Interface CertService
- All Known Implementing Classes:
CertServiceImpl
public interface CertService
This service provides certificate generation and certificate related keystore operations.
The interfaces provided by this service are intended to abstract low-level generic certificate operations like PKI key and certificate generation, CSR (Certificate Signing Request) signing with the root certificate, retrieving the certificates from the keystore in a generic way, and also providing CRLs (Certificate Revocation Lists).
The bulk of this functionality is provided via the initializeUser(..) method used to generate a fully initialized certificate enclosed in a secured keystore.
- Author:
- Wojciech Sulejman
-
Method Summary
Modifier and TypeMethodDescriptiongetCertificate
(KeyStore keystore, String certificateAlias) Retrieves an existing certificate from a keystore using keystore's certificate alias.getCertificateEmail
(X509Certificate certificate) Extracts the email address from a certificategetKeyPair
(KeyStore ks, String keyAlias, String certificateAlias, String keyPassword) Retrieves existing private and public key from a KeyStore.getKeyStore
(InputStream keystoreIS, String password) Retrieves a KeyStore object from a supplied InputStream.Retrieves the root certificate.initializeUser
(UserInfo userInfo, String keyPassword) Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter.void
setRootService
(RootService rootService) Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.void
storeCertificate
(KeyStore keystore, OutputStream os, String keystorePassword) Wraps a certificate object into an OutputStream object secured by a keystore password
-
Method Details
-
getRootCertificate
Retrieves the root certificate.- Throws:
CertException
-
setRootService
Sets up a root service to be used for CA-related services like certificate request signing and certificate revocation.- Throws:
CertException
-
getKeyStore
Retrieves a KeyStore object from a supplied InputStream. Requires a keystore password.- Throws:
CertException
-
getKeyPair
KeyPair getKeyPair(KeyStore ks, String keyAlias, String certificateAlias, String keyPassword) throws CertException Retrieves existing private and public key from a KeyStore.- Throws:
CertException
-
getCertificate
Retrieves an existing certificate from a keystore using keystore's certificate alias.- Throws:
CertException
-
initializeUser
Generates a private key and a public certificate for a user whose X.509 field information was enclosed in a UserInfo parameter. Stores those artifacts in a password protected keystore. This is the principal method for activating a new certificate and signing it with a root certificate.- Returns:
- KeyStore based on the provided userInfo
- Throws:
CertException
-
storeCertificate
void storeCertificate(KeyStore keystore, OutputStream os, String keystorePassword) throws CertException Wraps a certificate object into an OutputStream object secured by a keystore password- Throws:
CertException
-
getCertificateEmail
Extracts the email address from a certificate- Throws:
CertException
-