CertificateManager (Openfire 4.2.0.beta Javadoc)

java.lang.Object
- org.jivesoftware.util.CertificateManager

```
public class CertificateManager
extends Object
```
Utility class that provides similar functionality to the keytool tool. Generated certificates conform to the XMPP spec where domains are kept in the subject alternative names extension.

Author:

Gaston Dombiak

Constructor Summary

Constructors
Constructor and Description

CertificateManager()

Constructors
Constructor and Description
`CertificateManager()`

Method Summary

All Methods Static Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`static void`	`addListener(CertificateEventListener listener)` Registers a listener to receive events.
`static String`	`createSigningRequest(X509Certificate cert, PrivateKey privKey)` Creates and returns the content of a new singing request for the specified certificate.
`static X509Certificate`	`createX509V3Certificate(KeyPair kp, int days, String issuerCommonName, String subjectCommonName, String domain, String signAlgoritm)` Creates an X509 version3 certificate.
`static X509Certificate`	`createX509V3Certificate(KeyPair kp, int days, org.bouncycastle.asn1.x500.X500NameBuilder issuerBuilder, org.bouncycastle.asn1.x500.X500NameBuilder subjectBuilder, String domain, String signAlgoritm)` Creates an X509 version3 certificate.
`static void`	`fireCertificateStoreChanged(CertificateStore store)` Notify listeners that a certificate store has been changed.
`static List<String>`	`getClientIdentities(X509Certificate x509Certificate)` Returns the identities of the remote client as defined in the specified certificate.
`static List<String>`	`getServerIdentities(X509Certificate x509Certificate)` Returns the identities of the remote server as defined in the specified certificate.
`static boolean`	`isSelfSignedCertificate(X509Certificate certificate)` Returns true if the specified certificate is a self-signed certificate.
`static boolean`	`isSigningRequestPending(X509Certificate certificate)` Returns true if the specified certificate is ready to be signed by a Certificate Authority.
`static List<X509Certificate>`	`order(Collection<X509Certificate> certificates)` Deprecated. Moved to CertificateUtils
`static Collection<X509Certificate>`	`parseCertificates(InputStream pemRepresentation)` Parses a certificate chain from a PEM representation.
`static Collection<X509Certificate>`	`parseCertificates(String pemRepresentation)`
`static PrivateKey`	`parsePrivateKey(InputStream pemRepresentation, String passPhrase)` Parses a PrivateKey instance from a PEM representation.
`static PrivateKey`	`parsePrivateKey(String pemRepresentation, String passPhrase)`
`static void`	`removeListener(CertificateEventListener listener)` Unregisters a listener to receive events.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CertificateManager
```
public CertificateManager()
```
- Method Detail
  - getClientIdentities
```
public static List<String> getClientIdentities(X509Certificate x509Certificate)
```
    Returns the identities of the remote client as defined in the specified certificate. The identities are mapped by the classes in the "provider.clientCertIdentityMap.classList" property. By default, the subjectDN of the certificate is used.
    
    Parameters:
    
    x509Certificate - the certificate the holds the identities of the remote server.
    
    Returns:
    
    the identities of the remote client as defined in the specified certificate.
  - getServerIdentities
```
public static List<String> getServerIdentities(X509Certificate x509Certificate)
```
    Returns the identities of the remote server as defined in the specified certificate. The identities are mapped by the classes in the "provider.serverCertIdentityMap.classList" property. By default, the identities are defined in the subjectDN of the certificate and it can also be defined in the subjectAltName extensions of type "xmpp". When the extension is being used then the identities defined in the extension are going to be returned. Otherwise, the value stored in the subjectDN is returned.
    
    Parameters:
    
    x509Certificate - the certificate the holds the identities of the remote server.
    
    Returns:
    
    the identities of the remote server as defined in the specified certificate.
  - isSelfSignedCertificate
```
public static boolean isSelfSignedCertificate(X509Certificate certificate)
```
    Returns true if the specified certificate is a self-signed certificate.
    
    Returns:
    
    true if the specified certificate is a self-signed certificate.
  - isSigningRequestPending
```
public static boolean isSigningRequestPending(X509Certificate certificate)
```
    Returns true if the specified certificate is ready to be signed by a Certificate Authority. Self-signed certificates need to get their issuer information entered to be able to generate a Certificate Signing Request (CSR).
    
    Returns:
    
    true if the specified certificate is ready to be signed by a Certificate Authority.
  - createSigningRequest
```
public static String createSigningRequest(X509Certificate cert,
                                          PrivateKey privKey)
                                   throws org.bouncycastle.operator.OperatorCreationException,
                                          IOException
```
    Creates and returns the content of a new singing request for the specified certificate. Signing requests are required by Certificate Authorities as part of their signing process. The signing request contains information about the certificate issuer, subject DN, subject alternative names and public key. Private keys are not included. After the Certificate Authority verified and signed the certificate a new certificate is going to be returned.
    
    Parameters:
    
    cert - the certificate to create a signing request.
    
    privKey - the private key of the certificate.
    
    Returns:
    
    the content of a new singing request for the specified certificate.
    
    Throws:
    
    org.bouncycastle.operator.OperatorCreationException
    
    IOException
  - parsePrivateKey
```
public static PrivateKey parsePrivateKey(String pemRepresentation,
                                         String passPhrase)
                                  throws IOException
```
    Throws:
    
    IOException
  - parsePrivateKey
```
public static PrivateKey parsePrivateKey(InputStream pemRepresentation,
                                         String passPhrase)
                                  throws IOException
```
    Parses a PrivateKey instance from a PEM representation. When the provided key is encrypted, the provided pass phrase is applied.
    
    Parameters:
    
    pemRepresentation - a PEM representation of a private key (cannot be null or empty)
    
    passPhrase - optional pass phrase (must be present if the private key is encrypted).
    
    Returns:
    
    a PrivateKey instance (never null)
    
    Throws:
    
    IOException
  - parseCertificates
```
public static Collection<X509Certificate> parseCertificates(String pemRepresentation)
                                                     throws IOException,
                                                            CertificateException
```
    Throws:
    
    IOException
    
    CertificateException
  - parseCertificates
```
public static Collection<X509Certificate> parseCertificates(InputStream pemRepresentation)
                                                     throws IOException,
                                                            CertificateException
```
    Parses a certificate chain from a PEM representation.
    
    Parameters:
    
    pemRepresentation - a PEM representation of a certificate or certificate chain (cannot be null or empty)
    
    Returns:
    
    A collection of certificates (possibly empty, but never null).
    
    Throws:
    
    IOException
    
    CertificateException
  - addListener
```
public static void addListener(CertificateEventListener listener)
```
    Registers a listener to receive events.
    
    Parameters:
    
    listener - the listener.
  - removeListener
```
public static void removeListener(CertificateEventListener listener)
```
    Unregisters a listener to receive events.
    
    Parameters:
    
    listener - the listener.
  - fireCertificateStoreChanged
```
public static void fireCertificateStoreChanged(CertificateStore store)
```
    Notify listeners that a certificate store has been changed.
  - order
```
@Deprecated
public static List<X509Certificate> order(Collection<X509Certificate> certificates)
                                               throws CertificateException
```
    Deprecated. Moved to CertificateUtils
    
    Orders certificates, starting from the entity to be validated and progressing back toward the CA root. This implementation matches "issuers" to "subjects" of certificates in such a way that "issuer" value of a certificate matches the "subject" value of the next certificate. When certificates are provided that do not belong to the same chain, a CertificateException is thrown.
    
    Parameters:
    
    certificates - an unordered collection of certificates (cannot be null).
    
    Returns:
    
    An ordered list of certificates (possibly empty, but never null).
    
    Throws:
    
    CertificateException
  - createX509V3Certificate
```
public static X509Certificate createX509V3Certificate(KeyPair kp,
                                                      int days,
                                                      String issuerCommonName,
                                                      String subjectCommonName,
                                                      String domain,
                                                      String signAlgoritm)
                                               throws GeneralSecurityException,
                                                      IOException
```
    Creates an X509 version3 certificate.
    
    Parameters:
    
    kp - KeyPair that keeps the public and private keys for the new certificate.
    
    days - time to live
    
    issuerCommonName - Issuer CN string
    
    subjectCommonName - Subject CN string
    
    domain - Domain of the server.
    
    signAlgoritm - Signature algorithm. This can be either a name or an OID.
    
    Returns:
    
    X509 V3 Certificate
    
    Throws:
    
    GeneralSecurityException
    
    IOException
  - createX509V3Certificate
```
public static X509Certificate createX509V3Certificate(KeyPair kp,
                                                      int days,
                                                      org.bouncycastle.asn1.x500.X500NameBuilder issuerBuilder,
                                                      org.bouncycastle.asn1.x500.X500NameBuilder subjectBuilder,
                                                      String domain,
                                                      String signAlgoritm)
                                               throws GeneralSecurityException,
                                                      IOException
```
    Creates an X509 version3 certificate.
    
    Parameters:
    
    kp - KeyPair that keeps the public and private keys for the new certificate.
    
    days - time to live
    
    issuerBuilder - IssuerDN builder
    
    subjectBuilder - SubjectDN builder
    
    domain - Domain of the server.
    
    signAlgoritm - Signature algorithm. This can be either a name or an OID.
    
    Returns:
    
    X509 V3 Certificate
    
    Throws:
    
    GeneralSecurityException
    
    IOException

Class CertificateManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CertificateManager

Method Detail

getClientIdentities

getServerIdentities

isSelfSignedCertificate

isSigningRequestPending

createSigningRequest

parsePrivateKey

parsePrivateKey

parseCertificates

parseCertificates

addListener

removeListener

fireCertificateStoreChanged

order

createX509V3Certificate

createX509V3Certificate