com.ibm.security.certclient
Class PkEeCertReqFactory
java.lang.Object
com.ibm.security.certclient.PkEeFactory
com.ibm.security.certclient.PkEeCertReqFactory
public final class PkEeCertReqFactory
- extends PkEeFactory
Produce an initial certificate request transaction. This requires an
initial authentication key to be provided to allow the CA to check the
validity of the request.
Method Summary |
static PkEeCertReqTransaction |
newCertRequest(int keySize,
String subject,
int numValidDays,
boolean useRSA,
boolean useShortSubjectKId,
List<String> subjectAltNames,
List<String> kUsage,
List<String> extkUsage,
String iaFile,
String revoPwd,
String dn)
Initialise a certificate request to the supplied CA. |
static PkEeCertReqTransaction |
newCertRequest(int keySize,
String subject,
int numValidDays,
boolean useRSA,
boolean useShortSubjectKId,
List<String> subjectAltNames,
List<String> kUsage,
List<String> extkUsage,
String iaFile,
String revoPwd,
String dn,
KeyPair keyPair)
Initialise a certificate request to the supplied CA. |
static PkEeCertReqTransaction |
newCertRequest(String subject,
String iaFile,
String revoPwd,
String dn)
Initialises a certificate request to the supplied CA. |
Methods inherited from class com.ibm.security.certclient.PkEeFactory |
getCA_DN, getCaDn, getCaPort, getCmpFmt, getKeystoreFilename, getKeyStoreType, getProvider, setCA_DN, setCaDn, setCaPort, setKeystoreFilename, setKeystorePwd, setKeyStoreType, setProvider |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
newCertRequest
public static PkEeCertReqTransaction newCertRequest(int keySize,
String subject,
int numValidDays,
boolean useRSA,
boolean useShortSubjectKId,
List<String> subjectAltNames,
List<String> kUsage,
List<String> extkUsage,
String iaFile,
String revoPwd,
String dn)
throws com.ibm.security.certclient.base.PkException
- Initialise a certificate request to the supplied CA. The request
is ready to action.
- Parameters:
keySize
- size of key.subject
- The Relative DN for the subject. It will be prepended to
the value of parameter dn to create the subject DN.numValidDays
- period of certificate validity. Will be measured from current
date.useRSA
- if true create RSA key else create with DSA keyuseShortSubjectKId
- if true use short form of Subject Key Id else use long formsubjectAltNames
- (optional)List of subject alternate names. Specify null to indicate that no value is being specified.
- 0. email email address for the subject , e.g. newUser@us.ibm.com
- 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
- 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
- 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
kUsage
- (optional)List of Key Usage strings. Acceptable values are-
"digital_signature"
"non_repudiation"
"key_encipherment"
"data_encipherment"
"encipher_only"
"decipher_only"extkUsage
- (optional)List of Extended Key Usage strings. Acceptable values are-
"ServerAuth_Id"
"ClientAuth_Id"
"CodeSigning_Id"
"EmailProtection_Id"
"IPSecEndSystem_Id"
"IPSecTunnel_Id"
"IPSecUser_Id"
"TimeStamping_Id"iaFile
- initial authorisation file containing initial reference number and passphrase on consecutive linesrevoPwd
- password to be used when revoking this certificate after it has been signeddn
- domain name for certificate request. If null, value
of PkEeFactory CA_DN will be used.
- Throws:
com.ibm.security.certclient.base.PkException
- Parameter error
newCertRequest
public static PkEeCertReqTransaction newCertRequest(int keySize,
String subject,
int numValidDays,
boolean useRSA,
boolean useShortSubjectKId,
List<String> subjectAltNames,
List<String> kUsage,
List<String> extkUsage,
String iaFile,
String revoPwd,
String dn,
KeyPair keyPair)
throws com.ibm.security.certclient.base.PkException
- Initialise a certificate request to the supplied CA. The request
is ready to action.
- Parameters:
keySize
- size of key. Not used if keyPair is provided.subject
- The Relative DN for the subject. It will be prepended to
the value of parameter dn to create the subject DN.numValidDays
- period of certificate validity. Will be measured from current
date.useRSA
- if true create RSA key else create with DSA key
Not used if keyPair is provided.useShortSubjectKId
- if true use short form of Subject Key Id else use long formsubjectAltNames
- (optional)List of subject alternate names. Specify null to indicate that no value is being specified.
- 0. email email address for the subject , e.g. newUser@us.ibm.com
- 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
- 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
- 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
kUsage
- (optional)List of Key Usage strings. Acceptable values are-
"digital_signature"
"non_repudiation"
"key_encipherment"
"data_encipherment"
"encipher_only"
"decipher_only"extkUsage
- (optional)List of Extended Key Usage strings. Acceptable values are-
"ServerAuth_Id"
"ClientAuth_Id"
"CodeSigning_Id"
"EmailProtection_Id"
"IPSecEndSystem_Id"
"IPSecTunnel_Id"
"IPSecUser_Id"
"TimeStamping_Id"iaFile
- initial authorisation file containing initial reference number and passphrase on consecutive linesrevoPwd
- password to be used when revoking this certificate after it has been signeddn
- domain name for certificate request. If null, value
of PkEeFactory CA_DN will be used.keyPair
- keyPair to use for Public/Private Key
- Throws:
com.ibm.security.certclient.base.PkException
- Parameter error
newCertRequest
public static PkEeCertReqTransaction newCertRequest(String subject,
String iaFile,
String revoPwd,
String dn)
throws com.ibm.security.certclient.base.PkException
- Initialises a certificate request to the supplied CA. The request is
ready to action but will have the following default values keySize =
1024 numValidDays = 365 keyType = RSA SubjectKeyId algorithm is RFC
3280 Long Form SubjectAlternateNames = none KeyUsage = none
ExtendedKeyUsage = none
- Parameters:
subject
- The Relative DN for the subject. It will be prepended to
the value of parameter dn to create the subject DN.iaFile
- initial authorisation file containing reference number and
passphrase on consecutive linesrevoPwd
- password to be used when revoking this certificate after
it has been signeddn
- domain name for certificate request. If null, value
of PkEeFactory CA_DN will be used.
- Throws:
com.ibm.security.certclient.base.PkException
- Parameter error