KeyStore trustStore)
Decide whether or not to trust the given supplied certificate chain, returning the
End Entity Certificate in this case where it can, and null otherwise.
|
static List<String> |
getPeerIdentities(X509Certificate x509Certificate)
Returns the identities of the remote server as defined in the specified certificate.
|
static boolean |
installCert(KeyStore keyStore,
KeyStore trustStore,
String keyPassword,
String alias,
InputStream pkInputStream,
String passPhrase,
InputStream inputStream,
boolean trustCACerts,
boolean validateRoot)
Imports a new signed certificate and its private key into the keystore.
|
static boolean |
installReply(KeyStore keyStore,
KeyStore trustStore,
String keyPassword,
String alias,
InputStream inputStream,
boolean trustCACerts,
boolean validateRoot)
Installs the Certificate Authority reply returned as part of the signing request.
|
static boolean |
isDSACertificate(KeyStore ksKeys,
String domain)
Returns true if an DSA certificate was found in the specified keystore for the specified domain.
|
static boolean |
isDSACertificate(X509Certificate certificate)
Returns true if the specified certificate is using the DSA algorithm.
|
static boolean |
isRSACertificate(KeyStore ksKeys,
String domain)
Returns true if an RSA certificate was found in the specified keystore for the specified domain.
|
static boolean |
isSelfSignedCertificate(KeyStore keyStore,
String alias)
Returns true if the specified certificate is a self-signed certificate.
|
static boolean |
isSelfSignedCertificate(KeyStore keyStore,
X509Certificate certificate)
Returns true if the specified certificate is a self-signed certificate.
|
static boolean |
isSigningRequestPending(KeyStore keyStore,
String alias)
Returns true if the specified certificate is ready to be signed by a Certificate Authority.
|
static void |
removeListener(CertificateEventListener listener)
Unregisters a listener to receive events.
|
public static X509Certificate createDSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain) throws GeneralSecurityException, IOException
ksKeys
- key store where the new certificate and private key are going to be stored.keyPassword
- password of the keystore.alias
- name to use when storing the certificate in the key store.issuerDN
- Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"subjectDN
- Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"domain
- domain of the server to store in the subject alternative name extension.GeneralSecurityException
IOException
public static X509Certificate createRSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain) throws GeneralSecurityException, IOException
ksKeys
- key store where the new certificate and private key are going to be stored.keyPassword
- password of the keystore.alias
- name to use when storing the certificate in the key store.issuerDN
- Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"subjectDN
- Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"domain
- domain of the server to store in the subject alternative name extension.GeneralSecurityException
IOException
public static void deleteCertificate(KeyStore ksKeys, String alias) throws GeneralSecurityException, IOException
ksKeys
- key store where the certificate is stored.alias
- alias of the certificate to delete.GeneralSecurityException
IOException
public static X509Certificate getEndEntityCertificate(Certificate[] chain, KeyStore certStore, KeyStore trustStore)
chain
- an array of X509Certificate where the first one is the endEntityCertificate.certStore
- a keystore containing untrusted certificates (including ICAs, etc).trustStore
- a keystore containing Trust Anchors (most-trusted CA certificates).public static List<String> getPeerIdentities(X509Certificate x509Certificate)
x509Certificate
- the certificate the holds the identities of the remote server.public static boolean isRSACertificate(KeyStore ksKeys, String domain) throws KeyStoreException
ksKeys
- the keystore that contains the certificates.domain
- domain of the server signed by the certificate.KeyStoreException
public static boolean isDSACertificate(KeyStore ksKeys, String domain) throws KeyStoreException
ksKeys
- the keystore that contains the certificates.domain
- domain of the server signed by the certificate.KeyStoreException
public static boolean isDSACertificate(X509Certificate certificate) throws KeyStoreException
certificate
- the certificate to analyze.KeyStoreException
public static boolean isSelfSignedCertificate(KeyStore keyStore, String alias) throws KeyStoreException
keyStore
- key store that holds the certificate to verify.alias
- alias of the certificate in the key store.KeyStoreException
- if an error happens while usign the keystorepublic static boolean isSelfSignedCertificate(KeyStore keyStore, X509Certificate certificate) throws KeyStoreException
keyStore
- key store that holds the certificate to verify.certificate
- the certificate in the key store.KeyStoreException
- if an error happens while usign the keystorepublic static boolean isSigningRequestPending(KeyStore keyStore, String alias) throws KeyStoreException
keyStore
- key store that holds the certificate to verify.alias
- alias of the certificate in the key store.KeyStoreException
- if an error happens while usign the keystorepublic static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws Exception
installReply(java.security.KeyStore, java.security.KeyStore, String, String, java.io.InputStream, boolean, boolean)
to import the CA reply.cert
- the certificate to create a signing request.privKey
- the private key of the certificate.Exception
public static boolean installReply(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception
keyStore
- key store where the certificate is stored.trustStore
- key store where ca certificates are stored.keyPassword
- password of the keystore.alias
- the alias of the existing certificate being signed.inputStream
- the stream containing the CA reply.trustCACerts
- true if certificates present in the truststore file will be used to verify the
identity of the entity signing the certificate.validateRoot
- true if you want to verify that the root certificate in the chain can be trusted
based on the truststore.Exception
public static boolean installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception
keyStore
- key store where the certificate will be stored.trustStore
- key store where ca certificates are stored.keyPassword
- password of the keystore.alias
- the alias of the the new signed certificate.pkInputStream
- the stream containing the private key.passPhrase
- is the password phrased used when creating the private key.inputStream
- the stream containing the signed certificate.trustCACerts
- true if certificates present in the truststore file will be used to verify the
identity of the entity signing the certificate.validateRoot
- true if you want to verify that the root certificate in the chain can be trusted
based on the truststore.Exception
- if no certificates were found in the inputStream.public static void addListener(CertificateEventListener listener)
listener
- the listener.public static void removeListener(CertificateEventListener listener)
listener
- the listener.Copyright © 2003-2008 Jive Software.