com.ibm.security.certclient.util
Class PkNewCertFactory

java.lang.Object
  extended by com.ibm.security.certclient.util.PkNewCertFactory

public final class PkNewCertFactory
extends Object

Generate a certificate signed with specified signing certificate.


Method Summary
static PkNewCertificate newCert(int keySize, String subjectDN, int numValidDays, Date notBefore, boolean useShortSubjectKId, List<String> subjectAltNames, List<String> kUsage, List<String> extKUsage, String provider, KeyPair keyPair, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key)
          Create a personal certificate with supplied extensions
static PkNewCertificate newCert(int keySize, String subjectDN, int numValidDays, Date notBefore, boolean useShortSubjectKId, List<String> subjectAltNames, List<String> kUsage, List<String> extKUsage, String provider, KeyPair keyPair, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key, boolean CA)
          Create a personal certificate with supplied extensions
static PkNewCertificate newCert(int keySize, String subjectDN, int numValidDays, Date notBefore, boolean useShortSubjectKId, List<String> subjectAltNames, List<String> kUsage, List<String> extKUsage, String provider, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key)
          Create a personal certificate with supplied extensions
static PkNewCertificate newCert(int keySize, String subjectDN, int numValidDays, Date notBefore, boolean useShortSubjectKId, String provider, KeyPair keyPair, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key)
          Create a personal certificate without any supplied extensions
static PkNewCertificate newCert(int keySize, String subjectDN, int numValidDays, Date notBefore, boolean useShortSubjectKId, String provider, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key)
          Create a personal certificate without any supplied extensions
static PkNewCertificate newCert(String subjectDN, X509Certificate[] signing_cert_chain, PrivateKey signing_cert_private_key)
          Most simple way to generate a personal certificate signed by a signing certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

newCert

public static PkNewCertificate newCert(String subjectDN,
                                       X509Certificate[] signing_cert_chain,
                                       PrivateKey signing_cert_private_key)
                                throws com.ibm.security.certclient.base.PkRejectionException
Most simple way to generate a personal certificate signed by a signing certificate. Uses all default values:
  • version = 3
  • keysize = 1024
  • validity period = 365 days from current date
  • subjectKeyId version = long
  • provider = IBMJCE

    Parameters:
    subjectDN - Distinguished name which will be the subject for this certificate
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

  • newCert

    public static PkNewCertificate newCert(int keySize,
                                           String subjectDN,
                                           int numValidDays,
                                           Date notBefore,
                                           boolean useShortSubjectKId,
                                           String provider,
                                           X509Certificate[] signing_cert_chain,
                                           PrivateKey signing_cert_private_key)
                                    throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate without any supplied extensions

    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    public static PkNewCertificate newCert(int keySize,
                                           String subjectDN,
                                           int numValidDays,
                                           Date notBefore,
                                           boolean useShortSubjectKId,
                                           String provider,
                                           KeyPair keyPair,
                                           X509Certificate[] signing_cert_chain,
                                           PrivateKey signing_cert_private_key)
                                    throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate without any supplied extensions

    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject and issuer for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    provider - name of crypto provider
    keyPair - keypair to use for private/public key
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

    newCert

    public static PkNewCertificate newCert(int keySize,
                                           String subjectDN,
                                           int numValidDays,
                                           Date notBefore,
                                           boolean useShortSubjectKId,
                                           List<String> subjectAltNames,
                                           List<String> kUsage,
                                           List<String> extKUsage,
                                           String provider,
                                           X509Certificate[] signing_cert_chain,
                                           PrivateKey signing_cert_private_key)
                                    throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions

    Parameters:
    keySize - size of key.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
    kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

  • newCert

    public static PkNewCertificate newCert(int keySize,
                                           String subjectDN,
                                           int numValidDays,
                                           Date notBefore,
                                           boolean useShortSubjectKId,
                                           List<String> subjectAltNames,
                                           List<String> kUsage,
                                           List<String> extKUsage,
                                           String provider,
                                           KeyPair keyPair,
                                           X509Certificate[] signing_cert_chain,
                                           PrivateKey signing_cert_private_key)
                                    throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions

    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
    kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException

  • newCert

    public static PkNewCertificate newCert(int keySize,
                                           String subjectDN,
                                           int numValidDays,
                                           Date notBefore,
                                           boolean useShortSubjectKId,
                                           List<String> subjectAltNames,
                                           List<String> kUsage,
                                           List<String> extKUsage,
                                           String provider,
                                           KeyPair keyPair,
                                           X509Certificate[] signing_cert_chain,
                                           PrivateKey signing_cert_private_key,
                                           boolean CA)
                                    throws com.ibm.security.certclient.base.PkRejectionException
    Create a personal certificate with supplied extensions

    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subjectDN - Distinguished name which will be both subject for this certificate
    numValidDays - period of certificate validity. Will be measured from notBefore date.
    notBefore - Date that this certificate valitity begins. Must be no greater than 3 days prior to the issuing UTC time. If null, current Date will be used.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)list of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
    kUsage - (optional)list of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extKUsage - (optional)list of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    provider - name of crypto provider
    keyPair - keypair to use for private/public keys if null, keypair will be generated
    signing_cert_chain - X509Certificate signing chain
    signing_cert_private_key - Private key to sign personal certificate which is being created
    CA - true - create this certificate as a CA with basic constraints false - create this certificate as an end-user without basic constraints
    Returns:
    a PkNewCertificate type object that implements a personal certificate with the provided attributes signed by specified signing certificate
    Throws:
    com.ibm.security.certclient.base.PkRejectionException