Certprofile (XiPKI :: ca-api 5.3.4 API)

java.lang.Object
- org.xipki.ca.api.profile.Certprofile

All Implemented Interfaces:

Closeable, AutoCloseable

Direct Known Subclasses:

BaseCertprofile
```
public abstract class Certprofile
extends Object
implements Closeable
```
Defines how the certificate looks like. All Certprofile classes must extend this class.

Since:

2.0.0

Author:

Lijun Liao

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`Certprofile.AuthorityInfoAccessControl`
`static class`	`Certprofile.CertDomain`
`static class`	`Certprofile.CertLevel`
`static class`	`Certprofile.CrlDistributionPointsControl`
`static class`	`Certprofile.ExtensionControl`
`static class`	`Certprofile.ExtKeyUsageControl`
`static class`	`Certprofile.GeneralNameMode`
`static class`	`Certprofile.GeneralNameTag`
`static class`	`Certprofile.KeyUsageControl`
`static class`	`Certprofile.RdnControl`
`static class`	`Certprofile.StringType`
`static class`	`Certprofile.SubjectControl`
`static class`	`Certprofile.SubjectInfo`
`static class`	`Certprofile.X509CertVersion`

Constructor Summary

Constructors
Modifier Constructor and Description

protected Certprofile()

Constructors
Modifier	Constructor and Description
`protected`	`Certprofile()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo`	`checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)` Checks the public key.
`void`	`close()`
`abstract Certprofile.AuthorityInfoAccessControl`	`getAiaControl()`
`abstract Certprofile.CertDomain`	`getCertDomain()`
`abstract org.bouncycastle.asn1.x509.CertificatePolicies`	`getCertificatePolicies()`
`abstract Certprofile.CertLevel`	`getCertLevel()`
`abstract Certprofile.CrlDistributionPointsControl`	`getCrlDpControl()`
`Set<Certprofile.ExtKeyUsageControl>`	`getExtendedKeyUsages()`
`abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl>`	`getExtensionControls()`
`abstract ExtensionValues`	`getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls, org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x500.X500Name grantedSubject, Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,org.bouncycastle.asn1.x509.Extension> requestedExtensions, Date notBefore, Date notAfter, PublicCaInfo caInfo)` Checks the requested extensions and returns the canonicalized ones.
`abstract Certprofile.CrlDistributionPointsControl`	`getFreshestCrlControl()`
`abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption>`	`getKeyAlgorithms()`
`KeypairGenControl`	`getKeypairGenControl()`
`abstract Set<Certprofile.KeyUsageControl>`	`getKeyUsage()`
`int`	`getMaxCertSize()` Returns maximal size in bytes of the certificate.
`abstract Date`	`getNotBefore(Date notBefore)` Checks and gets the granted NotBefore.
`abstract Integer`	`getPathLenBasicConstraint()`
`List<String>`	`getSignatureAlgorithms()`
`abstract Certprofile.SubjectInfo`	`getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)` Checks the requested subject.
`abstract Set<Certprofile.GeneralNameMode>`	`getSubjectAltNameModes()`
`abstract Certprofile.SubjectControl`	`getSubjectControl()` Get the SubjectControl.
`Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>>`	`getSubjectInfoAccessModes()` Returns the SubjectInfoAccess modes.
`abstract org.xipki.util.Validity`	`getValidity()`
`Certprofile.X509CertVersion`	`getVersion()`
`String`	`incSerialNumber(String currentSerialNumber)` Increments the SerialNumber attribute in the subject.
`abstract boolean`	`incSerialNumberIfSubjectExists()`
`abstract void`	`initialize(String data)` Initializes this object.
`boolean`	`isOnlyForRa()`
`boolean`	`isSerialNumberInReqPermitted()` Whether the subject attribute serialNumber in request is permitted.
`boolean`	`useIssuerAndSerialInAki()` Returns whether use subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- Certprofile
```
protected Certprofile()
```

Method Detail

isOnlyForRa
```
public boolean isOnlyForRa()
```

close
```
public void close()
```
Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

getVersion

public Certprofile.X509CertVersion getVersion()

getSignatureAlgorithms

public List<String> getSignatureAlgorithms()

useIssuerAndSerialInAki
```
public boolean useIssuerAndSerialInAki()
```
Returns whether use subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

Returns:

whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

getSubjectControl
```
public abstract Certprofile.SubjectControl getSubjectControl()
```
Get the SubjectControl.

Returns:

the SubjectControl, may not be null.

getAiaControl

public abstract Certprofile.AuthorityInfoAccessControl getAiaControl()

getCrlDpControl

public abstract Certprofile.CrlDistributionPointsControl getCrlDpControl()

getFreshestCrlControl

public abstract Certprofile.CrlDistributionPointsControl getFreshestCrlControl()

getCertificatePolicies

public abstract org.bouncycastle.asn1.x509.CertificatePolicies getCertificatePolicies()

getSubjectAltNameModes

public abstract Set<Certprofile.GeneralNameMode> getSubjectAltNameModes()

incSerialNumber
```
public String incSerialNumber(String currentSerialNumber)
                       throws BadFormatException
```
Increments the SerialNumber attribute in the subject.

Parameters:

currentSerialNumber - Current serial number. Could be null.

Returns:

the incremented serial number

Throws:

BadFormatException - If the currentSerialNumber is not a non-negative decimal long.

isSerialNumberInReqPermitted
```
public boolean isSerialNumberInReqPermitted()
```
Whether the subject attribute serialNumber in request is permitted.

Returns:

whether the serialNumber is permitted in request.

getExtendedKeyUsages

public Set<Certprofile.ExtKeyUsageControl> getExtendedKeyUsages()

getSubjectInfoAccessModes
```
public Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Set<Certprofile.GeneralNameMode>> getSubjectInfoAccessModes()
```
Returns the SubjectInfoAccess modes. Use the dummy oid 0.0.0.0 to identify the NULL accessMethod.

Returns:

the SubjectInfoAccess modes.

getExtensionControls

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> getExtensionControls()

initialize
```
public abstract void initialize(String data)
                         throws CertprofileException
```
Initializes this object.

Parameters:

data - Configuration. Could be null.

Throws:

CertprofileException - if error during the initialization occurs.

getCertLevel

public abstract Certprofile.CertLevel getCertLevel()

getCertDomain

public abstract Certprofile.CertDomain getCertDomain()

getKeypairGenControl

public KeypairGenControl getKeypairGenControl()

getKeyAlgorithms

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption> getKeyAlgorithms()

getKeyUsage

public abstract Set<Certprofile.KeyUsageControl> getKeyUsage()

getPathLenBasicConstraint

public abstract Integer getPathLenBasicConstraint()

getNotBefore
```
public abstract Date getNotBefore(Date notBefore)
```
Checks and gets the granted NotBefore.

Parameters:

notBefore - Requested NotBefore. Could be null.

Returns:

the granted NotBefore.

getValidity

public abstract org.xipki.util.Validity getValidity()

checkPublicKey

public abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                                        throws CertprofileException,
                                                                               BadCertTemplateException

Checks the public key. If the check passes, returns the canonicalized public key.

Parameters:: publicKey - Requested public key. Must not be null.
Returns:: the granted public key.
Throws:: BadCertTemplateException - if the publicKey does not have correct format or is not permitted.; CertprofileException - if error occurs.

getSubject

public abstract Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                            throws CertprofileException,
                                                   BadCertTemplateException

Checks the requested subject. If the check passes, returns the canonicalized subject.

Parameters:: requestedSubject - Requested subject. Must not be null.
Returns:: the granted subject
Throws:: BadCertTemplateException - if the subject is not permitted.; CertprofileException - if error occurs.

getExtensions

public abstract ExtensionValues getExtensions(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,Certprofile.ExtensionControl> extensionControls,
                                              org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                              org.bouncycastle.asn1.x500.X500Name grantedSubject,
                                              Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,org.bouncycastle.asn1.x509.Extension> requestedExtensions,
                                              Date notBefore,
                                              Date notAfter,
                                              PublicCaInfo caInfo)
                                       throws CertprofileException,
                                              BadCertTemplateException

Checks the requested extensions and returns the canonicalized ones.

Parameters:: extensionControls - Extension controls.; requestedSubject - Requested subject. Must not be null.; grantedSubject - Granted subject. Must not be null.; requestedExtensions - Requested extensions. Could be null.; notBefore - NotBefore. Must not be null.; notAfter - NotAfter. Must not be null.; caInfo - CA information.
Returns:: extensions of the certificate to be issued.
Throws:: BadCertTemplateException - if at least one of extension is not permitted.; CertprofileException - if error occurs.

incSerialNumberIfSubjectExists

public abstract boolean incSerialNumberIfSubjectExists()

getMaxCertSize
```
public int getMaxCertSize()
```
Returns maximal size in bytes of the certificate.

Returns:

maximal size in bytes of the certificate, 0 or negative value indicates accepting all sizes.

Class Certprofile

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Certprofile

Method Detail

isOnlyForRa

close