com.ibm.security.certclient.util

Class JPKI

  • All Implemented Interfaces:
    com.ibm.security.certclient.base.PkAttrKind, com.ibm.security.certclient.base.PkCertConstants, com.ibm.security.certclient.base.PkConstants, com.ibm.security.certclient.base.PkHttpConstants, com.ibm.security.certclient.base.PkPollConstants, com.ibm.security.certclient.base.PkRevoConstants

    public class JPKI
extends Object
implements com.ibm.security.certclient.base.PkConstants

    • Field Summary

      • Fields inherited from interface com.ibm.security.certclient.base.PkConstants

        BIG_TWO, DEFAULT_KEY_SIZE, DEFAULT_LIFETIME, DEFAULT_PROVIDER, DEFAULT_RNG, DSA_KEY_TYPE, EC_KEY_TYPE, MD2_WITH_RSA, MD5_WITH_RSA, PKI_DB_CONN, PKI_DB_CONNS, PKI_ISSUER_DN, PKI_ISSUER_HOST, PKI_ISSUER_PORT, PKI_OPER, PKI_ROOT, RSA_KEY_TYPE, SHA1_WITH_DSA, SHA1_WITH_ECDSA, SHA1_WITH_RSA, SHA2_WITH_ECDSA, SHA3_WITH_ECDSA, SHA3_WITH_RSA, SHA5_WITH_ECDSA, SHA5_WITH_RSA

      • Fields inherited from interface com.ibm.security.certclient.base.PkAttrKind

        ATTR_APPLIED, ATTR_APPROVED, ATTR_NAMES

      • Fields inherited from interface com.ibm.security.certclient.base.PkCertConstants

        CERT_ALGORITHM_ID, CERT_ALGORITHM_NAME, CERT_ALTERNATIVE_NAME, CERT_AUTH_KEY_IDENTIFIER, CERT_BASIC_CONSTRAINTS, CERT_CA_PUBS, CERT_CA_VENDOR, CERT_CMP_VERSION, CERT_CRL_DISTRIBUTION_POINTS, CERT_EXT, CERT_EXT_KEY_USAGE, CERT_HIERARCHICAL, CERT_INIT_PWD, CERT_ISSUER, CERT_ISSUER_ID, CERT_KEY, CERT_KEY_IDENTIFIER, CERT_KEY_TYPE, CERT_KEY_USAGE, CERT_MESSAGE_PROTECTED, CERT_MESSAGE_PROTECTION_ALGORITHM_ID, CERT_MESSAGE_PROTECTION_ALGORITHM_NAME, CERT_MESSAGE_PROTECTION_KEY, CERT_MESSAGE_PROTECTION_PWD, CERT_NAME_CONSTRAINTS, CERT_NETSCAPE_CERT_TYPE, CERT_NOT_AFTER, CERT_NOT_BEFORE, CERT_OPER, CERT_OUTFILENAME, CERT_POLICY_CONSTRAINTS, CERT_POLICY_MAPPINGS, CERT_PRIVATE_KEY, CERT_PRIVATE_KEY_EE, CERT_PRIVATE_KEY_USAGE, CERT_PROVIDER, CERT_PUBLISH_IMMEDIATELY, CERT_RECIPIENT_DN, CERT_REP_HDR, CERT_REQ_ID, CERT_REVO_PUBLIC_KEY, CERT_REVOCATION_PASSPHRASE, CERT_ROOT, CERT_SENDER_KID, CERT_SERIAL_NUMBER, CERT_SUBJECT, CERT_SUBJECT_ALTERNATIVE_NAME, CERT_SUBJECT_ID, CERT_TIME_TO_CHECK_BACK, CERT_VENDOR_TPKI_RA_ENROLL, CERT_VERSION, CERT_VERSION_1, CERT_VERSION_2, CERT_VERSION_3, CERT_X509, KEY_STORE_CERT_ALIAS, KEY_STORE_ENTRY_PWD, KEY_STORE_INIT_CERT_ALIAS, KEY_STORE_INIT_ENTRY_PWD, MAKE_CONF_REQUEST_MESSAGE, MAX_SUBJECT_NAME_LENGTH_TO_STORE_IN_TABLES, sccsid

      • Fields inherited from interface com.ibm.security.certclient.base.PkRevoConstants

        REVO_BAD_SINCE_DATE, REVO_CRL_EXT, REVO_OPER, REVO_PUBLISH_IMMEDIATELY, REVO_REASON, REVO_ROOT

      • Fields inherited from interface com.ibm.security.certclient.base.PkHttpConstants

        HTTP_BASE_NAME, HTTP_FILE_NAME, HTTP_METHOD, HTTP_ROOT, HTTP_VERSION

      • Fields inherited from interface com.ibm.security.certclient.base.PkPollConstants

        POLL_REFERENCE, POLL_ROOT, POLL_TIME_TO_CHECK_BACK

    • Constructor Summary

      Constructors 
      Constructor and Description
      JPKI() 

    • Constructor Detail

      • JPKI

        public JPKI()

    • Method Detail

      • initialCertRequest

        public com.ibm.security.certclient.base.PkAttrs initialCertRequest(String[] values,
                                                                   String[] subjectAltNames,
                                                                   String[] kUsage,
                                                                   PublicKey pubKey,
                                                                   PrivateKey privateKey,
                                                                   String signatureAlgorithm)
                                                            throws Exception
        Creates an initial certificate request this method assumes that the public,private key pair has been generated by the caller. The public key will be passed in by the user.
        Parameters:
        values - array of string with values as follows:
        • 0. subjectRDN distinguished name prefix for subject for whom certificate is requested, e.g. cn=newUser The domain name is appended to this prefix to generate the subjectDN
        • 1. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
        • 2. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
        • 3. reference-number this and the next value are the initial authentication parameter
        • 4. passphrase see reference-number
        • 5. notBeforeDate - date from which certificate is valid expressed in milliseconds
        • 6. issuedCertValidity duration for which certificate is valid expressed in milliseconds
        subjectAltNames - array for specifying subject alternative names. Zero or more values may be specified in the following order. Specify null to indicate that no value is being specified.
        • 0. email email address for the subject , e.g. newUser@us.ibm.com
        • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
        • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
        • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
        kUsage - array for specifying keyusage. Any of the values below can be specified. The last value must be null.
        • "digital_signature"
        • "non_repudiation"
        • "key_encipherment"
        • "data_encipherment"
        • "encipher_only"
        • "decipher_only"
        pubKey - public key for which certificate is being requested
        privateKey - This is optional. private key corresponding to the above public key
        Returns:
        PkAttrs attributes that make up a certificate request
        Throws:
        Exception

      • initialCertRequest

        public com.ibm.security.certclient.base.PkAttrs initialCertRequest(byte[] base64pkcs10RequestAsByteArray,
                                                                   String[] values)
                                                            throws Exception
        Creates an initial certificate request
        Parameters:
        base64pkcs10RequestAsByteArray - byte[] byte array containing a base64 encoded pkcs10 request
        values - array of string with values as follows:
        • 0. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
        • 1. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
        • 2. reference-number this and the next value are the initial authentication parameter
        • 3. passphrase see reference-number
        • 4. notBeforeDate - date from which certificate is valid expressed in milliseconds
        • 5. issuedCertValidity duration for which certificate is valid expressed in milliseconds
        Throws:
        Exception

      • initialCertRequest

        public com.ibm.security.certclient.base.PkAttrs initialCertRequest(com.ibm.security.pkcs10.CertificationRequest certReq,
                                                                   String[] values)
                                                            throws Exception
        Creates an initial certificate request
        Parameters:
        certReq - CertificationRequest - certificate request in PKCS#10 format
        values - array of string with values as follows:
        • 0. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
        • 1. certVersion - version number of certificate to be generated. Value must be set to 3 for X509V3 certificate
        • 2. reference-number this and the next value are the initial authentication parameter
        • 3. passphrase see reference-number
        • 4. notBeforeDate - date from which certificate is valid expressed in milliseconds
        • 5. issuedCertValidity duration for which certificate is valid expressed in milliseconds
        Throws:
        Exception

      • confRequest

        public com.ibm.security.certclient.base.PkAttrs confRequest(String[] values)

      • confRequest

        public com.ibm.security.certclient.base.PkAttrs confRequest(Object[] values,
                                                            Object[] initCertInfo)
                                                     throws Exception
        Create a confirmation request
        Parameters:
        values - array of objects with values as follows:
        • 0 = PkiHeader corresponding to the header used in the certificate request
        • 1 = initialAuthPassword //password used during the initial request
        • 2 = reference number //reference number used during initial request
        • 3 = revoPassword //this is optional
        initCertInfo - array of objects containing information from the initial certificate request: If you specify the values below, the confirmation request is generated for a subsequent request.
        • 0. privateKey private key that was generated for the initial request
        • 1. Certificate certificate generated for user from initial certificate request
        Returns:
        PkAttrs attributes that make up a confirmation request
        Throws:
        Exception

      • secnRequest

        public com.ibm.security.certclient.base.PkAttrs secnRequest(String[] values,
                                                            String[] subjectAltNames,
                                                            String[] kUsage,
                                                            PublicKey publicKey,
                                                            PrivateKey privateKey,
                                                            String sigAlg,
                                                            Object[] initCertInfo)
                                                     throws Exception
        Creates a subsequent certificate request this method assumes that the public,private key pair has been generated by the caller. The public key will be passed in to the user. This is useful for applications that want to manage their own keystores
        Parameters:
        values - array of string with values as follows:
        • 0. subjectRDN distinguished name prefix for subject for whom certificate is requested, e.g. cn=newUser The domain name is appended to this prefix to generate the subjectDN
        • 1. domain domain for which the CA is configured, e.g. ou=aix,o=ibm,c=us
        • 2. certVersion - version number of certificate to be generated. Value must be set to 3
        • for X509V3 certificate
        • 3. notBeforeDate - date from which certificate is valid.
        • 4. issuedCertValidity duration for which certificate is valid expressed in milliseconds
        subjectAltNames - array for specifying subject alternative names. Zero or more values may be specified in the following order. Specify null to indicate that no value is being specified.
        • 0. email email address for the subject , e.g. newUser@us.ibm.com
        • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
        • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
        • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
        kUsage - array for specifying keyusage. Any of the values below can be specified. The last value must be null.
        • "digital_signature"
        • "non_repudiation"
        • "key_encipherment"
        • "data_encipherment"
        • "encipher_only"
        • "decipher_only"
        initCertInfo - array of objects containing information from the initial certificate request:
        • 0. privateKey private key that was generated for the initial request
        • 1. Certificate certificate generated for user from initial certificate request
        Returns:
        PkAttrs attributes that make up a certificate request
        Throws:
        Exception

      • revoRequest

        public com.ibm.security.certclient.base.PkAttrs revoRequest(Object[] items)
                                                     throws Exception
        Create a request to revoke a certificate
        Parameters:
        items - array of objects with values as follows:
        • 0 = certificate to be revoked, provided as an X509CertImpl object
        • 1 = intReason an integer representing the reason for a revocation. Set to one of the following: unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6) }
        • 2 = privateKey (optional)the private key of the subject whose certificate is being revoked.
        • 3 = revocation-password (optional) the revocation password that was specified when the certificate request was made. Note that either the private key or revocation password must be provided, otherwise the request will be rejected.
        Returns:
        PkAttrs attributes that make up a revocation request
        Throws:
        Exception

      • revoRequest

        public com.ibm.security.certclient.base.PkAttrs revoRequest(BigInteger certSerialNumber,
                                                            Object[] items)
                                                     throws Exception
        Create a request to revoke a certificate
        Parameters:
        certSerialNumber - BigInteger the serial number of the certificate to revoke
        items - array of objects with values as follows:
        • 0 = intReason an integer representing the reason for a revocation. Set to one of the following: 
              unused                  (0),
    keyCompromise           (1),
    cACompromise            (2),
    affiliationChanged      (3),
    superseded              (4),
    cessationOfOperation    (5),
    certificateHold         (6) }
        • 1 = privateKey (optional)the private key of the subject whose certificate is being revoked.
        • 2 = revocation-password (optional) the revocation password that was specified when the certificate request was made. Note that either the private key or revocation password must be provided, otherwise the request will be rejected.
        Returns:
        PkAttrs attributes that make up a revocation request
        Throws:
        Exception

      • revoRequest

        public com.ibm.security.certclient.base.PkAttrs revoRequest(PublicKey publicKey,
                                                            Object[] items)
                                                     throws Exception
        Create a request to revoke a certificate
        Parameters:
        publicKey - the Public Key of the certificate to revoke
        items - array of objects with values as follows:
        • 0 = publicKey the public key of the subject whose certificate is being revoked.
        • 2 = 0 = intReason, 1= (Optional) privatKey, 2= revoPwd
        Returns:
        PkAttrs attributes that make up a revocation request
        Throws:
        Exception
Skip navigation links

© Copyright IBM Corp. 1998, 2021 All Rights Reserved.