com.webank.cert.toolkit.service

类 CertService

java.lang.Object

com.webank.cert.toolkit.service.CertService

public class CertService
extends java.lang.Object

CertService

构造器概要

构造器

构造器和说明
CertService()

方法概要

限定符和类型	方法和说明
org.bouncycastle.pkcs.PKCS10CertificationRequest	createCertRequest(X500NameInfo subject, java.security.PublicKey pubKey, java.security.PrivateKey priKey, java.lang.String signAlg) create CertificationRequest
java.security.cert.X509Certificate	createChildCertificate(boolean isCaCert, java.lang.String signAlg, java.security.cert.X509Certificate parentCertificate, org.bouncycastle.pkcs.PKCS10CertificationRequest request, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.util.Date beginDate, java.util.Date endDate, java.security.PrivateKey privateKey) create ChildCertificate
java.security.cert.X509CRL	createCRL(java.security.cert.X509Certificate caCertificate, java.security.PrivateKey caPrivateKey, java.util.List<java.security.cert.X509Certificate> revokeCertificates, java.lang.String signAlg) revoke certificate
java.security.cert.X509CRL	createCRL(java.security.cert.X509Certificate caCertificate, java.security.PrivateKey caPrivateKey, java.util.List<java.security.cert.X509Certificate> revokeCertificates, java.lang.String signAlg, int reason, java.util.Date period) revoke certificate
java.security.cert.X509Certificate	createRootCertificate(java.lang.String signAlg, X500NameInfo issuer, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.util.Date beginDate, java.util.Date endDate, java.security.PublicKey publicKey, java.security.PrivateKey privateKey) create RootCertificate
java.lang.String	generateCertRequestByDefaultConf(X500NameInfo subject, java.lang.String priKey) generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateCertRequestByDefaultConf(X500NameInfo subject, java.lang.String priKey, java.lang.String exportFilePath, java.lang.String csrName) generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateChildCertByDefaultConf(boolean isCaCert, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.lang.String caStr, java.lang.String csrStr, java.lang.String priKeyStr) generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateChildCertByDefaultConf(boolean isCaCert, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.lang.String caPath, java.lang.String csrPth, java.lang.String keyPath, java.lang.String exportFilePath, java.lang.String certName) generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateChildCertByDefaultConf(java.lang.String caStr, java.lang.String csrStr, java.lang.String priKeyStr) generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateChildCertByDefaultConf(java.lang.String caPath, java.lang.String csrPath, java.lang.String keyPath, java.lang.String exportFilePath, java.lang.String certName) generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) the generated certificate is saved in a file
void	generateKPAndRootCert(X500NameInfo issuer, java.lang.String savePath) generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path
void	generateKPAndRootCert(X500NameInfo issuer, java.lang.String savePath, java.lang.String fileName) generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path
java.lang.String	generateRootCertByDefaultConf(X500NameInfo issuer, java.lang.String privateKeyStr) generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
java.lang.String	generateRootCertByDefaultConf(X500NameInfo issuer, java.lang.String privateKeyStr, java.lang.String certSavePath, java.lang.String fileName) generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) the generated certificate is saved in a file
boolean	verify(java.security.cert.X509Certificate X509certificateRoot, java.util.List<java.security.cert.X509Certificate> X509CertificateChain) verify cert
boolean	verify(java.security.cert.X509Certificate X509certificateRoot, java.util.List<java.security.cert.X509Certificate> X509CertificateChain, java.security.cert.X509CRL X509crl) verify cert

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

CertService

public CertService()

方法详细资料

generateKPAndRootCert

public void generateKPAndRootCert(X500NameInfo issuer,
                                  java.lang.String savePath)

generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path

参数:

issuer - issuer information

savePath - path of the generated keys and certificate

generateKPAndRootCert

public void generateKPAndRootCert(X500NameInfo issuer,
                                  java.lang.String savePath,
                                  java.lang.String fileName)

generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path

参数:

issuer - issuer information

savePath - path of the generated keys and certificate

fileName - filename

generateRootCertByDefaultConf

public java.lang.String generateRootCertByDefaultConf(X500NameInfo issuer,
                                                      java.lang.String privateKeyStr)

generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

issuer - issuer

privateKeyStr - string of the privateKey

返回:

string of generated certificate

generateChildCertByDefaultConf

public java.lang.String generateChildCertByDefaultConf(java.lang.String caStr,
                                                       java.lang.String csrStr,
                                                       java.lang.String priKeyStr)

generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

caStr - string of the CA certificate

csrStr - string of the certificate request

priKeyStr - string of the parent's privateKey

返回:

string of generated certificate

generateChildCertByDefaultConf

public java.lang.String generateChildCertByDefaultConf(java.lang.String caPath,
                                                       java.lang.String csrPath,
                                                       java.lang.String keyPath,
                                                       java.lang.String exportFilePath,
                                                       java.lang.String certName)

generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) the generated certificate is saved in a file

参数:

caPath - CA certificate file path

csrPath - path of certificate request

keyPath - path of the parent's privateKey

exportFilePath - file path of generated certificate

返回:

string of generated certificate

generateCertRequestByDefaultConf

public java.lang.String generateCertRequestByDefaultConf(X500NameInfo subject,
                                                         java.lang.String priKey)

generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

subject - subject of the csr

priKey - string of the child's privateKey

返回:

string of generated certRequest

generateRootCertByDefaultConf

public java.lang.String generateRootCertByDefaultConf(X500NameInfo issuer,
                                                      java.lang.String privateKeyStr,
                                                      java.lang.String certSavePath,
                                                      java.lang.String fileName)

generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days) the generated certificate is saved in a file

参数:

issuer - issuer

privateKeyStr - string of the privateKey

certSavePath - save path of generated certificate

返回:

string of generated certificate

generateCertRequestByDefaultConf

public java.lang.String generateCertRequestByDefaultConf(X500NameInfo subject,
                                                         java.lang.String priKey,
                                                         java.lang.String exportFilePath,
                                                         java.lang.String csrName)

generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

subject - subject of the csr

priKey - string of the child's privateKey

exportFilePath - save path of generated certRequest

返回:

string of generated certRequest

generateChildCertByDefaultConf

public java.lang.String generateChildCertByDefaultConf(boolean isCaCert,
                                                       org.bouncycastle.asn1.x509.KeyUsage keyUsage,
                                                       java.lang.String caStr,
                                                       java.lang.String csrStr,
                                                       java.lang.String priKeyStr)

generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

isCaCert - certificate mark

keyUsage - scenarios where the certificate can be used

caStr - string of the CA certificate

csrStr - string of the certificate request

priKeyStr - string of the parent's privateKey

返回:

string of the generated certificate

generateChildCertByDefaultConf

public java.lang.String generateChildCertByDefaultConf(boolean isCaCert,
                                                       org.bouncycastle.asn1.x509.KeyUsage keyUsage,
                                                       java.lang.String caPath,
                                                       java.lang.String csrPth,
                                                       java.lang.String keyPath,
                                                       java.lang.String exportFilePath,
                                                       java.lang.String certName)

generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)

参数:

isCaCert - certificate mark

keyUsage - scenarios where the certificate can be used

caPath - path of CA certificate

csrPth - path of certificate request

keyPath - path of the parent's privateKey

exportFilePath - save path of generated certificate

返回:

string of the generated certificate

createRootCertificate

public java.security.cert.X509Certificate createRootCertificate(java.lang.String signAlg,
                                                                X500NameInfo issuer,
                                                                org.bouncycastle.asn1.x509.KeyUsage keyUsage,
                                                                java.util.Date beginDate,
                                                                java.util.Date endDate,
                                                                java.security.PublicKey publicKey,
                                                                java.security.PrivateKey privateKey)

create RootCertificate

参数:

signAlg - signature algorithm,the type of the corresponding key

issuer - issuer

keyUsage - scenarios where the certificate can be used

beginDate - beginDate of the certificate

endDate - endDate of the certificate

publicKey - the public key bound by the certificate,used to decrypt the signature

privateKey - the private key used for encryption to generate the signature

返回:

the generated certificate

createChildCertificate

public java.security.cert.X509Certificate createChildCertificate(boolean isCaCert,
                                                                 java.lang.String signAlg,
                                                                 java.security.cert.X509Certificate parentCertificate,
                                                                 org.bouncycastle.pkcs.PKCS10CertificationRequest request,
                                                                 org.bouncycastle.asn1.x509.KeyUsage keyUsage,
                                                                 java.util.Date beginDate,
                                                                 java.util.Date endDate,
                                                                 java.security.PrivateKey privateKey)

create ChildCertificate

参数:

isCaCert - root certificate mark

signAlg - signature algorithm,the type of the corresponding key

parentCertificate - certificate of the issuer

request - certification request

keyUsage - scenarios where the certificate can be used

beginDate - beginDate of the certificate

endDate - endDate of the certificate

privateKey - the private key used for encryption to generate the signature

返回:

the generated certificate

createCertRequest

public org.bouncycastle.pkcs.PKCS10CertificationRequest createCertRequest(X500NameInfo subject,
                                                                          java.security.PublicKey pubKey,
                                                                          java.security.PrivateKey priKey,
                                                                          java.lang.String signAlg)

create CertificationRequest

参数:

subject - subject of the csr

pubKey - the public key bound by the certificate,used to decrypt the signature

priKey - the private key used for encryption to generate the signature

signAlg - signature algorithm,the type of the corresponding key

返回:

the certificate request

createCRL

public java.security.cert.X509CRL createCRL(java.security.cert.X509Certificate caCertificate,
                                            java.security.PrivateKey caPrivateKey,
                                            java.util.List<java.security.cert.X509Certificate> revokeCertificates,
                                            java.lang.String signAlg)

revoke certificate

参数:

caCertificate - Certificate of ca

caPrivateKey - PrivateKey of ca

revokeCertificates - revokeCertificates

signAlg - signAlg

返回:

X509CRL

createCRL

public java.security.cert.X509CRL createCRL(java.security.cert.X509Certificate caCertificate,
                                            java.security.PrivateKey caPrivateKey,
                                            java.util.List<java.security.cert.X509Certificate> revokeCertificates,
                                            java.lang.String signAlg,
                                            int reason,
                                            java.util.Date period)

revoke certificate

参数:

caCertificate - Certificate of ca

caPrivateKey - PrivateKey of ca

revokeCertificates - revokeCertificates

signAlg - signAlg

reason - the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.

period - date of next CRL update

返回:

X509CRL

verify

public boolean verify(java.security.cert.X509Certificate X509certificateRoot,
                      java.util.List<java.security.cert.X509Certificate> X509CertificateChain)

verify cert

参数:

X509certificateRoot - root X509Certificate

X509CertificateChain - chain of X509Certificate

返回:

result of verify

verify

public boolean verify(java.security.cert.X509Certificate X509certificateRoot,
                      java.util.List<java.security.cert.X509Certificate> X509CertificateChain,
                      java.security.cert.X509CRL X509crl)

verify cert

参数:

X509certificateRoot - root X509Certificate

X509CertificateChain - chain of X509Certificate

X509crl - certificate revocation lists

返回:

result of verify