org.xipki.ca.api.profile

Class Certprofile

java.lang.Object

org.xipki.ca.api.profile.Certprofile

All Implemented Interfaces:

Closeable, AutoCloseable

Direct Known Subclasses:

BaseCertprofile

public abstract class Certprofile
extends Object
implements Closeable

Defines how the certificate looks like. All Certprofile classes must extend this class.

Since:

2.0.0

Author:

Lijun Liao

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Certprofile.AuthorityInfoAccessControl
static class	Certprofile.CertDomain
static class	Certprofile.CertLevel
static class	Certprofile.CrlDistributionPointsControl
static class	Certprofile.ExtensionControl
static class	Certprofile.ExtKeyUsageControl
static class	Certprofile.GeneralNameMode
static class	Certprofile.GeneralNameTag
static class	Certprofile.KeyUsageControl
static class	Certprofile.RdnControl
static class	Certprofile.StringType
static class	Certprofile.SubjectControl
static class	Certprofile.SubjectInfo
static class	Certprofile.X509CertVersion

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Certprofile()

Method Summary

Modifier and Type	Method and Description
abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey) Checks the public key.
void	close()
BigInteger	generateSerialNumber(org.bouncycastle.asn1.x500.X500Name caSubject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo caPublicKeyInfo, org.bouncycastle.asn1.x500.X500Name requestSubject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo, org.xipki.util.ConfPairs caExtraControl) Generate Serial Number of the certificate
abstract Certprofile.AuthorityInfoAccessControl	getAiaControl()
abstract Certprofile.CertDomain	getCertDomain()
abstract org.bouncycastle.asn1.x509.CertificatePolicies	getCertificatePolicies()
abstract Certprofile.CertLevel	getCertLevel()
abstract Certprofile.CrlDistributionPointsControl	getCrlDpControl()
Set<Certprofile.ExtKeyUsageControl>	getExtendedKeyUsages()
abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl>	getExtensionControls()
abstract ExtensionValues	getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls, org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x500.X500Name grantedSubject, Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,org.bouncycastle.asn1.x509.Extension> requestedExtensions, Date notBefore, Date notAfter, PublicCaInfo caInfo) Checks the requested extensions and returns the canonicalized ones.
abstract Certprofile.CrlDistributionPointsControl	getFreshestCrlControl()
abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption>	getKeyAlgorithms()
KeypairGenControl	getKeypairGenControl()
abstract Set<Certprofile.KeyUsageControl>	getKeyUsage()
int	getMaxCertSize() Returns maximal size in bytes of the certificate.
abstract Date	getNotBefore(Date notBefore) Checks and gets the granted NotBefore.
abstract Integer	getPathLenBasicConstraint()
String	getSerialNumberMode() How to generate the certificate's serial number.
List<org.xipki.security.SignAlgo>	getSignatureAlgorithms()
abstract Certprofile.SubjectInfo	getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject) Checks the requested subject.
Certprofile.SubjectInfo	getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) Checks the requested subject.
abstract Set<Certprofile.GeneralNameMode>	getSubjectAltNameModes()
abstract Certprofile.SubjectControl	getSubjectControl() Get the SubjectControl.
Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>>	getSubjectInfoAccessModes() Returns the SubjectInfoAccess modes.
org.bouncycastle.asn1.x509.SubjectKeyIdentifier	getSubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
protected SubjectKeyIdentifierControl	getSubjectKeyIdentifierControl()
abstract org.xipki.util.Validity	getValidity()
Certprofile.X509CertVersion	getVersion()
String	incSerialNumber(String currentSerialNumber) Increments the SerialNumber attribute in the subject.
abstract void	initialize(String data) Initializes this object.
boolean	isOnlyForRa()
boolean	isSerialNumberInReqPermitted() Whether the subject attribute serialNumber in request is permitted.
boolean	useIssuerAndSerialInAki() Returns whether use subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Certprofile

protected Certprofile()

Method Detail

isOnlyForRa

public boolean isOnlyForRa()

close

public void close()

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

getVersion

public Certprofile.X509CertVersion getVersion()

getSignatureAlgorithms

public List<org.xipki.security.SignAlgo> getSignatureAlgorithms()

useIssuerAndSerialInAki

public boolean useIssuerAndSerialInAki()

Returns whether use subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Returns:

whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

getSubjectControl

public abstract Certprofile.SubjectControl getSubjectControl()

Get the SubjectControl.

Returns:

the SubjectControl, may not be null.

getAiaControl

public abstract Certprofile.AuthorityInfoAccessControl getAiaControl()

getCrlDpControl

public abstract Certprofile.CrlDistributionPointsControl getCrlDpControl()

getFreshestCrlControl

public abstract Certprofile.CrlDistributionPointsControl getFreshestCrlControl()

getCertificatePolicies

public abstract org.bouncycastle.asn1.x509.CertificatePolicies getCertificatePolicies()

getSubjectAltNameModes

public abstract Set<Certprofile.GeneralNameMode> getSubjectAltNameModes()

incSerialNumber

public String incSerialNumber(String currentSerialNumber)
                       throws BadFormatException

Increments the SerialNumber attribute in the subject.

Parameters:

currentSerialNumber - Current serial number. Could be null.

Returns:

the incremented serial number

Throws:

BadFormatException - If the currentSerialNumber is not a non-negative decimal long.

isSerialNumberInReqPermitted

public boolean isSerialNumberInReqPermitted()

Whether the subject attribute serialNumber in request is permitted.

Returns:

whether the serialNumber is permitted in request.

getExtendedKeyUsages

public Set<Certprofile.ExtKeyUsageControl> getExtendedKeyUsages()

getSubjectInfoAccessModes

public Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>> getSubjectInfoAccessModes()

Returns the SubjectInfoAccess modes. Use the dummy oid 0.0.0.0 to identify the NULL accessMethod.

Returns:

the SubjectInfoAccess modes.

getExtensionControls

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> getExtensionControls()

initialize

public abstract void initialize(String data)
                         throws CertprofileException

Initializes this object.

Parameters:

data - Configuration. Could be null.

Throws:

CertprofileException - if error during the initialization occurs.

getCertLevel

public abstract Certprofile.CertLevel getCertLevel()

getCertDomain

public abstract Certprofile.CertDomain getCertDomain()

getKeypairGenControl

public KeypairGenControl getKeypairGenControl()

getKeyAlgorithms

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption> getKeyAlgorithms()

getKeyUsage

public abstract Set<Certprofile.KeyUsageControl> getKeyUsage()

getPathLenBasicConstraint

public abstract Integer getPathLenBasicConstraint()

getNotBefore

public abstract Date getNotBefore(Date notBefore)

Checks and gets the granted NotBefore.

Parameters:

notBefore - Requested NotBefore. Could be null.

Returns:

the granted NotBefore.

getValidity

public abstract org.xipki.util.Validity getValidity()

checkPublicKey

public abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                                        throws CertprofileException,
                                                                               BadCertTemplateException

Checks the public key. If the check passes, returns the canonicalized public key.

Parameters:

publicKey - Requested public key. Must not be null.

Returns:

the granted public key.

Throws:

BadCertTemplateException - if the publicKey does not have correct format or is not permitted.

CertprofileException - if error occurs.

getSubject

public abstract Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                            throws CertprofileException,
                                                   BadCertTemplateException

Checks the requested subject. If the check passes, returns the canonicalized subject.

Parameters:

requestedSubject - Requested subject. Must not be null.

Returns:

the granted subject

Throws:

BadCertTemplateException - if the subject is not permitted.

CertprofileException - if error occurs.

getSubject

public Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                          org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
                                   throws CertprofileException,
                                          BadCertTemplateException

Checks the requested subject. If the check passes, returns the canonicalized subject.

Parameters:

requestedSubject - Requested subject. Must not be null.

publicKeyInfo - SubjectPublicKeyInfo of the certificate.

Returns:

the granted subject

Throws:

BadCertTemplateException - if the subject is not permitted.

CertprofileException - if error occurs.

getExtensions

public abstract ExtensionValues getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls,
                                              org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                              org.bouncycastle.asn1.x500.X500Name grantedSubject,
                                              Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,org.bouncycastle.asn1.x509.Extension> requestedExtensions,
                                              Date notBefore,
                                              Date notAfter,
                                              PublicCaInfo caInfo)
                                       throws CertprofileException,
                                              BadCertTemplateException

Checks the requested extensions and returns the canonicalized ones.

Parameters:

extensionControls - Extension controls.

requestedSubject - Requested subject. Must not be null.

grantedSubject - Granted subject. Must not be null.

requestedExtensions - Requested extensions. Could be null.

notBefore - NotBefore. Must not be null.

notAfter - NotAfter. Must not be null.

caInfo - CA information.

Returns:

extensions of the certificate to be issued.

Throws:

BadCertTemplateException - if at least one of extension is not permitted.

CertprofileException - if error occurs.

getMaxCertSize

public int getMaxCertSize()

Returns maximal size in bytes of the certificate.

Returns:

maximal size in bytes of the certificate, 0 or negative value indicates accepting all sizes.

getSubjectKeyIdentifier

public org.bouncycastle.asn1.x509.SubjectKeyIdentifier getSubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                                                                        throws CertprofileException

Throws:

CertprofileException

getSubjectKeyIdentifierControl

protected SubjectKeyIdentifierControl getSubjectKeyIdentifierControl()

getSerialNumberMode

public String getSerialNumberMode()

How to generate the certificate's serial number.

Returns:

the mode to generate serial number. null, empty or 'CA': CA generates serial number 'PROFILE': The function generateSerialNumber(X500Name, SubjectPublicKeyInfo, X500Name, SubjectPublicKeyInfo, ConfPairs) will be called to generate the serial number. The list is case-sensitive.

generateSerialNumber

public BigInteger generateSerialNumber(org.bouncycastle.asn1.x500.X500Name caSubject,
                                       org.bouncycastle.asn1.x509.SubjectPublicKeyInfo caPublicKeyInfo,
                                       org.bouncycastle.asn1.x500.X500Name requestSubject,
                                       org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo,
                                       org.xipki.util.ConfPairs caExtraControl)
                                throws CertprofileException

Generate Serial Number of the certificate

Parameters:

caSubject - CA's subject

caPublicKeyInfo - CA's public key info.

requestSubject - requested subject.

publicKeyInfo - requested public key info.

caExtraControl - Key-value pairs of CA's extraControl.

Returns:

Throws:

CertprofileException