Package org.nuxeo.ecm.platform.signature.api.pki

Interface CertService

All Known Implementing Classes:

CertServiceImpl

public interface CertService

This service provides certificate generation and certificate related keystore operations.

The interfaces provided by this service are intended to abstract low-level generic certificate operations like PKI key and certificate generation, CSR (Certificate Signing Request) signing with the root certificate, retrieving the certificates from the keystore in a generic way, and also providing CRLs (Certificate Revocation Lists).

The bulk of this functionality is provided via the initializeUser(..) method used to generate a fully initialized certificate enclosed in a secured keystore.

Author:

Wojciech Sulejman

Method Summary

Modifier and Type	Method	Description
X509Certificate	getCertificate(KeyStore keystore, String certificateAlias)	Retrieves an existing certificate from a keystore using keystore's certificate alias.
String	getCertificateEmail(X509Certificate certificate)	Extracts the email address from a certificate
KeyPair	getKeyPair(KeyStore ks, String keyAlias, String certificateAlias, String keyPassword)	Retrieves existing private and public key from a KeyStore.
KeyStore	getKeyStore(InputStream keystoreIS, String password)	Retrieves a KeyStore object from a supplied InputStream.
X509Certificate	getRootCertificate()	Retrieves the root certificate.
KeyStore	initializeUser(UserInfo userInfo, String keyPassword)	Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter.
void	setRootService(RootService rootService)	Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.
void	storeCertificate(KeyStore keystore, OutputStream os, String keystorePassword)	Wraps a certificate object into an OutputStream object secured by a keystore password

Method Details

getRootCertificate

X509Certificate getRootCertificate()
                            throws CertException

Retrieves the root certificate.

Throws:

CertException

setRootService

void setRootService(RootService rootService)
             throws CertException

Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.

Throws:

CertException

getKeyStore

KeyStore getKeyStore(InputStream keystoreIS,
 String password)
              throws CertException

Retrieves a KeyStore object from a supplied InputStream. Requires a keystore password.

Throws:

CertException

getKeyPair

KeyPair getKeyPair(KeyStore ks,
 String keyAlias,
 String certificateAlias,
 String keyPassword)
            throws CertException

Retrieves existing private and public key from a KeyStore.

Throws:

CertException

getCertificate

X509Certificate getCertificate(KeyStore keystore,
 String certificateAlias)
                        throws CertException

Retrieves an existing certificate from a keystore using keystore's certificate alias.

Throws:

CertException

initializeUser

KeyStore initializeUser(UserInfo userInfo,
 String keyPassword)
                 throws CertException

Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter. Stores those artifacts in a password protected keystore. This is the principal method for activating a new certificate and signing it with a root certificate.

Returns:

KeyStore based on the provided userInfo

Throws:

CertException

storeCertificate

void storeCertificate(KeyStore keystore,
 OutputStream os,
 String keystorePassword)
               throws CertException

Wraps a certificate object into an OutputStream object secured by a keystore password

Throws:

CertException

getCertificateEmail

String getCertificateEmail(X509Certificate certificate)
                    throws CertException

Extracts the email address from a certificate

Throws:

CertException