|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
IPKIUtil is a utility interface for Public Key Infrastructure (PKI) functionalities. The main PKI functionalities are:
1. Decrypt a message 2. Encrypt a message 3. Verify the digital signature in the message 4. Retrieve and verify the Certificate 5. Generate key pairs 6. Generate PKCS#10 Certificate Request 7. Send request to the specified Web Gateway
Method Summary | |
void |
checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate)
Takes a byte array representation of a certificate, and checks it agains the current date. |
String |
decryptMessage(String encryptedText,
Object privateKey)
decrypts a text |
String |
decryptMessage(String encryptedText,
String privateKeyFileName,
String directoryName,
String password)
decrypts a text |
String |
encryptMessage(String originalText,
byte[] certificate)
encrypts a text |
String |
encryptMessage(String originalText,
Object publicKey)
encrypts a text |
String |
encryptMessage(String originalText,
String certificateFileName,
String directoryName)
encrypts a text |
void |
generateKeyPairs(String location,
String password,
String randomString)
Uses "RSA" algorithm and generates the private key (private_key.p12, PKCS#8 encoded), and public key (public_key.p12) and saves it in the directory specified in the parameter. |
void |
generateKeyPairs(String location,
String nameForKeyFiles,
String password,
String randomString)
Uses "RSA" algorithm and generates the private key (private_key.p12, PKCS#8 encoded), and public key (public_key.p12) and saves it in the directory specified in the parameter. |
Object |
generatePKCS10Request(String keyLocation,
String privateKeyFileName,
String publicKeyFileName,
String privateKeyPassword,
Map userData)
Generates and requests the PKCS#10-certificate. |
String |
generateSignature(String originalText,
Object rsaPrivateKey)
signs a text |
String |
generateSignature(String originalText,
String privateKeyFileName,
String directoryName,
String password)
signs a text |
ArrayList |
getInvalidPublicKeyCertificates(HashMap thePublicKeyCertificateCache)
Gets the list of keys whose certificates are no longer valid. |
Date |
getNextCRLUpdateDate()
returns the date of next CRL update. |
byte[] |
getPKICertificate(Map userData)
Gets a certificate of a user. |
Object |
getPrivateKey(String privateKeyFileName,
String directoryName,
String password)
Loads the given private key file by using the given password and path. |
byte[] |
getPublicKeyCertificate(String certificateFileName,
String directoryName)
Loads the given certificateFileName file by using the given path. |
void |
sendCertificateRequestToRA(Object theCertificateRequest,
Map publicCertificateRequestParameters)
Generates the PKCS#10 request by using the given user data, and sends the certificate request to the given WebGateway. |
void |
setPublicPKIServer(Map publicPKIServerParameters)
Sets the parameters to get certificates/public keys from a public PKI Server. |
void |
verifySignature(String signature,
String signedData,
byte[] certificate)
verifies signature |
void |
verifySignature(String signature,
String signedData,
String certificateFileName,
String directoryName)
verifies signature |
Method Detail |
public void generateKeyPairs(String location, String password, String randomString) throws PKIBaseException
location
- directory name where the file has to be stored. It should be ended
with backslash or forward slashpassword
- password to protect the private key filerandomString
- random seed to generate the secure random. It can be obtained from
the random mouse eventPKIBaseException
- If a PKI-error occurspublic void generateKeyPairs(String location, String nameForKeyFiles, String password, String randomString) throws PKIBaseException
location
- directory name where the file has to be stored. It should be ended
with backslash or forward slashnameForKeyFiles
- by providing this String, the key file can be saved by using this name, for
example, if providing "FirstName_LastName_UserName", the private key file can
be saved in "FirstName_LastName_UserName_private_key.p12". If this value is null,
it will be saved as "private_key.p12" by default.password
- password to protect the private key filerandomString
- random seed to generate the secure random. It can be obtained from
the random mouse eventPKIBaseException
- If a PKI-error occurspublic Object generatePKCS10Request(String keyLocation, String privateKeyFileName, String publicKeyFileName, String privateKeyPassword, Map userData) throws PKIBaseException, IllegalArgumentException
keyLocation
- Location of the private and public keysprivateKeyFileName
- file name of the private keypublicKeyFileName
- file name of the public keyprivateKeyPassword
- password to the private keyuserData
- contains the needed userData to specify the user.
For instance CN=John Smith,OU=Development,O=Living Systems,C=DE.PKIBaseException
- If a PKI-error occursIllegalArgumentException
- If there are invalid argumentspublic void sendCertificateRequestToRA(Object theCertificateRequest, Map publicCertificateRequestParameters) throws PKIBaseException, IllegalArgumentException
theCertificateRequest
- certificate request object to send to Public PKI ServerpublicCertificateRequestParameters
- Map which contains the certificate request parametersPKIBaseException
- If IO errors, password error, algorithms error, and
encoding errors happenIllegalArgumentException
- If there are invalid argumentspublic String generateSignature(String originalText, String privateKeyFileName, String directoryName, String password) throws PKIBaseException
originalText
- original text to sign (as String)privateKeyFileName
- file name of one's private keydirectoryName
- directory name where the private key file resides.password
- password to activate one's private keyPKIBaseException
- If a PKI-error occurspublic String generateSignature(String originalText, Object rsaPrivateKey) throws PKIBaseException
originalText
- original text to sign (as String)rsaPrivateKey
- private key used to sign the original StringPKIBaseException
- If a PKI-error occurspublic void verifySignature(String signature, String signedData, String certificateFileName, String directoryName) throws PKIBaseException
signature
- signature as StringsignedData
- signed (original) data as StringcertificateFileName
- file name of one's certificate (contains the public key)directoryName
- directory name where the certificate file resides.PKIBaseException
- If a PKI-error occurspublic void verifySignature(String signature, String signedData, byte[] certificate) throws PKIBaseException
signature
- signature as StringsignedData
- signed (original) data as Stringcertificate
- byte-array representation of the needed certificatePKIBaseException
- If a PKI-error occurspublic String encryptMessage(String originalText, String certificateFileName, String directoryName) throws PKIBaseException
originalText
- string to encryptcertificateFileName
- file name of the receiver's certificate (contains the public key)directoryName
- directory name where the private key file resides.PKIBaseException
- If a PKI-error occurspublic String encryptMessage(String originalText, byte[] certificate) throws PKIBaseException
originalText
- string to encryptcertificate
- byte-array representation of the needed certificatePKIBaseException
- If a PKI-error occurspublic String encryptMessage(String originalText, Object publicKey) throws PKIBaseException
originalText
- string to encryptpublicKey
- public key used to encrypt the decryted stringPKIBaseException
- If a PKI-error occurspublic String decryptMessage(String encryptedText, String privateKeyFileName, String directoryName, String password) throws PKIBaseException
encryptedText
- string to decryptprivateKeyFileName
- file name of one's private keydirectoryName
- directory name where the private key file resides.password
- password to activate one's private keyPKIBaseException
- If a PKI-error occurspublic String decryptMessage(String encryptedText, Object privateKey) throws PKIBaseException
encryptedText
- string to decryptprivateKey
- private key used to decrypt the encryted stringPKIBaseException
- If a PKI-error occurspublic Object getPrivateKey(String privateKeyFileName, String directoryName, String password) throws PKIBaseException
privateKeyFileName
- file name of the private key file.directoryName
- directory name where the private file is stored.password
- password which protects this private key filePKIBaseException
- If key file doesn't exist or its encoding is not correct or the password not correctpublic byte[] getPublicKeyCertificate(String certificateFileName, String directoryName) throws PKIBaseException
certificateFileName
- file name of the certificate file. (PEM format)directoryName
- directory name where the certificate file is stored.PKIBaseException
- If certificate file doesn't exist or its encoding is not correct.public void setPublicPKIServer(Map publicPKIServerParameters) throws PKIBaseException, IllegalArgumentException
publicPKIServerParameters
- Map which contains the needed Parameters (needed parameters
for Baltimore: String hostName, String port,
String userNamePKIServer, String passwordPKIServer,
String CACertificateFileName, String directoryName)PKIBaseException
- If a PKI-error occursIllegalArgumentException
- If publicPKIServerParameters does not contain hostName as key or
the value is nullpublic byte[] getPKICertificate(Map userData) throws PKIBaseException, IllegalArgumentException
userData
- contains the needed userData to specify the user.
For instance CN=John Smith,OU=Development,O=Living Systems,C=DE.PKIBaseException
- If a PKI-error occursIllegalArgumentException
- If userData does not contain CN (Comon nameas) as key
or value of CN is nullpublic ArrayList getInvalidPublicKeyCertificates(HashMap thePublicKeyCertificateCache) throws PKIBaseException
thePublicKeyCertificateCache
- cache of public key certificatePKIBaseException
- If a PKI-error occurspublic void checkTheValidityOfCachedCertificate(byte[] oneCachedCertificate) throws PKIBaseException
oneCachedCertificate
- a byte array representation of a certificatePKIBaseException
- If the certificate's validity has expired or it will be valid in future, not nowpublic Date getNextCRLUpdateDate() throws PKIBaseException
PKIBaseException
- If LDAP exception happens.
|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |