|
IP*Works! S/MIME V9 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectipworkssmime.Certmgr
public class Certmgr
The CertMgr bean is used to manage the digital certificates installed on a system.
The bean methods, such as ListCertificateStores
or ListStoreCertificates
,
are used to list certificate stores and certificates. The corresponding lists are returned
via the StoreList
and CertList
events. Encoded certificates are
provided through the events.
You can load a certificate by setting the Cert
property of the
bean, then you can get information about the certificate through the corresponding
fields of the Cert
property (described below).
The Subject , SerialNumber , and Issuer fields identify the certificate. The EffectiveDate and ExpirationDate show the time boundaries of the certificate.
PublicKey , PublicKeyAlgorithm , PublicKeyLength , and Version provide information about the certificate keys and the certificate format (version).
UsageFlags specifies the intended usage of the certificate. The Usage field provides a text description of these flags.
Field Summary | |
---|---|
static int |
cstJKSBlob
|
static int |
cstJKSFile
|
static int |
cstMachine
|
static int |
cstP7BBlob
|
static int |
cstP7BFile
|
static int |
cstPEMKeyBlob
|
static int |
cstPEMKeyFile
|
static int |
cstPFXBlob
|
static int |
cstPFXFile
|
static int |
cstPublicKeyBlob
|
static int |
cstPublicKeyFile
|
static int |
cstSSHPublicKeyBlob
|
static int |
cstSSHPublicKeyFile
|
static int |
cstUser
|
Constructor Summary | |
---|---|
Certmgr()
Creates an instance of Certmgr Bean. |
|
Certmgr(java.lang.String runtimeLicense)
Creates an instance of Certmgr Bean with specified run-time license. |
Method Summary | |
---|---|
void |
addCertmgrEventListener(CertmgrEventListener l)
|
java.lang.String |
config(java.lang.String configurationString)
Sets or retrieves a configuration setting. |
void |
createCertificate(java.lang.String certSubject,
int serialNumber)
Creates a new self-signed certificate in the current store. |
void |
createKey(java.lang.String keyName)
Creates a new keyset associated with the provided name. |
void |
deleteCertificate()
Deletes the currently selected certificate from the store. |
void |
deleteKey(java.lang.String keyName)
Deletes the keyset associated with the provided name. |
void |
exportCertificate(java.lang.String PFXFile,
java.lang.String password)
Saves the current certificate to a PFX file. |
java.lang.String |
generateCSR(java.lang.String certSubject,
java.lang.String keyName)
Generates a new CSR to be sent to a signing authority. |
Certificate |
getCert()
The current selected certificate. |
CertExtensionList |
getCertExtensions()
A list of extensions used by the currently selected certificate. |
byte[] |
getCertStore()
The certificate store to search for certificates. |
java.lang.String |
getCertStorePassword()
The password for the certificate store (if any). |
int |
getCertStoreType()
The type of certificate store for CertStore . |
void |
importCertificate(java.lang.String PFXFile,
java.lang.String password,
java.lang.String subject)
Imports a certificate from a PFX file into the current certificate store. |
void |
importSignedCSR(byte[] signedCSR,
java.lang.String keyName)
Imports a signed CSR. |
void |
issueCertificate(java.lang.String certSubject,
int serialNumber)
Creates a new certificate in the current store, signed by the selected certificate. |
java.lang.String |
listCertificateStores()
Lists certificate stores. |
java.lang.String |
listKeys()
List keysets in a CSP. |
java.lang.String |
listMachineStores()
List machine certificate stores. |
java.lang.String |
listStoreCertificates()
List certificates in a store. |
void |
readCertificate(java.lang.String fileName)
Loads a certificate from a file. |
void |
removeCertmgrEventListener(CertmgrEventListener l)
|
void |
reset()
Resets all certificate properties to their default values. |
void |
saveCertificate(java.lang.String fileName)
Saves the current certificate to a file. |
void |
setCert(Certificate cert)
The current selected certificate. |
void |
setCertStore(byte[] certStore)
The certificate store to search for certificates. |
void |
setCertStorePassword(java.lang.String certStorePassword)
The password for the certificate store (if any). |
void |
setCertStoreType(int certStoreType)
The type of certificate store for CertStore . |
java.lang.String |
showCertificateChain()
Show certificate chain. |
java.lang.String |
signCSR(byte[] CSR,
int serialNumber)
Creates a signed certificate from a CSR. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int cstUser
public static final int cstMachine
public static final int cstPFXFile
public static final int cstPFXBlob
public static final int cstJKSFile
public static final int cstJKSBlob
public static final int cstPEMKeyFile
public static final int cstPEMKeyBlob
public static final int cstPublicKeyFile
public static final int cstPublicKeyBlob
public static final int cstSSHPublicKeyBlob
public static final int cstP7BFile
public static final int cstP7BBlob
public static final int cstSSHPublicKeyFile
Constructor Detail |
---|
public Certmgr()
public Certmgr(java.lang.String runtimeLicense)
Method Detail |
---|
public Certificate getCert()
This property is populated when a specified certificate is found or loaded by the bean. It is used to specify private or public keys. Set this property to a valid Certificate
object to load a
certificate and perform different operations such as DeleteCertificate
or ExportCertificate
.
public void setCert(Certificate cert) throws IPWorksSMIMEException
This property is populated when a specified certificate is found or loaded by the bean. It is used to specify private or public keys. Set this property to a valid Certificate
object to load a
certificate and perform different operations such as DeleteCertificate
or ExportCertificate
.
IPWorksSMIMEException
public CertExtensionList getCertExtensions()
This property contains a list of extensions used by the currently selected certificate. When Cert
is set, the bean will be read out any CertExtension
and populate this list. This list may also be populated by the user prior to a call to CreateCertificate
to add certificate extensions to the certificate to be created.
public byte[] getCertStore()
The CertStoreType
property specifies the type of the
certificate store specified by CertStore
. If the store
is password protected, specify the password in CertStorePassword
.
Designations of certificate stores are platform-dependent.
The following are designations of the most common User and Machine certificate stores in Windows:
In Java, the certificate store normally is a file containing certificates and optional private keys.
When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).
If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.
public void setCertStore(byte[] certStore) throws IPWorksSMIMEException
The CertStoreType
property specifies the type of the
certificate store specified by CertStore
. If the store
is password protected, specify the password in CertStorePassword
.
Designations of certificate stores are platform-dependent.
The following are designations of the most common User and Machine certificate stores in Windows:
In Java, the certificate store normally is a file containing certificates and optional private keys.
When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).
If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.
IPWorksSMIMEException
public java.lang.String getCertStorePassword()
The value of this property is used to open the certificate store if the certificate store is of a type that requires a password.
public void setCertStorePassword(java.lang.String certStorePassword) throws IPWorksSMIMEException
The value of this property is used to open the certificate store if the certificate store is of a type that requires a password.
IPWorksSMIMEException
public int getCertStoreType()
CertStore
.
This property can take one of the following values:
public void setCertStoreType(int certStoreType) throws IPWorksSMIMEException
CertStore
.
This property can take one of the following values:
IPWorksSMIMEException
public java.lang.String config(java.lang.String configurationString) throws IPWorksSMIMEException
Config
is a generic method available in every bean.
It is used to set and retrieve configuration settings
for the
bean.
Configuration settings are similar in functionality to properties,
but they are rarely used. In order to avoid "polluting" the property
namespace of the bean, access to these internal properties is provided through the Config
method.
To set a configuration setting named PROPERTY , you must call Config("PROPERTY=VALUE") , where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY") . The value will be returned as a string.
The bean accepts one or more of the following configuration settings .
Configuration settings are similar in functionality to properties,
but they are rarely used. In order to avoid "polluting" the property
namespace of the bean, access to these internal properties is provided through the Config
method.
SaveCertificate
.
This can only be used when CertificateOutputFormat
is
set to a value other than the default value. When CertificateOutputFormat
is set to "SSH2PublicKey" the value of this setting should be the full header.
For instance: "Comment: My Comment".SaveCertificate
is called the certificate will be
written in a PEM format. You may change the format by setting this setting
to "SSH2PublicKey" or "OpenSSHPublicKey". Set this to the value "PEM"
to specify the default behavior.CreateCertificate
creates a new certificate and associated key,
or when CreateKey
creates a key, this setting determines
the length of the new public key (in bits). The default value is 1024.CreateCertificate
creates a new certificate and associated key,
or when CreateKey
creates a key, this setting determines
the type of key generated: 1 for key exchange (encryption)
keys, and 2 for digital signature keys. The default value is 1.CreateCertificate
or IssueCertificate
creates a new certificate,
the signature algorithm used is specified by this setting. Possible values are:
CreateCertificate
creates a new certificate, the certificate
is valid the moment it is created. CertValidityTime determines
the number of days until expiration. The default value is 365 days.ImportCertificate
if a matching certificate or a link to a matching certificate already exists
in the Windows certificate store this setting governs what action will be taken. Possible values are:
IPWorksSMIMEException
public void createCertificate(java.lang.String certSubject, int serialNumber) throws IPWorksSMIMEException
This method creates a new self-signed certificate in the current store, containing the following:
CertSubject specifies the subject of the new certificate. A new keyset (public/private key pair) is generated and associated with the new certificate.
SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.
The time validity of the new certificate is determined by the CertValidityTime
configuration setting, and the key
size by the CertKeyLength
configuration setting.
IPWorksSMIMEException
public void createKey(java.lang.String keyName) throws IPWorksSMIMEException
This method will create a new keyset (public/private key pair) within the Cryptographic Service Provider (CSP) used by the bean. The CSP can be set using the CSP
configuration setting.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public void deleteCertificate() throws IPWorksSMIMEException
This method will delete the selected certificate from the store. If the certificate cannot be deleted, an error is returned.
This functionality is currently not available when the provider is OpenSSL.
IPWorksSMIMEException
public void deleteKey(java.lang.String keyName) throws IPWorksSMIMEException
This method will delete the keyset (public/private key pair) associated with KeyName from the Cryptographic Service Provider (CSP). The CSP can be set using the CSP
configuration setting.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public void exportCertificate(java.lang.String PFXFile, java.lang.String password) throws IPWorksSMIMEException
This method will save the current certificate to a PFX file. The current certificate and its private key are saved to the file specified by PFXFile in PKCS12 format. The file contents are protected by Password .
IPWorksSMIMEException
public java.lang.String generateCSR(java.lang.String certSubject, java.lang.String keyName) throws IPWorksSMIMEException
This method will generate a new Certificate Signing Request (CSR) to be sent to the signing authority. CertSubject specifies the subject of the Certificate Signing Request (CSR). KeyName specifies the name of the keyset (public/private key pair) to be used. If the keyset does not already exist in the Cryptographic Service Provider (CSP), the bean will automatically generate one. To set the CSP, use the CSP
configuration setting.
NOTE: it is important to remember the name of the keyset that is used when creating a CSR, as keyset must be later re-associated with the certificate after the trust authority has signed the CSR.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public void importCertificate(java.lang.String PFXFile, java.lang.String password, java.lang.String subject) throws IPWorksSMIMEException
This method will import a certificate from a PFX file into the current certificate store. The certificate specified by Subject and its private key are loaded from the PKCS12 file specified by PFXFile . If the file is password-protected Password is used to open it.
Subject is optional. If empty, the first certificate in the store is loaded instead of the matching certificate.
If the provider is OpenSSL, the current version just loads the first certificate and its private key. Subject is ignored.
IPWorksSMIMEException
public void importSignedCSR(byte[] signedCSR, java.lang.String keyName) throws IPWorksSMIMEException
This method will import a signed Certificate Signing Request (CSR). SignedCSR specifies a certificate that has been signed by a trust authority. KeyName is the name of the keyset (public/private key pair) that was used to create the original Certificate Signing Request (CSR).
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public void issueCertificate(java.lang.String certSubject, int serialNumber) throws IPWorksSMIMEException
This method creates a new certificate in the current store, signed by the selected certificate. CertSubject specifies the subject of the new certificate. A new keyset (public/private key pair) is generated and associated with the new certificate.
SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.
The current certificate selected by the bean will be used as the issuing certificate.
If no certificate has been selected in the current CertStore
prior to calling this method, or if the selected certificate does not have an associated private key, the method throws an exception.
The time validity of the new certificate is determined by the CertValidityTime
configuration setting, and the key size by the CertKeyLength
configuration setting.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public java.lang.String listCertificateStores() throws IPWorksSMIMEException
This method lists the system certificate stores for the current user account. The results are provided through the StoreList
event.
The same information is also returned upon method completion as a set of lines, one per certificate store name.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public java.lang.String listKeys() throws IPWorksSMIMEException
This method lists the keys (public/private key pairs) in a Cryptographic Service Provider (CSP). The results are provided through the KeyList
event.
The same information is also returned upon method completion as a set of lines, one per key, with each line containing the following information separated by Tab characters: KeyContainer , KeyType , AlgId , KeyLen .
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public java.lang.String listMachineStores() throws IPWorksSMIMEException
This method behaves the same as the ListCertificateStores
method, but lists certificate stores in the machine account (under HKEY_LOCAL_MACHINE in the registry).
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public java.lang.String listStoreCertificates() throws IPWorksSMIMEException
This method lists the certificates in a store. The results are provided
through the CertList
event.
The same information is also returned upon method completion as a set of lines, one per certificate, with each line containing the following information separated by Tab characters: CertSubject , CertIssuer , CertSerialNumber , HasPrivateKey (as "1" or "0").
IPWorksSMIMEException
public void readCertificate(java.lang.String fileName) throws IPWorksSMIMEException
This method will load a certificate from a file. The file contents can be encoded in base64 (PEM) or ASN (DER) format.
IPWorksSMIMEException
public void reset() throws IPWorksSMIMEException
This method will reset all certificate properties to their default values. If a certificate and private key is selected and/or a certificate store is opened, both are released upon calling this method.
IPWorksSMIMEException
public void saveCertificate(java.lang.String fileName) throws IPWorksSMIMEException
This method will save the current certificate to a file. The certificate is saved in base64 (PEM) format to the file specified by FileName . If the file exists, it is overwritten.
Note: This does not include the private key. To export a certificate with the private key, use ExportCertificate
.
IPWorksSMIMEException
public java.lang.String showCertificateChain() throws IPWorksSMIMEException
This method shows the certificate chain for the certificate. The results are provided through the CertChain
event.
The same information is also returned upon method completion as a set of lines, one per key, with each line containing the following information separated by Tab characters: CertSubject , CertIssuer , CertSerialNumber , TrustStatus , TrustInfo .
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public java.lang.String signCSR(byte[] CSR, int serialNumber) throws IPWorksSMIMEException
This method will create a signed certificate from a Certificate Signing Request (CSR). CSR specifies the Certificate Signing Request to be signed.
SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.
The time validity of the new certificate is determined by the CertValidityTime
configuration setting, and the key size by the CertKeyLength
configuration setting.
NOTE: This functionality is only available in Windows.
IPWorksSMIMEException
public void addCertmgrEventListener(CertmgrEventListener l) throws java.util.TooManyListenersException
java.util.TooManyListenersException
public void removeCertmgrEventListener(CertmgrEventListener l)
|
IP*Works! S/MIME V9 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |