com.ibm.security.certclient.util

Class JPKI

  1. java.lang.Object
  2. extended bycom.ibm.security.certclient.util.JPKI
All implemented interfaces:
PkAttrKind, PkCertConstants, PkConstants, PkHttpConstants, PkPollConstants, PkRevoConstants

  1. public class JPKI
  2. extends Object
  3. implements PkConstants

Field Summary

Fields inherited from interface com.ibm.security.certclient.base.PkConstants
BIG_TWO, PKI_DB_CONN, PKI_DB_CONNS, PKI_ISSUER_DN, PKI_ISSUER_HOST, PKI_ISSUER_PORT, PKI_OPER, PKI_ROOT
Fields inherited from interface com.ibm.security.certclient.base.PkAttrKind
ATTR_APPLIED, ATTR_APPROVED, ATTR_NAMES
Fields inherited from interface com.ibm.security.certclient.base.PkCertConstants
CERT_ALGORITHM_ID, CERT_ALGORITHM_NAME, CERT_ALTERNATIVE_NAME, CERT_AUTH_KEY_IDENTIFIER, CERT_BASIC_CONSTRAINTS, CERT_CA_PUBS, CERT_CA_VENDOR, CERT_CMP_VERSION, CERT_CRL_DISTRIBUTION_POINTS, CERT_EXT, CERT_EXT_KEY_USAGE, CERT_HIERARCHICAL, CERT_INIT_PWD, CERT_ISSUER, CERT_ISSUER_ID, CERT_KEY, CERT_KEY_IDENTIFIER, CERT_KEY_TYPE, CERT_KEY_USAGE, CERT_MESSAGE_PROTECTED, CERT_MESSAGE_PROTECTION_ALGORITHM_ID, CERT_MESSAGE_PROTECTION_ALGORITHM_NAME, CERT_MESSAGE_PROTECTION_KEY, CERT_MESSAGE_PROTECTION_PWD, CERT_NAME_CONSTRAINTS, CERT_NETSCAPE_CERT_TYPE, CERT_NOT_AFTER, CERT_NOT_BEFORE, CERT_OPER, CERT_OUTFILENAME, CERT_POLICY_CONSTRAINTS, CERT_POLICY_MAPPINGS, CERT_PRIVATE_KEY, CERT_PRIVATE_KEY_EE, CERT_PRIVATE_KEY_USAGE, CERT_PROVIDER, CERT_PUBLISH_IMMEDIATELY, CERT_RECIPIENT_DN, CERT_REP_HDR, CERT_REQ_ID, CERT_REVO_PUBLIC_KEY, CERT_REVOCATION_PASSPHRASE, CERT_ROOT, CERT_SENDER_KID, CERT_SERIAL_NUMBER, CERT_SUBJECT, CERT_SUBJECT_ALTERNATIVE_NAME, CERT_SUBJECT_ID, CERT_TIME_TO_CHECK_BACK, CERT_VENDOR_TPKI_RA_ENROLL, CERT_VERSION, CERT_VERSION_1, CERT_VERSION_2, CERT_VERSION_3, CERT_X509, KEY_STORE_CERT_ALIAS, KEY_STORE_ENTRY_PWD, KEY_STORE_INIT_CERT_ALIAS, KEY_STORE_INIT_ENTRY_PWD, MAKE_CONF_REQUEST_MESSAGE, MAX_SUBJECT_NAME_LENGTH_TO_STORE_IN_TABLES, sccsid
Fields inherited from interface com.ibm.security.certclient.base.PkRevoConstants
REVO_BAD_SINCE_DATE, REVO_CRL_EXT, REVO_OPER, REVO_PUBLISH_IMMEDIATELY, REVO_REASON, REVO_ROOT
Fields inherited from interface com.ibm.security.certclient.base.PkHttpConstants
HTTP_BASE_NAME, HTTP_FILE_NAME, HTTP_METHOD, HTTP_ROOT, HTTP_VERSION
Fields inherited from interface com.ibm.security.certclient.base.PkPollConstants
POLL_REFERENCE, POLL_ROOT, POLL_TIME_TO_CHECK_BACK

Constructor Summary

Constructor and Description
JPKI()

Method Summary

Modifier and Type Method and Description
  1. PkAttrs
confRequest(Object[] values,Object[] initCertInfo)
Create a confirmation request
  1. PkAttrs
confRequest(String[] values)
  1. PkAttrs
confRequestForCr(String[] values,Object[] items)
  1. PkAttrs
initialCertRequest(byte[] base64pkcs10RequestAsByteArray,String[] values)
Creates an initial certificate request
  1. PkAttrs
initialCertRequest(com.ibm.security.pkcs10.CertificationRequest certReq,String[] values)
Creates an initial certificate request
  1. PkAttrs
initialCertRequest(String[] values,String[] subjectAltNames,String[] kUsage,PublicKey pubKey,PrivateKey privateKey)
Creates an initial certificate request this method assumes that the public,private key pair has been generated by the caller.
  1. PkAttrs
initialCertRequest(String[] values,String[] subjectAltNames,String[] kUsage,String[] extkUsage,PublicKey pubKey,PrivateKey privateKey)
  1. PkAttrs
revoRequest(BigInteger certSerialNumber,Object[] items)
Create a request to revoke a certificate
  1. PkAttrs
revoRequest(Object[] items)
Create a request to revoke a certificate
  1. PkAttrs
revoRequest(PublicKey publicKey,Object[] items)
Create a request to revoke a certificate
  1. PkAttrs
secnRequest(String[] values,String[] subjectAltNames,String[] kUsage,PublicKey publicKey,PrivateKey privateKey,Object[] initCertInfo)
Creates a subsequent certificate request this method assumes that the public,private key pair has been generated by the caller.
  1. PkAttrs
secnRequest(String[] values,String[] subjectAltNames,String[] kUsage,String[] extkUsage,PublicKey publicKey,PrivateKey privateKey,Object[] initCertInfo)
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JPKI

  1. public JPKI()

Method Detail

initialCertRequest

  1. public PkAttrs initialCertRequest( String[] values,
  2. String[] subjectAltNames,
  3. String[] kUsage,
  4. PublicKey pubKey,
  5. PrivateKey privateKey)
  6. throws Exception
Creates an initial certificate request this method assumes that the public,private key pair has been generated by the caller. The public key will be passed in by the user.
Parameters:
values - array of string with values as follows:
  • 0. subjectRDN distinguished name prefix for subject for whom certificate is requested, e.g. cn=newUser The domain name is appended to this prefix to generate the subjectDN
  • 1. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
  • 2. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
  • 3. reference-number this and the next value are the initial authentication parameter
  • 4. passphrase see reference-number
  • 5. notBeforeDate - date from which certificate is valid expressed in milliseconds
  • 6. issuedCertValidity duration for which certificate is valid expressed in milliseconds
  • subjectAltNames - array for specifying subject alternative names. Zero or more values may be specified in the following order. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - array for specifying keyusage. Any of the values below can be specified. The last value must be null.
  • "digital_signature"
  • "non_repudiation"
  • "key_encipherment"
  • "data_encipherment"
  • "encipher_only"
  • "decipher_only"
  • pubKey - public key for which certificate is being requested
    privateKey - This is optional. private key corresponding to the above public key
    Returns:
    PkAttrs attributes that make up a certificate request
    Throws:

    initialCertRequest

    1. public PkAttrs initialCertRequest( String[] values,
    2. String[] subjectAltNames,
    3. String[] kUsage,
    4. String[] extkUsage,
    5. PublicKey pubKey,
    6. PrivateKey privateKey)
    7. throws Exception
    Throws:

    initialCertRequest

    1. public PkAttrs initialCertRequest( byte[] base64pkcs10RequestAsByteArray,
    2. String[] values)
    3. throws Exception
    Creates an initial certificate request
    values - array of string with values as follows:
  • 0. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
  • 1. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
  • 2. reference-number this and the next value are the initial authentication parameter
  • 3. passphrase see reference-number
  • 4. notBeforeDate - date from which certificate is valid expressed in milliseconds
  • 5. issuedCertValidity duration for which certificate is valid expressed in milliseconds
  • Throws:

    initialCertRequest

    1. public PkAttrs initialCertRequest( com.ibm.security.pkcs10.CertificationRequest certReq,
    2. String[] values)
    3. throws Exception
    Creates an initial certificate request
    Parameters:
    certReq - CertificationRequest - certificate request in PKCS#10 format
    values - array of string with values as follows:
  • 0. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
  • 1. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
  • 2. reference-number this and the next value are the initial authentication parameter
  • 3. passphrase see reference-number
  • 4. notBeforeDate - date from which certificate is valid expressed in milliseconds
  • 5. issuedCertValidity duration for which certificate is valid expressed in milliseconds
  • Throws:

    confRequest

    1. public PkAttrs confRequest(String[] values)

    confRequest

    1. public PkAttrs confRequest(Object[] values,
    2. Object[] initCertInfo)
    3. throws Exception
    Create a confirmation request
    Parameters:
    values - array of objects with values as follows:
    • 0 = PkiHeader corresponding to the header used in the certificate request
    • 1 = initialAuthPassword //password used during the initial request
    • 2 = reference number //reference number used during initial request
    • 3 = revoPassword //this is optional
    initCertInfo - array of objects containing information from the initial certificate request: If you specify the values below, the confirmation request is generated for a subsequent request.
  • 0. privateKey private key that was generated for the initial request
  • 1. Certificate certificate generated for user from initial certificate request
  • Returns:
    PkAttrs attributes that make up a confirmation request
    Throws:

    secnRequest

    1. public PkAttrs secnRequest(String[] values,
    2. String[] subjectAltNames,
    3. String[] kUsage,
    4. PublicKey publicKey,
    5. PrivateKey privateKey,
    6. Object[] initCertInfo)
    7. throws Exception
    Creates a subsequent certificate request this method assumes that the public,private key pair has been generated by the caller. The public key will be passed in to the user. This is useful for applications that want to manage their own keystores
    Parameters:
    values - array of string with values as follows:
  • 0. subjectRDN distinguished name prefix for subject for whom certificate is requested, e.g. cn=newUser The domain name is appended to this prefix to generate the subjectDN
  • 1. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
  • 2. certVersion - version number of certificate to be generated. Value must be set to 3
  • for X509V3 certificate
  • 3. notBeforeDate - date from which certificate is valid.
  • 4. issuedCertValidity duration for which certificate is valid expressed in milliseconds
  • subjectAltNames - array for specifying subject alternative names. Zero or more values may be specified in the following order. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - array for specifying keyusage. Any of the values below can be specified. The last value must be null.
  • "digital_signature"
  • "non_repudiation"
  • "key_encipherment"
  • "data_encipherment"
  • "encipher_only"
  • "decipher_only"
  • initCertInfo - array of objects containing information from the initial certificate request:
  • 0. privateKey private key that was generated for the initial request
  • 1. Certificate certificate generated for user from initial certificate request
  • Returns:
    PkAttrs attributes that make up a certificate request
    Throws:

    secnRequest

    1. public PkAttrs secnRequest(String[] values,
    2. String[] subjectAltNames,
    3. String[] kUsage,
    4. String[] extkUsage,
    5. PublicKey publicKey,
    6. PrivateKey privateKey,
    7. Object[] initCertInfo)
    8. throws Exception
    Throws:

    confRequestForCr

    1. public PkAttrs confRequestForCr( String[] values,
    2. Object[] items)
    3. throws Exception
    Throws:

    revoRequest

    1. public PkAttrs revoRequest(Object[] items)
    2. throws Exception
    Create a request to revoke a certificate
    Parameters:
    items - array of objects with values as follows:
    • 0 = certificate to be revoked, provided as an X509CertImpl object
    • 1 = intReason an integer representing the reason for a revocation. Set to one of the following:
          unused                  (0),
          keyCompromise           (1),
          cACompromise            (2),
          affiliationChanged      (3),
          superseded              (4),
          cessationOfOperation    (5),
          certificateHold         (6) }
       
    • 2 = privateKey (optional)the private key of the subject whose certificate is being revoked.
    • 3 = revocation-password (optional) the revocation password that was specified when the certificate request was made. Note that either the private key or revocation password must be provided, otherwise the request will be rejected.
    Returns:
    PkAttrs attributes that make up a revocation request
    Throws:

    revoRequest

    1. public PkAttrs revoRequest(BigInteger certSerialNumber,
    2. Object[] items)
    3. throws Exception
    Create a request to revoke a certificate
    items - array of objects with values as follows:
    • 0 = intReason an integer representing the reason for a revocation. Set to one of the following:
          unused                  (0),
          keyCompromise           (1),
          cACompromise            (2),
          affiliationChanged      (3),
          superseded              (4),
          cessationOfOperation    (5),
          certificateHold         (6) }
       
    • 1 = privateKey (optional)the private key of the subject whose certificate is being revoked.
    • 2 = revocation-password (optional) the revocation password that was specified when the certificate request was made. Note that either the private key or revocation password must be provided, otherwise the request will be rejected.
    Returns:
    PkAttrs attributes that make up a revocation request
    Throws:

    revoRequest

    1. public PkAttrs revoRequest(PublicKey publicKey,
    2. Object[] items)
    3. throws Exception
    Create a request to revoke a certificate
    items - array of objects with values as follows:
    • 0 = publicKey the public key of the subject whose certificate is being revoked.
    • 2 = 0 = intReason, 1= (Optional) privatKey, 2= revoPwd
    Returns:
    PkAttrs attributes that make up a revocation request
    Throws: