Certprofile (XiPKI :: ca-api 5.1.0 API)

java.lang.Object
- org.xipki.ca.api.profile.Certprofile

All Implemented Interfaces:

Closeable, AutoCloseable

Direct Known Subclasses:

BaseCertprofile
```
public abstract class Certprofile
extends Object
implements Closeable
```
TODO.

Since:

2.0.0

Author:

Lijun Liao

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`Certprofile.AuthorityInfoAccessControl`
`static class`	`Certprofile.CertLevel`
`static class`	`Certprofile.ExtensionControl`
`static class`	`Certprofile.ExtKeyUsageControl`
`static class`	`Certprofile.GeneralNameMode`
`static class`	`Certprofile.GeneralNameTag`
`static class`	`Certprofile.KeyUsageControl`
`static class`	`Certprofile.RdnControl`
`static class`	`Certprofile.StringType`
`static class`	`Certprofile.SubjectControl`
`static class`	`Certprofile.SubjectInfo`
`static class`	`Certprofile.X509CertVersion`

Constructor Summary

Constructors
Modifier Constructor and Description

protected Certprofile()

Constructors
Modifier	Constructor and Description
`protected`	`Certprofile()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo`	`checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)` Checks the public key.
`void`	`close()`
`Certprofile.AuthorityInfoAccessControl`	`getAiaControl()`
`abstract Certprofile.CertLevel`	`getCertLevel()`
`Set<Certprofile.ExtKeyUsageControl>`	`getExtendedKeyUsages()`
`abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl>`	`getExtensionControls()`
`abstract ExtensionValues`	`getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls, org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x500.X500Name grantedSubject, org.bouncycastle.asn1.x509.Extensions requestedExtensions, Date notBefore, Date notAfter, PublicCaInfo caInfo)` Checks the requested extensions and returns the canonicalized ones.
`KeypairGenControl`	`getKeypairGenControl()`
`abstract Set<Certprofile.KeyUsageControl>`	`getKeyUsage()`
`int`	`getMaxCertSize()` Returns maximal size in bytes of the certificate.
`abstract Date`	`getNotBefore(Date notBefore)` Checks and gets the granted NotBefore.
`abstract Integer`	`getPathLenBasicConstraint()`
`List<String>`	`getSignatureAlgorithms()`
`abstract Certprofile.SubjectInfo`	`getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)` Checks the requested subject.
`Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>>`	`getSubjectInfoAccessModes()` Returns the SubjectInfoAccess modes.
`abstract org.xipki.util.Validity`	`getValidity()`
`Certprofile.X509CertVersion`	`getVersion()`
`boolean`	`includesIssuerAndSerialInAki()` Returns whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.
`String`	`incSerialNumber(String currentSerialNumber)` Increments the SerialNumber attribute in the subject.
`abstract boolean`	`incSerialNumberIfSubjectExists()`
`abstract void`	`initialize(String data)` Initializes this object.
`boolean`	`isOnlyForRa()`
`boolean`	`isSerialNumberInReqPermitted()` Whether the subject attribute serialNumber in request is permitted.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- Certprofile
```
protected Certprofile()
```

Method Detail

isOnlyForRa
```
public boolean isOnlyForRa()
```

close
```
public void close()
```
Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

getVersion

public Certprofile.X509CertVersion getVersion()

getSignatureAlgorithms

public List<String> getSignatureAlgorithms()

includesIssuerAndSerialInAki
```
public boolean includesIssuerAndSerialInAki()
```
Returns whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Returns:

whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

getAiaControl

public Certprofile.AuthorityInfoAccessControl getAiaControl()

incSerialNumber
```
public String incSerialNumber(String currentSerialNumber)
                       throws BadFormatException
```
Increments the SerialNumber attribute in the subject.

Parameters:

currentSerialNumber - Current serial number. Could be null.

Returns:

the incremented serial number

Throws:

BadFormatException - If the currentSerialNumber is not a non-negative decimal long.

isSerialNumberInReqPermitted
```
public boolean isSerialNumberInReqPermitted()
```
Whether the subject attribute serialNumber in request is permitted.

Returns:

whether the serialNumber is permitted in request.

getExtendedKeyUsages

public Set<Certprofile.ExtKeyUsageControl> getExtendedKeyUsages()

getSubjectInfoAccessModes
```
public Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>> getSubjectInfoAccessModes()
```
Returns the SubjectInfoAccess modes. Use the dummy oid 0.0.0.0 to identify the NULL accessMethod.

Returns:

the SubjectInfoAccess modes.

getExtensionControls

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> getExtensionControls()

initialize
```
public abstract void initialize(String data)
                         throws CertprofileException
```
Initializes this object.

Parameters:

data - Configuration. Could be null.

Throws:

CertprofileException - if error during the initialization occurs.

getCertLevel

public abstract Certprofile.CertLevel getCertLevel()

getKeypairGenControl

public KeypairGenControl getKeypairGenControl()

getKeyUsage

public abstract Set<Certprofile.KeyUsageControl> getKeyUsage()

getPathLenBasicConstraint

public abstract Integer getPathLenBasicConstraint()

getNotBefore
```
public abstract Date getNotBefore(Date notBefore)
```
Checks and gets the granted NotBefore.

Parameters:

notBefore - Requested NotBefore. Could be null.

Returns:

the granted NotBefore.

getValidity

public abstract org.xipki.util.Validity getValidity()

checkPublicKey

public abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                                        throws CertprofileException,
                                                                               BadCertTemplateException

Checks the public key. If the check passes, returns the canonicalized public key.

Parameters:: publicKey - Requested public key. Must not be null.
Returns:: the granted public key.
Throws:: BadCertTemplateException - If the publicKey does not have correct format or is not permitted.; CertprofileException

getSubject

public abstract Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                            throws CertprofileException,
                                                   BadCertTemplateException

Checks the requested subject. If the check passes, returns the canonicalized subject.

Parameters:: requestedSubject - Requested subject. Must not be null.
Returns:: the granted subject
Throws:: BadCertTemplateException - if the subject is not permitted.; CertprofileException - if error occurs.

getExtensions

public abstract ExtensionValues getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls,
                                              org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                              org.bouncycastle.asn1.x500.X500Name grantedSubject,
                                              org.bouncycastle.asn1.x509.Extensions requestedExtensions,
                                              Date notBefore,
                                              Date notAfter,
                                              PublicCaInfo caInfo)
                                       throws CertprofileException,
                                              BadCertTemplateException

Checks the requested extensions and returns the canonicalized ones.

Parameters:: extensionControls - Extension controls. Must not be null.; requestedSubject - Requested subject. Must not be null.; grantedSubject - Granted subject. Must not be null.; requestedExtensions - Requested extensions. Could be null.; notBefore - NotBefore. Must not be null.; notAfter - NotAfter. Must not be null.; caInfo - CA information.
Returns:: extensions of the certificate to be issued.
Throws:: BadCertTemplateException - if at least one of extension is not permitted.; CertprofileException - if error occurs.

incSerialNumberIfSubjectExists

public abstract boolean incSerialNumberIfSubjectExists()

getMaxCertSize
```
public int getMaxCertSize()
```
Returns maximal size in bytes of the certificate.

Returns:

maximal size in bytes of the certificate, 0 or negative value indicates accepting all sizes.

Class Certprofile

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Certprofile

Method Detail

isOnlyForRa

close

getVersion

getSignatureAlgorithms

includesIssuerAndSerialInAki

getAiaControl

incSerialNumber

isSerialNumberInReqPermitted