org.xipki.ca.api.profile

Class Certprofile

java.lang.Object

org.xipki.ca.api.profile.Certprofile

Direct Known Subclasses:

BaseCertprofile

public abstract class Certprofile
extends Object

TODO.

Since:

2.0.0

Author:

Lijun Liao

Constructor Summary

Constructors

Constructor and Description
Certprofile()

Method Summary

Modifier and Type	Method and Description
abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey) Checks the public key.
AuthorityInfoAccessControl	getAiaControl()
abstract CertLevel	getCertLevel()
Set<ExtKeyUsageControl>	getExtendedKeyUsages()
abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,ExtensionControl>	getExtensionControls()
abstract ExtensionValues	getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,ExtensionControl> extensionControls, org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x500.X500Name grantedSubject, org.bouncycastle.asn1.x509.Extensions requestedExtensions, Date notBefore, Date notAfter, PublicCaInfo caInfo) Checks the requested extensions and returns the canonicalized ones.
KeypairGenControl	getKeypairGenControl()
abstract Set<KeyUsageControl>	getKeyUsage()
int	getMaxCertSize() Returns maximal size in bytes of the certificate.
abstract Date	getNotBefore(Date notBefore) Checks and gets the granted NotBefore.
abstract Integer	getPathLenBasicConstraint()
List<String>	getSignatureAlgorithms()
abstract SubjectInfo	getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject) Checks the requested subject.
Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<GeneralNameMode>>	getSubjectInfoAccessModes() Returns the SubjectInfoAccess modes.
abstract CertValidity	getValidity()
X509CertVersion	getVersion()
boolean	includesIssuerAndSerialInAki() Returns whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.
String	incSerialNumber(String currentSerialNumber) Increments the SerialNumber attribute in the subject.
abstract boolean	incSerialNumberIfSubjectExists()
abstract void	initialize(String data) Initializes this object.
boolean	isOnlyForRa()
boolean	isSerialNumberInReqPermitted() Whether the subject attribute serialNumber in request is permitted.
void	shutdown()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Certprofile

public Certprofile()

Method Detail

isOnlyForRa

public boolean isOnlyForRa()

shutdown

public void shutdown()

getVersion

public X509CertVersion getVersion()

getSignatureAlgorithms

public List<String> getSignatureAlgorithms()

includesIssuerAndSerialInAki

public boolean includesIssuerAndSerialInAki()

Returns whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Returns:

whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

getAiaControl

public AuthorityInfoAccessControl getAiaControl()

incSerialNumber

public String incSerialNumber(String currentSerialNumber)
                       throws BadFormatException

Increments the SerialNumber attribute in the subject.

Parameters:

currentSerialNumber - Current serial number. Could be null.

Returns:

the incremented serial number

Throws:

BadFormatException - If the currentSerialNumber is not a non-negative decimal long.

isSerialNumberInReqPermitted

public boolean isSerialNumberInReqPermitted()

Whether the subject attribute serialNumber in request is permitted.

Returns:

whether the serialNumber is permitted in request.

getExtendedKeyUsages

public Set<ExtKeyUsageControl> getExtendedKeyUsages()

getSubjectInfoAccessModes

public Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<GeneralNameMode>> getSubjectInfoAccessModes()

Returns the SubjectInfoAccess modes. Use the dummy oid 0.0.0.0 to identify the NULL accessMethod.

Returns:

the SubjectInfoAccess modes.

getExtensionControls

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,ExtensionControl> getExtensionControls()

initialize

public abstract void initialize(String data)
                         throws CertprofileException

Initializes this object.

Parameters:

data - Configuration. Could be null.

Throws:

CertprofileException - if error during the initialization occurs.

getCertLevel

public abstract CertLevel getCertLevel()

getKeypairGenControl

public KeypairGenControl getKeypairGenControl()

getKeyUsage

public abstract Set<KeyUsageControl> getKeyUsage()

getPathLenBasicConstraint

public abstract Integer getPathLenBasicConstraint()

getNotBefore

public abstract Date getNotBefore(Date notBefore)

Checks and gets the granted NotBefore.

Parameters:

notBefore - Requested NotBefore. Could be null.

Returns:

the granted NotBefore.

getValidity

public abstract CertValidity getValidity()

checkPublicKey

public abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                                        throws CertprofileException,
                                                                               BadCertTemplateException

Checks the public key. If the check passes, returns the canonicalized public key.

Parameters:

publicKey - Requested public key. Must not be null.

Returns:

the granted public key.

Throws:

BadCertTemplateException - If the publicKey does not have correct format or is not permitted.

CertprofileException

getSubject

public abstract SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                throws CertprofileException,
                                       BadCertTemplateException

Checks the requested subject. If the check passes, returns the canonicalized subject.

Parameters:

requestedSubject - Requested subject. Must not be null.

Returns:

the granted subject

Throws:

BadCertTemplateException - if the subject is not permitted.

CertprofileException - if error occurs.

getExtensions

public abstract ExtensionValues getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,ExtensionControl> extensionControls,
                                              org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                              org.bouncycastle.asn1.x500.X500Name grantedSubject,
                                              org.bouncycastle.asn1.x509.Extensions requestedExtensions,
                                              Date notBefore,
                                              Date notAfter,
                                              PublicCaInfo caInfo)
                                       throws CertprofileException,
                                              BadCertTemplateException

Checks the requested extensions and returns the canonicalized ones.

Parameters:

extensionControls - Extension controls. Must not be null.

requestedSubject - Requested subject. Must not be null.

grantedSubject - Granted subject. Must not be null.

requestedExtensions - Requested extensions. Could be null.

notBefore - NotBefore. Must not be null.

notAfter - NotAfter. Must not be null.

caInfo - CA information.

Returns:

extensions of the certificate to be issued.

Throws:

BadCertTemplateException - if at least one of extension is not permitted.

CertprofileException - if error occurs.

incSerialNumberIfSubjectExists

public abstract boolean incSerialNumberIfSubjectExists()

getMaxCertSize

public int getMaxCertSize()

Returns maximal size in bytes of the certificate.

Returns:

maximal size in bytes of the certificate, 0 or negative value indicates accepting all sizes.