public class CertService
extends java.lang.Object
构造器和说明 |
---|
CertService() |
限定符和类型 | 方法和说明 |
---|---|
org.bouncycastle.pkcs.PKCS10CertificationRequest |
createCertRequest(X500NameInfo subject,
java.security.PublicKey pubKey,
java.security.PrivateKey priKey,
java.lang.String signAlg)
create CertificationRequest
|
java.security.cert.X509Certificate |
createChildCertificate(boolean isCaCert,
java.lang.String signAlg,
java.security.cert.X509Certificate parentCertificate,
org.bouncycastle.pkcs.PKCS10CertificationRequest request,
org.bouncycastle.asn1.x509.KeyUsage keyUsage,
java.util.Date beginDate,
java.util.Date endDate,
java.security.PrivateKey privateKey)
create ChildCertificate
|
java.security.cert.X509CRL |
createCRL(java.security.cert.X509Certificate caCertificate,
java.security.PrivateKey caPrivateKey,
java.util.List<java.security.cert.X509Certificate> revokeCertificates,
java.lang.String signAlg)
revoke certificate
|
java.security.cert.X509CRL |
createCRL(java.security.cert.X509Certificate caCertificate,
java.security.PrivateKey caPrivateKey,
java.util.List<java.security.cert.X509Certificate> revokeCertificates,
java.lang.String signAlg,
int reason,
java.util.Date period)
revoke certificate
|
java.security.cert.X509Certificate |
createRootCertificate(java.lang.String signAlg,
X500NameInfo issuer,
org.bouncycastle.asn1.x509.KeyUsage keyUsage,
java.util.Date beginDate,
java.util.Date endDate,
java.security.PublicKey publicKey,
java.security.PrivateKey privateKey)
create RootCertificate
|
java.lang.String |
generateCertRequestByDefaultConf(X500NameInfo subject,
java.lang.String priKey)
generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateCertRequestByDefaultConf(X500NameInfo subject,
java.lang.String priKey,
java.lang.String exportFilePath,
java.lang.String csrName)
generate certRequest by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateChildCertByDefaultConf(boolean isCaCert,
org.bouncycastle.asn1.x509.KeyUsage keyUsage,
java.lang.String caStr,
java.lang.String csrStr,
java.lang.String priKeyStr)
generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateChildCertByDefaultConf(boolean isCaCert,
org.bouncycastle.asn1.x509.KeyUsage keyUsage,
java.lang.String caPath,
java.lang.String csrPth,
java.lang.String keyPath,
java.lang.String exportFilePath,
java.lang.String certName)
generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateChildCertByDefaultConf(java.lang.String caStr,
java.lang.String csrStr,
java.lang.String priKeyStr)
generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateChildCertByDefaultConf(java.lang.String caPath,
java.lang.String csrPath,
java.lang.String keyPath,
java.lang.String exportFilePath,
java.lang.String certName)
generate childCert by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
the generated certificate is saved in a file
|
void |
generateKPAndRootCert(X500NameInfo issuer,
java.lang.String savePath)
generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA,
valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path
|
void |
generateKPAndRootCert(X500NameInfo issuer,
java.lang.String savePath,
java.lang.String fileName)
generate RSA keyPair and CA certificate by default configuration (signature algorithm is SHA256WITHRSA,
valid for 3650 days) , the generated certificate and key will be saved in file that specifies the path
|
java.lang.String |
generateRootCertByDefaultConf(X500NameInfo issuer,
java.lang.String privateKeyStr)
generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
|
java.lang.String |
generateRootCertByDefaultConf(X500NameInfo issuer,
java.lang.String privateKeyStr,
java.lang.String certSavePath,
java.lang.String fileName)
generate CA certificate by default configuration (signature algorithm is SHA256WITHRSA, valid for 3650 days)
the generated certificate is saved in a file
|
boolean |
verify(java.security.cert.X509Certificate X509certificateRoot,
java.util.List<java.security.cert.X509Certificate> X509CertificateChain)
verify cert
|
boolean |
verify(java.security.cert.X509Certificate X509certificateRoot,
java.util.List<java.security.cert.X509Certificate> X509CertificateChain,
java.security.cert.X509CRL X509crl)
verify cert
|
public void generateKPAndRootCert(X500NameInfo issuer, java.lang.String savePath)
issuer
- issuer informationsavePath
- path of the generated keys and certificatepublic void generateKPAndRootCert(X500NameInfo issuer, java.lang.String savePath, java.lang.String fileName)
issuer
- issuer informationsavePath
- path of the generated keys and certificatefileName
- filenamepublic java.lang.String generateRootCertByDefaultConf(X500NameInfo issuer, java.lang.String privateKeyStr)
issuer
- issuerprivateKeyStr
- string of the privateKeypublic java.lang.String generateChildCertByDefaultConf(java.lang.String caStr, java.lang.String csrStr, java.lang.String priKeyStr)
caStr
- string of the CA certificatecsrStr
- string of the certificate requestpriKeyStr
- string of the parent's privateKeypublic java.lang.String generateChildCertByDefaultConf(java.lang.String caPath, java.lang.String csrPath, java.lang.String keyPath, java.lang.String exportFilePath, java.lang.String certName)
caPath
- CA certificate file pathcsrPath
- path of certificate requestkeyPath
- path of the parent's privateKeyexportFilePath
- file path of generated certificatepublic java.lang.String generateCertRequestByDefaultConf(X500NameInfo subject, java.lang.String priKey)
subject
- subject of the csrpriKey
- string of the child's privateKeypublic java.lang.String generateRootCertByDefaultConf(X500NameInfo issuer, java.lang.String privateKeyStr, java.lang.String certSavePath, java.lang.String fileName)
issuer
- issuerprivateKeyStr
- string of the privateKeycertSavePath
- save path of generated certificatepublic java.lang.String generateCertRequestByDefaultConf(X500NameInfo subject, java.lang.String priKey, java.lang.String exportFilePath, java.lang.String csrName)
subject
- subject of the csrpriKey
- string of the child's privateKeyexportFilePath
- save path of generated certRequestpublic java.lang.String generateChildCertByDefaultConf(boolean isCaCert, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.lang.String caStr, java.lang.String csrStr, java.lang.String priKeyStr)
isCaCert
- certificate markkeyUsage
- scenarios where the certificate can be usedcaStr
- string of the CA certificatecsrStr
- string of the certificate requestpriKeyStr
- string of the parent's privateKeypublic java.lang.String generateChildCertByDefaultConf(boolean isCaCert, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.lang.String caPath, java.lang.String csrPth, java.lang.String keyPath, java.lang.String exportFilePath, java.lang.String certName)
isCaCert
- certificate markkeyUsage
- scenarios where the certificate can be usedcaPath
- path of CA certificatecsrPth
- path of certificate requestkeyPath
- path of the parent's privateKeyexportFilePath
- save path of generated certificatepublic java.security.cert.X509Certificate createRootCertificate(java.lang.String signAlg, X500NameInfo issuer, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.util.Date beginDate, java.util.Date endDate, java.security.PublicKey publicKey, java.security.PrivateKey privateKey)
signAlg
- signature algorithm,the type of the corresponding keyissuer
- issuerkeyUsage
- scenarios where the certificate can be usedbeginDate
- beginDate of the certificateendDate
- endDate of the certificatepublicKey
- the public key bound by the certificate,used to decrypt the signatureprivateKey
- the private key used for encryption to generate the signaturepublic java.security.cert.X509Certificate createChildCertificate(boolean isCaCert, java.lang.String signAlg, java.security.cert.X509Certificate parentCertificate, org.bouncycastle.pkcs.PKCS10CertificationRequest request, org.bouncycastle.asn1.x509.KeyUsage keyUsage, java.util.Date beginDate, java.util.Date endDate, java.security.PrivateKey privateKey)
isCaCert
- root certificate marksignAlg
- signature algorithm,the type of the corresponding keyparentCertificate
- certificate of the issuerrequest
- certification requestkeyUsage
- scenarios where the certificate can be usedbeginDate
- beginDate of the certificateendDate
- endDate of the certificateprivateKey
- the private key used for encryption to generate the signaturepublic org.bouncycastle.pkcs.PKCS10CertificationRequest createCertRequest(X500NameInfo subject, java.security.PublicKey pubKey, java.security.PrivateKey priKey, java.lang.String signAlg)
subject
- subject of the csrpubKey
- the public key bound by the certificate,used to decrypt the signaturepriKey
- the private key used for encryption to generate the signaturesignAlg
- signature algorithm,the type of the corresponding keypublic java.security.cert.X509CRL createCRL(java.security.cert.X509Certificate caCertificate, java.security.PrivateKey caPrivateKey, java.util.List<java.security.cert.X509Certificate> revokeCertificates, java.lang.String signAlg)
caCertificate
- Certificate of cacaPrivateKey
- PrivateKey of carevokeCertificates
- revokeCertificatessignAlg
- signAlgpublic java.security.cert.X509CRL createCRL(java.security.cert.X509Certificate caCertificate, java.security.PrivateKey caPrivateKey, java.util.List<java.security.cert.X509Certificate> revokeCertificates, java.lang.String signAlg, int reason, java.util.Date period)
caCertificate
- Certificate of cacaPrivateKey
- PrivateKey of carevokeCertificates
- revokeCertificatessignAlg
- signAlgreason
- the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.period
- date of next CRL updatepublic boolean verify(java.security.cert.X509Certificate X509certificateRoot, java.util.List<java.security.cert.X509Certificate> X509CertificateChain)
X509certificateRoot
- root X509CertificateX509CertificateChain
- chain of X509Certificatepublic boolean verify(java.security.cert.X509Certificate X509certificateRoot, java.util.List<java.security.cert.X509Certificate> X509CertificateChain, java.security.cert.X509CRL X509crl)
X509certificateRoot
- root X509CertificateX509CertificateChain
- chain of X509CertificateX509crl
- certificate revocation lists