| java.lang.Object
 org.jivesoftware.util.CertificateManager
| CertificateManager | | public class CertificateManager (Code) | | Utility class that provides similar functionality to the keytool tool. Generated certificates
conform to the XMPP spec where domains are kept in the subject alternative names extension.
author:
Gaston Dombiak |
| Method Summary | |
| public static void | addListener(CertificateEventListener listener)
Registers a listener to receive events. | | public static X509Certificate | createDSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain)
Creates a new X509 certificate using the DSA algorithm. | | public static X509Certificate | createRSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain)
Creates a new X509 certificate using the RSA algorithm. | | public static String | createSigningRequest(X509Certificate cert, PrivateKey privKey)
Creates and returns the content of a new singing request for the specified certificate. | | public static void | deleteCertificate(KeyStore ksKeys, String alias)
| | public static List<String> | getPeerIdentities(X509Certificate x509Certificate)
Returns the identities of the remote server as defined in the specified certificate. | | public static boolean | installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot)
Imports a new signed certificate and its private key into the keystore. | | public static boolean | installReply(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream inputStream, boolean trustCACerts, boolean validateRoot)
Installs the Certificate Authority reply returned as part of the signing request. | | public static boolean | isDSACertificate(KeyStore ksKeys, String domain)
Returns true if an DSA certificate was found in the specified keystore for the specified domain.
Parameters:
ksKeys - the keystore that contains the certificates.
Parameters:
domain - domain of the server signed by the certificate. | | public static boolean | isDSACertificate(X509Certificate certificate)
Returns true if the specified certificate is using the DSA algorithm. | | public static boolean | isRSACertificate(KeyStore ksKeys, String domain)
Returns true if an RSA certificate was found in the specified keystore for the specified domain.
Parameters:
ksKeys - the keystore that contains the certificates.
Parameters:
domain - domain of the server signed by the certificate. | | public static boolean | isSelfSignedCertificate(KeyStore keyStore, String alias)
Returns true if the specified certificate is a self-signed certificate.
Parameters:
keyStore - key store that holds the certificate to verify.
Parameters:
alias - alias of the certificate in the key store. | | public static boolean | isSigningRequestPending(KeyStore keyStore, String alias)
Returns true if the specified certificate is ready to be signed by a Certificate Authority. | | public static void | removeListener(CertificateEventListener listener)
Unregisters a listener to receive events. |
| addListener | | public static void addListener(CertificateEventListener listener)(Code) | | Registers a listener to receive events.
Parameters:
listener - the listener. |
| createDSACert | | public static X509Certificate createDSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain) throws GeneralSecurityException, IOException(Code) | | Creates a new X509 certificate using the DSA algorithm. The new certificate together with its private
key are stored in the specified key store. However, the key store is not saved to the disk. This means
that it is up to the "caller" to save the key store to disk after new certificates have been added
to the store.
Parameters:
ksKeys - key store where the new certificate and private key are going to be stored.
Parameters:
keyPassword - password of the keystore.
Parameters:
alias - name to use when storing the certificate in the key store.
Parameters:
issuerDN - Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
Parameters:
subjectDN - Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
Parameters:
domain - domain of the server to store in the subject alternative name extension. the new X509 V3 Certificate.
throws:
GeneralSecurityException -
throws:
IOException - |
| createRSACert | | public static X509Certificate createRSACert(KeyStore ksKeys, String keyPassword, String alias, String issuerDN, String subjectDN, String domain) throws GeneralSecurityException, IOException(Code) | | Creates a new X509 certificate using the RSA algorithm. The new certificate together with its private
key are stored in the specified key store. However, the key store is not saved to the disk. This means
that it is up to the "caller" to save the key store to disk after new certificates have been added
to the store.
Parameters:
ksKeys - key store where the new certificate and private key are going to be stored.
Parameters:
keyPassword - password of the keystore.
Parameters:
alias - name to use when storing the certificate in the key store.
Parameters:
issuerDN - Issuer string e.g "O=Grid,OU=OGSA,CN=ACME"
Parameters:
subjectDN - Subject string e.g "O=Grid,OU=OGSA,CN=John Doe"
Parameters:
domain - domain of the server to store in the subject alternative name extension. the new X509 V3 Certificate.
throws:
GeneralSecurityException -
throws:
IOException - |
| createSigningRequest | | public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws Exception(Code) | | Creates and returns the content of a new singing request for the specified certificate. Signing
requests are required by Certificate Authorities as part of their signing process. The signing request
contains information about the certificate issuer, subject DN, subject alternative names and public key.
Private keys are not included. After the Certificate Authority verified and signed the certificate a new
certificate is going to be returned. Use
CertificateManager.installReply(java.security.KeyStore,java.security.KeyStore,String,String,java.io.InputStream,boolean,boolean) to import the CA reply.
Parameters:
cert - the certificate to create a signing request.
Parameters:
privKey - the private key of the certificate. the content of a new singing request for the specified certificate.
throws:
Exception - |
| getPeerIdentities | | public static List<String> getPeerIdentities(X509Certificate x509Certificate)(Code) | | Returns the identities of the remote server as defined in the specified certificate. The
identities are defined in the subjectDN of the certificate and it can also be defined in
the subjectAltName extensions of type "xmpp". When the extension is being used then the
identities defined in the extension are going to be returned. Otherwise, the value stored in
the subjectDN is returned.
Parameters:
x509Certificate - the certificate the holds the identities of the remote server. the identities of the remote server as defined in the specified certificate. |
| installCert | | public static boolean installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception(Code) | | Imports a new signed certificate and its private key into the keystore. The certificate input
stream may contain the signed certificate as well as its CA chain.
Parameters:
keyStore - key store where the certificate will be stored.
Parameters:
trustStore - key store where ca certificates are stored.
Parameters:
keyPassword - password of the keystore.
Parameters:
alias - the alias of the the new signed certificate.
Parameters:
pkInputStream - the stream containing the private key.
Parameters:
passPhrase - is the password phrased used when creating the private key.
Parameters:
inputStream - the stream containing the signed certificate.
Parameters:
trustCACerts - true if certificates present in the truststore file will be used to verify theidentity of the entity signing the certificate.
Parameters:
validateRoot - true if you want to verify that the root certificate in the chain can be trustedbased on the truststore. true if the certificate was successfully imported.
throws:
Exception - if no certificates were found in the inputStream. |
| installReply | | public static boolean installReply(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception(Code) | | Installs the Certificate Authority reply returned as part of the signing request. The certificate
being signed will get its certificate chain updated with the imported certificate(s). An exception
will be thrown if the replied certificate does not match a local certificate or if the signing
authority is not known by the server (i.e. keystore and truststore files). When trustCACerts
is set to true then certificates present in the truststore file will be used to verify the
identity of the entity signing the certificate. In case the reply is composed of more than one
certificate then you can also specify if you want to verify that the root certificate in the chain
can be trusted.
Parameters:
keyStore - key store where the certificate is stored.
Parameters:
trustStore - key store where ca certificates are stored.
Parameters:
keyPassword - password of the keystore.
Parameters:
alias - the alias of the existing certificate being signed.
Parameters:
inputStream - the stream containing the CA reply.
Parameters:
trustCACerts - true if certificates present in the truststore file will be used to verify theidentity of the entity signing the certificate.
Parameters:
validateRoot - true if you want to verify that the root certificate in the chain can be trustedbased on the truststore. true if the CA reply was successfully processed.
throws:
Exception - |
| isDSACertificate | | public static boolean isDSACertificate(KeyStore ksKeys, String domain) throws KeyStoreException(Code) | | Returns true if an DSA certificate was found in the specified keystore for the specified domain.
Parameters:
ksKeys - the keystore that contains the certificates.
Parameters:
domain - domain of the server signed by the certificate. true if an DSA certificate was found in the specified keystore for the specified domain.
throws:
KeyStoreException - |
| isDSACertificate | | public static boolean isDSACertificate(X509Certificate certificate) throws KeyStoreException(Code) | | Returns true if the specified certificate is using the DSA algorithm. The DSA algorithm is not
good for encryption but only for authentication. On the other hand, the RSA algorithm is good
for encryption and authentication.
Parameters:
certificate - the certificate to analyze. true if the specified certificate is using the DSA algorithm.
throws:
KeyStoreException - |
| isRSACertificate | | public static boolean isRSACertificate(KeyStore ksKeys, String domain) throws KeyStoreException(Code) | | Returns true if an RSA certificate was found in the specified keystore for the specified domain.
Parameters:
ksKeys - the keystore that contains the certificates.
Parameters:
domain - domain of the server signed by the certificate. true if an RSA certificate was found in the specified keystore for the specified domain.
throws:
KeyStoreException - |
| isSelfSignedCertificate | | public static boolean isSelfSignedCertificate(KeyStore keyStore, String alias) throws KeyStoreException(Code) | | Returns true if the specified certificate is a self-signed certificate.
Parameters:
keyStore - key store that holds the certificate to verify.
Parameters:
alias - alias of the certificate in the key store. true if the specified certificate is a self-signed certificate.
throws:
KeyStoreException - if an error happens while usign the keystore |
| isSigningRequestPending | | public static boolean isSigningRequestPending(KeyStore keyStore, String alias) throws KeyStoreException(Code) | | Returns true if the specified certificate is ready to be signed by a Certificate Authority. Self-signed
certificates need to get their issuer information entered to be able to generate a Certificate
Signing Request (CSR).
Parameters:
keyStore - key store that holds the certificate to verify.
Parameters:
alias - alias of the certificate in the key store. true if the specified certificate is ready to be signed by a Certificate Authority.
throws:
KeyStoreException - if an error happens while usign the keystore |
| removeListener | | public static void removeListener(CertificateEventListener listener)(Code) | | Unregisters a listener to receive events.
Parameters:
listener - the listener. |
|
|