com.ibm.security.certclient.util

Class PkSsCertFactory

  1. java.lang.Object
  2. extended bycom.ibm.security.certclient.util.PkSsCertFactory

  1. public final class PkSsCertFactory
  2. extends java.lang.Object
Generate a self-signed certificate.

Method Summary

Modifier and Type Method and Description
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,boolean useRSA,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider)
Create a self-signed certificate with supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,boolean useRSA,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.KeyPair keyPair)
Create a self-signed certificate with supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,boolean useRSA,boolean useShortSubjectKId,java.lang.String provider)
Create a self-signed certificate without any supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,boolean useRSA,boolean useShortSubjectKId,java.lang.String provider,java.security.KeyPair keyPair)
Create a self-signed certificate without any supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useRSA,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider)
Create a self-signed certificate with supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useRSA,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.KeyPair keyPair)
Create a self-signed certificate with supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useRSA,boolean useShortSubjectKId,java.util.List<java.lang.String> subjectAltNames,java.util.List<java.lang.String> kUsage,java.util.List<java.lang.String> extKUsage,java.lang.String provider,java.security.KeyPair keyPair,boolean CA)
Create a self-signed certificate with supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useRSA,boolean useShortSubjectKId,java.lang.String provider)
Create a self-signed certificate without any supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(int keySize,java.lang.String subjectDN,int numValidDays,java.util.Date notBefore,boolean useRSA,boolean useShortSubjectKId,java.lang.String provider,java.security.KeyPair keyPair)
Create a self-signed certificate without any supplied extensions
  1. static
  2. PkSsCertificate
newSsCert(java.lang.String subjectDN)
Most simple way to generate a self-signed certificate.
  1. static
  2. PkSsCertificate
newSsCert(java.lang.String subjectDN,java.util.Date notBefore)
Most simple way to generate a self-signed certificate.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newSsCert

  1. public static PkSsCertificate newSsCert( java.lang.String subjectDN)
  2. throws com.ibm.security.certclient.base.PkRejectionException
Most simple way to generate a self-signed certificate. Uses all default values:
  • version = 3
  • keysize = 1024
  • validity period = 365 days from current date
  • signatureAlgorithm = SHA1withRSA
  • subjectKeyId version = long
  • provider = IBMJCE
  • Parameters:
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( java.lang.String subjectDN,
    2. java.util.Date notBefore)
    3. throws com.ibm.security.certclient.base.PkRejectionException
    Most simple way to generate a self-signed certificate. Uses all default values:
  • version = 3
  • keysize = 1024
  • validity period = 365 days from notBefore date
  • signatureAlgorithm = SHA1withRSA
  • subjectKeyId version = long
  • provider = IBMJCE
  • Parameters:
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. boolean useRSA,
    5. boolean useShortSubjectKId,
    6. java.lang.String provider)
    7. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate without any supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificate validity. Will be measured from current date.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useRSA,
    6. boolean useShortSubjectKId,
    7. java.lang.String provider)
    8. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate without any supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. boolean useRSA,
    5. boolean useShortSubjectKId,
    6. java.lang.String provider,
    7. java.security.KeyPair keyPair)
    8. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate without any supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from current date.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    keyPair - keypair to use for private/public key
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useRSA,
    6. boolean useShortSubjectKId,
    7. java.lang.String provider,
    8. java.security.KeyPair keyPair)
    9. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate without any supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    keyPair - keypair to use for private/public key
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. boolean useRSA,
    5. boolean useShortSubjectKId,
    6. java.util.List<java.lang.String> subjectAltNames,
    7. java.util.List<java.lang.String> kUsage,
    8. java.util.List<java.lang.String> extKUsage,
    9. java.lang.String provider)
    10. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate with supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from current date.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useRSA,
    6. boolean useShortSubjectKId,
    7. java.util.List<java.lang.String> subjectAltNames,
    8. java.util.List<java.lang.String> kUsage,
    9. java.util.List<java.lang.String> extKUsage,
    10. java.lang.String provider)
    11. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate with supplied extensions
    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. boolean useRSA,
    5. boolean useShortSubjectKId,
    6. java.util.List<java.lang.String> subjectAltNames,
    7. java.util.List<java.lang.String> kUsage,
    8. java.util.List<java.lang.String> extKUsage,
    9. java.lang.String provider,
    10. java.security.KeyPair keyPair)
    11. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate with supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from current date.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useRSA,
    6. boolean useShortSubjectKId,
    7. java.util.List<java.lang.String> subjectAltNames,
    8. java.util.List<java.lang.String> kUsage,
    9. java.util.List<java.lang.String> extKUsage,
    10. java.lang.String provider,
    11. java.security.KeyPair keyPair)
    12. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate with supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newSsCert

    1. public static PkSsCertificate newSsCert( int keySize,
    2. java.lang.String subjectDN,
    3. int numValidDays,
    4. java.util.Date notBefore,
    5. boolean useRSA,
    6. boolean useShortSubjectKId,
    7. java.util.List<java.lang.String> subjectAltNames,
    8. java.util.List<java.lang.String> kUsage,
    9. java.util.List<java.lang.String> extKUsage,
    10. java.lang.String provider,
    11. java.security.KeyPair keyPair,
    12. boolean CA)
    13. throws com.ibm.security.certclient.base.PkRejectionException
    Create a self-signed certificate with supplied extensions
    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificaate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useRSA - if true use RSA key with SHA1withRSA signature algorithm else DSA with SHA1withDSA algorithm Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
  • kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    CA - true - create this certificate as a CA with basic constraints false - create this certificate as an end-user without basic constraints
    Returns:
    a PkSsCertificate type object that implements a self-signed certificate with the provided attributes
    Throws:
    com.ibm.security.certclient.base.PkRejectionException