Package org.xipki.ca.api.profile

Class BaseCertprofile

java.lang.Object

org.xipki.ca.api.profile.Certprofile

org.xipki.ca.api.profile.BaseCertprofile

All Implemented Interfaces:

Closeable, AutoCloseable

public abstract class BaseCertprofile
extends Certprofile

Base Certprofile.

Since:

2.0.0

Author:

Lijun Liao (xipki)

Nested Class Summary

Nested classes/interfaces inherited from class org.xipki.ca.api.profile.Certprofile

Certprofile.AuthorityInfoAccessControl, Certprofile.CertDomain, Certprofile.CertLevel, Certprofile.CrlDistributionPointsControl, Certprofile.ExtensionControl, Certprofile.ExtKeyUsageControl, Certprofile.GeneralNameMode, Certprofile.GeneralNameTag, Certprofile.KeyUsageControl, Certprofile.RdnControl, Certprofile.StringType, Certprofile.SubjectControl, Certprofile.SubjectInfo, Certprofile.X509CertVersion

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	BaseCertprofile()

Method Summary

Modifier and Type	Method	Description
org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)	Checks the public key.
static org.bouncycastle.asn1.x509.GeneralName	createGeneralName(org.bouncycastle.asn1.x509.GeneralName requestedName, Set<Certprofile.GeneralNameMode> modes)	Creates GeneralName.
protected org.bouncycastle.asn1.x500.RDN	createSubjectRdn(String text, org.bouncycastle.asn1.ASN1ObjectIdentifier type, Certprofile.RdnControl option)
Certprofile.AuthorityInfoAccessControl	getAiaControl()
Certprofile.CertDomain	getCertDomain()
Certprofile.CrlDistributionPointsControl	getCrlDpControl()
Certprofile.CrlDistributionPointsControl	getFreshestCrlControl()
abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption>	getKeyAlgorithms()
Instant	getNotBefore(Instant requestedNotBefore)	Checks and gets the granted NotBefore.
Integer	getPathLenBasicConstraint()
Certprofile.SubjectInfo	getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)	Checks the requested subject.
Certprofile.SubjectInfo	getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)	Checks the requested subject.
protected abstract void	verifySubjectDnOccurrence(org.bouncycastle.asn1.x500.X500Name requestedSubject)

Methods inherited from class org.xipki.ca.api.profile.Certprofile

close, generateSerialNumber, getCertificatePolicies, getCertLevel, getExtendedKeyUsages, getExtensionControls, getExtensions, getKeypairGenControl, getKeyUsage, getMaxCertSize, getNotAfterMode, getSerialNumberMode, getSignatureAlgorithms, getSubjectAltNameModes, getSubjectControl, getSubjectInfoAccessModes, getSubjectKeyIdentifier, getSubjectKeyIdentifierControl, getValidity, getVersion, hasNoWellDefinedExpirationDate, initialize, useIssuerAndSerialInAki

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseCertprofile

protected BaseCertprofile()

Method Detail

getKeyAlgorithms

public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,KeyParametersOption> getKeyAlgorithms()

Specified by:

getKeyAlgorithms in class Certprofile

getCertDomain

public Certprofile.CertDomain getCertDomain()

Specified by:

getCertDomain in class Certprofile

getPathLenBasicConstraint

public Integer getPathLenBasicConstraint()

Specified by:

getPathLenBasicConstraint in class Certprofile

getAiaControl

public Certprofile.AuthorityInfoAccessControl getAiaControl()

Specified by:

getAiaControl in class Certprofile

getCrlDpControl

public Certprofile.CrlDistributionPointsControl getCrlDpControl()

Specified by:

getCrlDpControl in class Certprofile

getFreshestCrlControl

public Certprofile.CrlDistributionPointsControl getFreshestCrlControl()

Specified by:

getFreshestCrlControl in class Certprofile

getNotBefore

public Instant getNotBefore(Instant requestedNotBefore)

Description copied from class: Certprofile

Checks and gets the granted NotBefore.

Specified by:

getNotBefore in class Certprofile

Parameters:

requestedNotBefore - Requested NotBefore. Could be null.

Returns:

the granted NotBefore.

getSubject

public Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                   throws CertprofileException,
                                          org.xipki.pki.BadCertTemplateException

Description copied from class: Certprofile

Checks the requested subject. If the check passes, returns the canonicalized subject.

Specified by:

getSubject in class Certprofile

Parameters:

requestedSubject - Requested subject. Must not be null.

Returns:

the granted subject

Throws:

CertprofileException - if error occurs.

org.xipki.pki.BadCertTemplateException - if the subject is not permitted.

getSubject

public Certprofile.SubjectInfo getSubject(org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                          org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
                                   throws CertprofileException,
                                          org.xipki.pki.BadCertTemplateException

Description copied from class: Certprofile

Checks the requested subject. If the check passes, returns the canonicalized subject.

Overrides:

getSubject in class Certprofile

Parameters:

requestedSubject - Requested subject. Must not be null.

publicKeyInfo - SubjectPublicKeyInfo of the certificate.

Returns:

the granted subject

Throws:

CertprofileException - if error occurs.

org.xipki.pki.BadCertTemplateException - if the subject is not permitted.

checkPublicKey

public org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                               throws CertprofileException,
                                                                      org.xipki.pki.BadCertTemplateException

Description copied from class: Certprofile

Checks the public key. If the check passes, returns the canonicalized public key.

Specified by:

checkPublicKey in class Certprofile

Parameters:

publicKey - Requested public key. Must not be null.

Returns:

the granted public key.

Throws:

CertprofileException - if error occurs.

org.xipki.pki.BadCertTemplateException - if the publicKey does not have correct format or is not permitted.

verifySubjectDnOccurrence

protected abstract void verifySubjectDnOccurrence(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                           throws org.xipki.pki.BadCertTemplateException

Throws:

org.xipki.pki.BadCertTemplateException

createSubjectRdn

protected org.bouncycastle.asn1.x500.RDN createSubjectRdn(String text,
                                                          org.bouncycastle.asn1.ASN1ObjectIdentifier type,
                                                          Certprofile.RdnControl option)
                                                   throws org.xipki.pki.BadCertTemplateException

Throws:

org.xipki.pki.BadCertTemplateException

createGeneralName

public static org.bouncycastle.asn1.x509.GeneralName createGeneralName(org.bouncycastle.asn1.x509.GeneralName requestedName,
                                                                       Set<Certprofile.GeneralNameMode> modes)
                                                                throws org.xipki.pki.BadCertTemplateException

Creates GeneralName.

Parameters:

requestedName - Requested name. Must not be null.

modes - Modes to be considered. Must not be null.

Returns:

the created GeneralName

Throws:

org.xipki.pki.BadCertTemplateException - If requestedName is invalid or contains entries which are not allowed in the modes.