Package org.xipki.ca.api.profile

Class Certprofile

  • All Implemented Interfaces:
    Closeable, AutoCloseable
    Direct Known Subclasses:
    BaseCertprofile
    public abstract class Certprofile
extends Object
implements Closeable
    Defines how the certificate looks like. All Certprofile classes must extend this class.
    Since:
    2.0.0
    Author:
    Lijun Liao (xipki)

    • Constructor Detail

      • Certprofile

        protected Certprofile()

    • Method Detail

      • getSignatureAlgorithms

        public List<org.xipki.security.SignAlgo> getSignatureAlgorithms()

      • useIssuerAndSerialInAki

        public boolean useIssuerAndSerialInAki()
        Returns whether to use subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.
        Returns:
        whether include subject and serial number of the issuer certificate in the AuthorityKeyIdentifier extension.

      • getSubjectControl

        public abstract Certprofile.SubjectControl getSubjectControl()
        Get the SubjectControl.
        Returns:
        the SubjectControl, may not be null.

      • getCertificatePolicies

        public abstract org.bouncycastle.asn1.x509.CertificatePolicies getCertificatePolicies()

      • getSubjectInfoAccessModes

        public Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,​Set<Certprofile.GeneralNameMode>> getSubjectInfoAccessModes()
        Returns the SubjectInfoAccess modes. Use the dummy oid 0.0.0.0 to identify the NULL accessMethod.
        Returns:
        the SubjectInfoAccess modes.

      • initialize

        public abstract void initialize​(String data)
                         throws CertprofileException
        Initializes this object.
        Parameters:
        data - Configuration. Could be null.
        Throws:
        CertprofileException - if error during the initialization occurs.

      • getKeyAlgorithms

        public abstract Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,​KeyParametersOption> getKeyAlgorithms()

      • getPathLenBasicConstraint

        public abstract Integer getPathLenBasicConstraint()

      • getNotBefore

        public abstract Instant getNotBefore​(Instant notBefore)
        Checks and gets the granted NotBefore.
        Parameters:
        notBefore - Requested NotBefore. Could be null.
        Returns:
        the granted NotBefore.

      • getValidity

        public abstract org.xipki.util.Validity getValidity()

      • hasNoWellDefinedExpirationDate

        public boolean hasNoWellDefinedExpirationDate()
        As in RFC5280:

        To indicate that a certificate has no well-defined expiration date, the notAfter SHOULD be assigned the GeneralizedTime value of 99991231235959Z.

        Returns:
        true to use the fixed value 99991231235959Z in notAfter, false as in defined in getValidity().

      • checkPublicKey

        public abstract org.bouncycastle.asn1.x509.SubjectPublicKeyInfo checkPublicKey​(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKey)
                                                                        throws CertprofileException,
                                                                               org.xipki.pki.BadCertTemplateException
        Checks the public key. If the check passes, returns the canonicalized public key.
        Parameters:
        publicKey - Requested public key. Must not be null.
        Returns:
        the granted public key.
        Throws:
        org.xipki.pki.BadCertTemplateException - if the publicKey does not have correct format or is not permitted.
        CertprofileException - if error occurs.

      • getSubject

        public abstract Certprofile.SubjectInfo getSubject​(org.bouncycastle.asn1.x500.X500Name requestedSubject)
                                            throws CertprofileException,
                                                   org.xipki.pki.BadCertTemplateException
        Checks the requested subject. If the check passes, returns the canonicalized subject.
        Parameters:
        requestedSubject - Requested subject. Must not be null.
        Returns:
        the granted subject
        Throws:
        org.xipki.pki.BadCertTemplateException - if the subject is not permitted.
        CertprofileException - if error occurs.

      • getSubject

        public Certprofile.SubjectInfo getSubject​(org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                          org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
                                   throws CertprofileException,
                                          org.xipki.pki.BadCertTemplateException
        Checks the requested subject. If the check passes, returns the canonicalized subject.
        Parameters:
        requestedSubject - Requested subject. Must not be null.
        publicKeyInfo - SubjectPublicKeyInfo of the certificate.
        Returns:
        the granted subject
        Throws:
        org.xipki.pki.BadCertTemplateException - if the subject is not permitted.
        CertprofileException - if error occurs.

      • getExtensions

        public abstract ExtensionValues getExtensions​(Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,​Certprofile.ExtensionControl> extensionControls,
                                              org.bouncycastle.asn1.x500.X500Name requestedSubject,
                                              org.bouncycastle.asn1.x500.X500Name grantedSubject,
                                              Map<org.bouncycastle.asn1.ASN1ObjectIdentifier,​org.bouncycastle.asn1.x509.Extension> requestedExtensions,
                                              Instant notBefore,
                                              Instant notAfter,
                                              PublicCaInfo caInfo)
                                       throws CertprofileException,
                                              org.xipki.pki.BadCertTemplateException
        Checks the requested extensions and returns the canonicalized ones.
        Parameters:
        extensionControls - Extension controls.
        requestedSubject - Requested subject. Must not be null.
        grantedSubject - Granted subject. Must not be null.
        requestedExtensions - Requested extensions. Could be null.
        notBefore - NotBefore. Must not be null.
        notAfter - NotAfter. Must not be null.
        caInfo - CA information.
        Returns:
        extensions of the certificate to be issued.
        Throws:
        org.xipki.pki.BadCertTemplateException - if at least one of extension is not permitted.
        CertprofileException - if error occurs.

      • getMaxCertSize

        public int getMaxCertSize()
        Returns maximal size in bytes of the certificate.
        Returns:
        maximal size in bytes of the certificate, 0 or negative value indicates accepting all sizes.

      • getSubjectKeyIdentifier

        public org.bouncycastle.asn1.x509.SubjectKeyIdentifier getSubjectKeyIdentifier​(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                                                                        throws CertprofileException
        Throws:
        CertprofileException

      • generateSerialNumber

        public BigInteger generateSerialNumber​(org.bouncycastle.asn1.x500.X500Name caSubject,
                                       org.bouncycastle.asn1.x509.SubjectPublicKeyInfo caPublicKeyInfo,
                                       org.bouncycastle.asn1.x500.X500Name requestSubject,
                                       org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo,
                                       org.xipki.util.ConfPairs caExtraControl)
                                throws CertprofileException
        Generate Serial Number of the certificate
        Parameters:
        caSubject - CA's subject
        caPublicKeyInfo - CA's public key info.
        requestSubject - requested subject.
        publicKeyInfo - requested public key info.
        caExtraControl - Key-value pairs of CA's extraControl.
        Returns:
        the serial number of certificate.
        Throws:
        CertprofileException - if Certprofile Exception occurred.