com.ibm.security.certclient.util

Class PkNewCertFactory

  1. java.lang.Object
  2. extended bycom.ibm.security.certclient.util.PkNewCertFactory

  1. public final class PkNewCertFactory
  2. extends java.lang.Object
Generate a certificate signed with specified signing certificate.

Method Summary

Modifier and Type Method and Description
  1. static
  2. PkNewCertificate
newCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.KeyPair keyPair,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key)
Create a personal certificate with supplied extensions
  1. static
  2. PkNewCertificate
newCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.KeyPair keyPair,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key,boolean CA)
Create a personal certificate with supplied extensions
  1. static
  2. PkNewCertificate
newCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key)
Create a personal certificate with supplied extensions
  1. static
  2. PkNewCertificate
newCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useShortSubjectKId,java.lang.String provider,java.security.KeyPair keyPair,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key)
Create a personal certificate without any supplied extensions
  1. static
  2. PkNewCertificate
newCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useShortSubjectKId,java.lang.String provider,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key)
Create a personal certificate without any supplied extensions
  1. static
  2. PkNewCertificate
newCert(java.lang.String subjectDN,java.security.cert.X509Certificate[] signing_cert_chain,java.security.PrivateKey signing_cert_private_key)
Most simple way to generate a personal certificate signed by a signing certificate.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newCert

  1. public static PkNewCertificate newCert( java.lang.String subjectDN,
  2. java.security.cert.X509Certificate[] signing_cert_chain,
  3. java.security.PrivateKey signing_cert_private_key)
  4. throws com.ibm.security.certclient.base.PkRejectionException
Most simple way to generate a personal certificate signed by a signing certificate. Uses all default values:
  • version = 3
  • keysize = 1024
  • validity period = 365 days from current date
  • subjectKeyId version = long
  • provider = IBMJCE
  • Parameters:
    subjectDN - Distinguished name which will be the subject for this certificate
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    1. public static PkNewCertificate newCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useShortSubjectKId,
    6. java.lang.String provider,
    7. java.security.cert.X509Certificate[] signing_cert_chain,
    8. java.security.PrivateKey signing_cert_private_key)
    9. throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate without any supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    1. public static PkNewCertificate newCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useShortSubjectKId,
    6. java.lang.String provider,
    7. java.security.KeyPair keyPair,
    8. java.security.cert.X509Certificate[] signing_cert_chain,
    9. java.security.PrivateKey signing_cert_private_key)
    10. throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate without any supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    keyPair - keypair to use for private/public key
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    1. public static PkNewCertificate newCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useShortSubjectKId,
    6. java.util.List<java.lang.String> subjectAltNames,
    7. java.util.List<java.lang.String> kUsage,
    8. java.util.List<java.lang.String> extKUsage,
    9. java.lang.String provider,
    10. java.security.cert.X509Certificate[] signing_cert_chain,
    11. java.security.PrivateKey signing_cert_private_key)
    12. throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    1. public static PkNewCertificate newCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useShortSubjectKId,
    6. java.util.List<java.lang.String> subjectAltNames,
    7. java.util.List<java.lang.String> kUsage,
    8. java.util.List<java.lang.String> extKUsage,
    9. java.lang.String provider,
    10. java.security.KeyPair keyPair,
    11. java.security.cert.X509Certificate[] signing_cert_chain,
    12. java.security.PrivateKey signing_cert_private_key)
    13. throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    1. public static PkNewCertificate newCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useShortSubjectKId,
    6. java.util.List<java.lang.String> subjectAltNames,
    7. java.util.List<java.lang.String> kUsage,
    8. java.util.List<java.lang.String> extKUsage,
    9. java.lang.String provider,
    10. java.security.KeyPair keyPair,
    11. java.security.cert.X509Certificate[] signing_cert_chain,
    12. java.security.PrivateKey signing_cert_private_key,
    13. boolean CA)
    14. throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    CA - true - create this certificate as a CA with basic constraints false - create this certificate as an end-user without basic constraints
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException