Package org.keycloak.crypto.fips

Class BCFIPSCertificateUtilsProvider

  • All Implemented Interfaces:
    org.keycloak.common.crypto.CertificateUtilsProvider
    public class BCFIPSCertificateUtilsProvider
extends Object
implements org.keycloak.common.crypto.CertificateUtilsProvider
    The Class CertificateUtils provides utility functions for generation of V1 and V3 X509Certificate
    Version:
    $Revision: 2 $
    Author:
    Bill Burke, Giriraj Sharma

    • Constructor Detail

      • BCFIPSCertificateUtilsProvider

        public BCFIPSCertificateUtilsProvider()

    • Method Detail

      • generateV3Certificate

        public X509Certificate generateV3Certificate​(KeyPair keyPair,
                                             PrivateKey caPrivateKey,
                                             X509Certificate caCert,
                                             String subject)
                                      throws Exception
        Generates version 3 X509Certificate.
        Specified by:
        generateV3Certificate in interface org.keycloak.common.crypto.CertificateUtilsProvider
        Parameters:
        keyPair - the key pair
        caPrivateKey - the CA private key
        caCert - the CA certificate
        subject - the subject name
        Returns:
        the x509 certificate
        Throws:
        Exception - the exception

      • generateV1SelfSignedCertificate

        public X509Certificate generateV1SelfSignedCertificate​(KeyPair caKeyPair,
                                                       String subject)
        Generate version 1 self signed X509Certificate..
        Specified by:
        generateV1SelfSignedCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider
        Parameters:
        caKeyPair - the CA key pair
        subject - the subject name
        Returns:
        the x509 certificate
        Throws:
        Exception - the exception

      • generateV1SelfSignedCertificate

        public X509Certificate generateV1SelfSignedCertificate​(KeyPair caKeyPair,
                                                       String subject,
                                                       BigInteger serialNumber)
        Specified by:
        generateV1SelfSignedCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider

      • getCRLDistributionPoints

        public List<String> getCRLDistributionPoints​(X509Certificate cert)
                                      throws IOException
        Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation
        Specified by:
        getCRLDistributionPoints in interface org.keycloak.common.crypto.CertificateUtilsProvider
        Parameters:
        cert -
        Returns:
        Throws:
        IOException

      • createServicesTestCertificate

        public X509Certificate createServicesTestCertificate​(String dn,
                                                     Date startDate,
                                                     Date expiryDate,
                                                     KeyPair keyPair,
                                                     String... certificatePolicyOid)
        Specified by:
        createServicesTestCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider