Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

core.crypto
Class Certificates

java.lang.Object
  extended by core.crypto.Certificates

public class Certificates
extends Object

This class is usefull for generating Cerfiticates. For Information about ASN.1 see @link http://asn1.elibel.tm.fr/ 

  Copyright (c) 2006 Sebastian Erdweg
  Copyright (c) 2006 Dominik Schulz
  Copyright (c) 2006 Florian Lindner
  Copyright (c) 2006 Betim Berjani
  
  This file is part of FlexiCrypt.

  FlexiCrypt is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  FlexiCrypt is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with FlexiCrypt; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

Author:
Dominik

Field Summary
static int EXTENDED_USAGE_ALL
           
static int EXTENDED_USAGE_CLIENT_AUTH
           
static int EXTENDED_USAGE_CODE_SIGNING
           
static int EXTENDED_USAGE_EMAIL_PROTECTION
           
static int EXTENDED_USAGE_IPSEC_END_SYSTEM
           
static int EXTENDED_USAGE_IPSEC_TUNNEL
           
static int EXTENDED_USAGE_IPSEC_USER
           
static int EXTENDED_USAGE_OCSP_SIGNING
           
static int EXTENDED_USAGE_SERVER_AUTH
          extended usage values. add them up to indicate multiple usages.
static int EXTENDED_USAGE_TIME_STAMPING
           
static int USAGE_ALL
           
static int USAGE_CRL_SIGN
           
static int USAGE_DATA_ENCIPHERMENT
           
static int USAGE_DIGITAL_SIGNATURE
          usage values. add them up to indicate multiple usages.
static int USAGE_KEY_AGREEMENT
           
static int USAGE_KEY_CERT_SIGN
           
static int USAGE_KEY_ENCIPHERMENT
           
static int USAGE_NON_REPUDIATION
           
 
Constructor Summary
Certificates()
           
 
Method Summary
static X509Certificate createCertificate(PublicKey publicKey, String signatureAlgorithm, PrivateKey privateKey, Principal subject, String email, Principal issuer, int usage, boolean isUsageCritical, int extendedUsage, boolean isExtendedUsageCritical, Calendar notBefore, Calendar notAfter, BigInteger serialNumber, boolean isCA, boolean isCACritical)
          Creates a self signed certificate
static X509Certificate createCertificateFromScratch(String certAlgorithm, int keyBitLength, String signatureAlgorithm, Principal subject, String email, Principal issuer, int usage, boolean isUsageCritical, int extendedUsage, boolean isExtendedUsageCritical, Calendar notBefore, Calendar notAfter, BigInteger serialnumber, boolean isCA, boolean isCACritical, Provider prov)
          Creates a new Certificate from Scratch
static X509Crl createCRL(X509Certificate issuersCert, PrivateKey issuersPrivateKey, X509Certificate[] toRevoke)
          creates and signs an CRL where all certs in 'toRevoke' are added as revokeEntries.
static X509Certificate findIssuersCert(Principal DN, boolean[] ID)
           
static X509Crl getCRLfromFile(File file)
          Read a CRL from a file
static byte[] getCSR(PublicKey publicKey, PrivateKey privateKey, Name name, String signatureAlgorithm)
          Generate a PKCS#10 CSR (Certificate signing request)
static CertificationRequest getCSRfromFile(File file)
          Reads a PKCS#10 CSR from a File
static String getEmail(X509Certificate cert)
           
static boolean isCACert(X509Certificate cert)
          checks the content of the BasicConstraintsExtension.
static void setAuthorityKeyIdentifier(X509Certificate cert, byte[] authorityKeyIdent)
           
static String verifyCertificate(X509Certificate cert, Certificate[] chain, X509CRL certCRL)
          Verifys a X509 Certificate
static void writeCRLtoFile(X509Crl crl, File file)
          Write a CRL to a file
static void writeCSRtoFile(BigInteger serial, PublicKey publickey, PrivateKey privatekey, Name name, File file, String signatureAlgorithm)
          Writes a PKCS#10 CSR to a file
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

USAGE_DIGITAL_SIGNATURE

public static final int USAGE_DIGITAL_SIGNATURE
usage values. add them up to indicate multiple usages.

See Also:
Constant Field Values

USAGE_NON_REPUDIATION

public static final int USAGE_NON_REPUDIATION
See Also:
Constant Field Values

USAGE_KEY_ENCIPHERMENT

public static final int USAGE_KEY_ENCIPHERMENT
See Also:
Constant Field Values

USAGE_DATA_ENCIPHERMENT

public static final int USAGE_DATA_ENCIPHERMENT
See Also:
Constant Field Values

USAGE_KEY_AGREEMENT

public static final int USAGE_KEY_AGREEMENT
See Also:
Constant Field Values

USAGE_KEY_CERT_SIGN

public static final int USAGE_KEY_CERT_SIGN
See Also:
Constant Field Values

USAGE_CRL_SIGN

public static final int USAGE_CRL_SIGN
See Also:
Constant Field Values

USAGE_ALL

public static final int USAGE_ALL
See Also:
Constant Field Values

EXTENDED_USAGE_SERVER_AUTH

public static final int EXTENDED_USAGE_SERVER_AUTH
extended usage values. add them up to indicate multiple usages.

See Also:
Constant Field Values

EXTENDED_USAGE_CLIENT_AUTH

public static final int EXTENDED_USAGE_CLIENT_AUTH
See Also:
Constant Field Values

EXTENDED_USAGE_CODE_SIGNING

public static final int EXTENDED_USAGE_CODE_SIGNING
See Also:
Constant Field Values

EXTENDED_USAGE_EMAIL_PROTECTION

public static final int EXTENDED_USAGE_EMAIL_PROTECTION
See Also:
Constant Field Values

EXTENDED_USAGE_IPSEC_END_SYSTEM

public static final int EXTENDED_USAGE_IPSEC_END_SYSTEM
See Also:
Constant Field Values

EXTENDED_USAGE_IPSEC_TUNNEL

public static final int EXTENDED_USAGE_IPSEC_TUNNEL
See Also:
Constant Field Values

EXTENDED_USAGE_IPSEC_USER

public static final int EXTENDED_USAGE_IPSEC_USER
See Also:
Constant Field Values

EXTENDED_USAGE_TIME_STAMPING

public static final int EXTENDED_USAGE_TIME_STAMPING
See Also:
Constant Field Values

EXTENDED_USAGE_OCSP_SIGNING

public static final int EXTENDED_USAGE_OCSP_SIGNING
See Also:
Constant Field Values

EXTENDED_USAGE_ALL

public static final int EXTENDED_USAGE_ALL
See Also:
Constant Field Values
Constructor Detail

Certificates

public Certificates()
Method Detail

createCertificate

public static X509Certificate createCertificate(PublicKey publicKey,
                                                String signatureAlgorithm,
                                                PrivateKey privateKey,
                                                Principal subject,
                                                String email,
                                                Principal issuer,
                                                int usage,
                                                boolean isUsageCritical,
                                                int extendedUsage,
                                                boolean isExtendedUsageCritical,
                                                Calendar notBefore,
                                                Calendar notAfter,
                                                BigInteger serialNumber,
                                                boolean isCA,
                                                boolean isCACritical)
                                         throws Exception
Creates a self signed certificate

Parameters:
publicKey -
signatureAlgorithm -
privateKey -
subject -
issuer -
usage -
extendedUsage -
notBefore -
notAfter -
serialNumber -
isCA -
Returns:
Throws:
Exception

createCertificateFromScratch

public static X509Certificate createCertificateFromScratch(String certAlgorithm,
                                                           int keyBitLength,
                                                           String signatureAlgorithm,
                                                           Principal subject,
                                                           String email,
                                                           Principal issuer,
                                                           int usage,
                                                           boolean isUsageCritical,
                                                           int extendedUsage,
                                                           boolean isExtendedUsageCritical,
                                                           Calendar notBefore,
                                                           Calendar notAfter,
                                                           BigInteger serialnumber,
                                                           boolean isCA,
                                                           boolean isCACritical,
                                                           Provider prov)
                                                    throws Exception
Creates a new Certificate from Scratch

Parameters:
certAlgorithm -
keyBitLength -
signatureAlgorithm -
subject -
issuer -
usage -
isUsageCritical -
extendedUsage -
isExtendedUsageCritical -
notBefore -
notAfter -
serialnumber -
isCA -
prov -
Returns:
Throws:
Exception

setAuthorityKeyIdentifier

public static void setAuthorityKeyIdentifier(X509Certificate cert,
                                             byte[] authorityKeyIdent)
                                      throws NumberFormatException,
                                             Exception
Throws:
NumberFormatException
Exception

getCSR

public static byte[] getCSR(PublicKey publicKey,
                            PrivateKey privateKey,
                            Name name,
                            String signatureAlgorithm)
                     throws BadNameException,
                            NoSuchAlgorithmException,
                            InvalidKeyException,
                            ASN1Exception,
                            SignatureException,
                            CorruptedCodeException
Generate a PKCS#10 CSR (Certificate signing request)

Parameters:
publicKey -
privateKey -
name -
signatureAlgorithm -
Returns:
Throws:
BadNameException
NoSuchAlgorithmException
InvalidKeyException
ASN1Exception
SignatureException
CorruptedCodeException

writeCSRtoFile

public static void writeCSRtoFile(BigInteger serial,
                                  PublicKey publickey,
                                  PrivateKey privatekey,
                                  Name name,
                                  File file,
                                  String signatureAlgorithm)
                           throws InvalidKeyException,
                                  ASN1Exception,
                                  CorruptedCodeException,
                                  NoSuchAlgorithmException,
                                  SignatureException,
                                  IOException
Writes a PKCS#10 CSR to a file

Parameters:
publickey -
privatekey -
name -
file -
signatureAlgorithm -
Throws:
InvalidKeyException
ASN1Exception
CorruptedCodeException
NoSuchAlgorithmException
SignatureException
IOException

getCSRfromFile

public static CertificationRequest getCSRfromFile(File file)
                                           throws ASN1Exception,
                                                  IOException
Reads a PKCS#10 CSR from a File

Parameters:
file -
Returns:
the CSR just read
Throws:
ASN1Exception
IOException

getCRLfromFile

public static X509Crl getCRLfromFile(File file)
                              throws ASN1Exception,
                                     IOException
Read a CRL from a file

Parameters:
file -
Returns:
the CRL just read
Throws:
ASN1Exception
IOException

writeCRLtoFile

public static void writeCRLtoFile(X509Crl crl,
                                  File file)
                           throws CRLException,
                                  IOException
Write a CRL to a file

Parameters:
crl -
file -
Throws:
CRLException
IOException

createCRL

public static X509Crl createCRL(X509Certificate issuersCert,
                                PrivateKey issuersPrivateKey,
                                X509Certificate[] toRevoke)
                         throws BadNameException,
                                NoSuchAlgorithmException,
                                CRLException,
                                InvalidKeyException,
                                SignatureException
creates and signs an CRL where all certs in 'toRevoke' are added as revokeEntries.

Parameters:
issuersCert - The certificate of the issuer of this CRL
issuersPrivateKey - The private key of the issuer with which this CRL will be signed
toRevoke - An array of the certificates which should be revoked
Returns:
a signed CRL with all the certs in 'toRevoke' in it.
Throws:
BadNameException
NoSuchAlgorithmException
CRLException
InvalidKeyException
SignatureException

verifyCertificate

public static String verifyCertificate(X509Certificate cert,
                                       Certificate[] chain,
                                       X509CRL certCRL)
                                throws CertificateException
Verifys a X509 Certificate

Parameters:
cert - The Certificate to verify
chain - The signing chain
certCRL - A CRL
Returns:
Certificate Status (VERIFIED, INVALID, EXPIRED, REVOKED)
Throws:
CertificateException

isCACert

public static boolean isCACert(X509Certificate cert)
checks the content of the BasicConstraintsExtension. if the extension is not present, the method returns false.

Parameters:
cert -
Returns:
wethere this is CA certificate or not

getEmail

public static String getEmail(X509Certificate cert)
Parameters:
cert -
Returns:
Throws:
X509Exception

findIssuersCert

public static X509Certificate findIssuersCert(Principal DN,
                                              boolean[] ID)
                                       throws Exception
Throws:
Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD