Package org.keycloak.crypto.fips

Class BCFIPSCertificateUtilsProvider

java.lang.Object
org.keycloak.crypto.fips.BCFIPSCertificateUtilsProvider
All Implemented Interfaces:
org.keycloak.common.crypto.CertificateUtilsProvider
public class BCFIPSCertificateUtilsProvider extends Object implements org.keycloak.common.crypto.CertificateUtilsProvider
The Class CertificateUtils provides utility functions for generation of V1 and V3 X509Certificate
Version:
$Revision: 2 $
Author:
Bill Burke, Giriraj Sharma

  • Constructor Details

    • BCFIPSCertificateUtilsProvider

      public BCFIPSCertificateUtilsProvider()

  • Method Details

    • generateV3Certificate

      public X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject)
      Generates version 3 X509Certificate.
      Specified by:
      generateV3Certificate in interface org.keycloak.common.crypto.CertificateUtilsProvider
      Parameters:
      keyPair - the key pair
      caPrivateKey - the CA private key
      caCert - the CA certificate
      subject - the subject name
      Returns:
      the x509 certificate

    • generateV1SelfSignedCertificate

      public X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject)
      Generate version 1 self signed X509Certificate..
      Specified by:
      generateV1SelfSignedCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider
      Parameters:
      caKeyPair - the CA key pair
      subject - the subject name
      Returns:
      the x509 certificate
      Throws:
      Exception - the exception

    • generateV1SelfSignedCertificate

      public X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject, BigInteger serialNumber)
      Specified by:
      generateV1SelfSignedCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider

    • getCertificatePolicyList

      public List<String> getCertificatePolicyList(X509Certificate cert) throws GeneralSecurityException
      Specified by:
      getCertificatePolicyList in interface org.keycloak.common.crypto.CertificateUtilsProvider
      Throws:
      GeneralSecurityException

    • getCRLDistributionPoints

      public List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException
      Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation
      Specified by:
      getCRLDistributionPoints in interface org.keycloak.common.crypto.CertificateUtilsProvider
      Parameters:
      cert -
      Returns:
      Throws:
      IOException

    • createServicesTestCertificate

      public X509Certificate createServicesTestCertificate(String dn, Date startDate, Date expiryDate, KeyPair keyPair, String... certificatePolicyOid)
      Specified by:
      createServicesTestCertificate in interface org.keycloak.common.crypto.CertificateUtilsProvider