Interface CertService
-
- All Known Implementing Classes:
CertServiceImpl
public interface CertServiceThis service provides certificate generation and certificate related keystore operations.The interfaces provided by this service are intended to abstract low-level generic certificate operations like PKI key and certificate generation, CSR (Certificate Signing Request) signing with the root certificate, retrieving the certificates from the keystore in a generic way, and also providing CRLs (Certificate Revocation Lists).
The bulk of this functionality is provided via the initializeUser(..) method used to generate a fully initialized certificate enclosed in a secured keystore.
- Author:
- Wojciech Sulejman
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description X509CertificategetCertificate(KeyStore keystore, String certificateAlias)Retrieves an existing certificate from a keystore using keystore's certificate alias.StringgetCertificateEmail(X509Certificate certificate)Extracts the email address from a certificateKeyPairgetKeyPair(KeyStore ks, String keyAlias, String certificateAlias, String keyPassword)Retrieves existing private and public key from a KeyStore.KeyStoregetKeyStore(InputStream keystoreIS, String password)Retrieves a KeyStore object from a supplied InputStream.X509CertificategetRootCertificate()Retrieves the root certificate.KeyStoreinitializeUser(UserInfo userInfo, String keyPassword)Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter.voidsetRootService(RootService rootService)Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.voidstoreCertificate(KeyStore keystore, OutputStream os, String keystorePassword)Wraps a certificate object into an OutputStream object secured by a keystore password
-
-
-
Method Detail
-
getRootCertificate
X509Certificate getRootCertificate() throws CertException
Retrieves the root certificate.- Throws:
CertException
-
setRootService
void setRootService(RootService rootService) throws CertException
Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.- Throws:
CertException
-
getKeyStore
KeyStore getKeyStore(InputStream keystoreIS, String password) throws CertException
Retrieves a KeyStore object from a supplied InputStream. Requires a keystore password.- Throws:
CertException
-
getKeyPair
KeyPair getKeyPair(KeyStore ks, String keyAlias, String certificateAlias, String keyPassword) throws CertException
Retrieves existing private and public key from a KeyStore.- Throws:
CertException
-
getCertificate
X509Certificate getCertificate(KeyStore keystore, String certificateAlias) throws CertException
Retrieves an existing certificate from a keystore using keystore's certificate alias.- Throws:
CertException
-
initializeUser
KeyStore initializeUser(UserInfo userInfo, String keyPassword) throws CertException
Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter. Stores those artifacts in a password protected keystore. This is the principal method for activating a new certificate and signing it with a root certificate.- Returns:
- KeyStore based on the provided userInfo
- Throws:
CertException
-
storeCertificate
void storeCertificate(KeyStore keystore, OutputStream os, String keystorePassword) throws CertException
Wraps a certificate object into an OutputStream object secured by a keystore password- Throws:
CertException
-
getCertificateEmail
String getCertificateEmail(X509Certificate certificate) throws CertException
Extracts the email address from a certificate- Throws:
CertException
-
-