X509CertificateGenerator (Imixs-Signature Microservice 1.0.0 API)

java.lang.Object
- org.imixs.signature.ca.X509CertificateGenerator

```
public class X509CertificateGenerator
extends Object
```
The X509CertificateGenerator provides static methods to generate X509Certificates to be used for digital Signatures. Certificates can be singed by an existing root or intermediate Certificate stored in a keystore. The X509CertificateGenerator is used by the Imixs-Archive CAService.
Certificates stored in the keystore can be protected with an additional optional password. This is recommended for root certificates and intermediate certificates.
The DEFAULT_KEY_ALGORITHM is "RSA", the DEFAULT_SIGNATURE_ALGORITHM is "SHA256withRSA". Both can be changed by properties.
The service is based on the BouncyCastle library v 1.67

Version:

1.0

Author:

rsoika

See Also:

CAService

Constructor Summary

Constructors
Constructor and Description

X509CertificateGenerator()

Constructors
Constructor and Description
`X509CertificateGenerator()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`exportKeyPairToKeystore(Certificate[] certChain, PrivateKey privKey, String password, String alias, KeyStore keyStore, String fileName, String storePass)` This method stores the certificate into the given keystore.
`KeyPair`	`generateKeyPair()` Generates a new keyPair.
`X509Certificate`	`generateRootCertificate(KeyPair rootKeyPair, String cn)` This method generates a self signed root certificate.
`X509Certificate[]`	`generateSignedCertificate(X509Certificate rootCert, PrivateKey rootPrivateKey, KeyPair issuedCertKeyPair, String cn, String o, List<String> ou, String city, String state, String country)` This method generates a new X509Certificate and signs the certificate from a given root/intermediate certificate by generating a CSR (Certificate Signing Request).
`String`	`getKeyAlgorithm()`
`String`	`getSignatureAlgorithm()`
`void`	`setKeyAlgorithm(String keyAlgorithm)`
`void`	`setSignatureAlgorithm(String signatureAlgorithm)`
`void`	`writeCertToFileBase64Encoded(Certificate certificate, String fileName)` This method writes a given certificate into a file.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509CertificateGenerator

public X509CertificateGenerator()
                         throws KeyStoreException,
                                UnrecoverableKeyException,
                                NoSuchAlgorithmException,
                                NoSuchProviderException

Throws:: KeyStoreException; UnrecoverableKeyException; NoSuchAlgorithmException; NoSuchProviderException

Method Detail

getKeyAlgorithm
```
public String getKeyAlgorithm()
```

setKeyAlgorithm

public void setKeyAlgorithm(String keyAlgorithm)

getSignatureAlgorithm
```
public String getSignatureAlgorithm()
```

setSignatureAlgorithm

public void setSignatureAlgorithm(String signatureAlgorithm)

generateRootCertificate

public X509Certificate generateRootCertificate(KeyPair rootKeyPair,
                                               String cn)
                                        throws org.bouncycastle.operator.OperatorCreationException,
                                               NoSuchAlgorithmException,
                                               KeyStoreException,
                                               CertificateException,
                                               IOException

This method generates a self signed root certificate. The root certificate can be used to generate signed X509Certificates.

The method returns the root certificate.

Parameters:: rootKeyPair - - key pair used to generated the certificate; cn - - common name of the root certificate
Returns:: a signed X509Certificate
Throws:: org.bouncycastle.operator.OperatorCreationException; NoSuchAlgorithmException; IOException; CertificateException; KeyStoreException; Exception

generateSignedCertificate

public X509Certificate[] generateSignedCertificate(X509Certificate rootCert,
                                                   PrivateKey rootPrivateKey,
                                                   KeyPair issuedCertKeyPair,
                                                   String cn,
                                                   String o,
                                                   List<String> ou,
                                                   String city,
                                                   String state,
                                                   String country)
                                            throws NoSuchAlgorithmException,
                                                   org.bouncycastle.operator.OperatorCreationException,
                                                   org.bouncycastle.cert.CertIOException,
                                                   CertificateException,
                                                   InvalidKeyException,
                                                   NoSuchProviderException,
                                                   SignatureException

This method generates a new X509Certificate and signs the certificate from a given root/intermediate certificate by generating a CSR (Certificate Signing Request).

The method returns a certificate chain containing the issuer certificate and the root certificate. A certificate chain can be stored in a keyStore.

Throws:: NoSuchAlgorithmException; org.bouncycastle.operator.OperatorCreationException; org.bouncycastle.cert.CertIOException; CertificateException; SignatureException; NoSuchProviderException; InvalidKeyException
See Also:: https://gist.github.com/vivekkr12/c74f7ee08593a8c606ed96f4b62a208a

generateKeyPair
```
public KeyPair generateKeyPair()
```
Generates a new keyPair.

Returns:

exportKeyPairToKeystore

public void exportKeyPairToKeystore(Certificate[] certChain,
                                    PrivateKey privKey,
                                    String password,
                                    String alias,
                                    KeyStore keyStore,
                                    String fileName,
                                    String storePass)
                             throws KeyStoreException,
                                    NoSuchAlgorithmException,
                                    CertificateException,
                                    IOException

This method stores the certificate into the given keystore.

Parameters:: certificate - - the certificate to be stored; privKey - - the associated private key; password - - optional password to protect the entry, can be null; alias - - alias name to store the entry; fileName - - filename of the keystore location.; storePass - - password for keystore
Throws:: KeyStoreException; IOException; CertificateException; NoSuchAlgorithmException; Exception

writeCertToFileBase64Encoded

public void writeCertToFileBase64Encoded(Certificate certificate,
                                         String fileName)
                                  throws Exception

This method writes a given certificate into a file.

Parameters:: certificate -; fileName -
Throws:: Exception

Class X509CertificateGenerator

Constructor Summary