|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.opcfoundation.ua.utils.CertificateUtils
public class CertificateUtils
A utility class for generating self-signed certificates for UA clients and servers and for using them.
| Constructor Summary | |
|---|---|
CertificateUtils()
|
|
| Method Summary | |
|---|---|
static KeyPair |
createApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair issuerKeys,
String... hostNames)
createApplicationInstanceCertificate. |
static KeyPair |
createApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
String... hostNames)
createApplicationInstanceCertificate. |
static KeyPair |
createHttpsCertificate(String hostName,
String applicationUri,
int days,
KeyPair issuerCert)
Create a new certificate that can be used with the HTTPS protocol. |
static KeyPair |
createIssuerCertificate(String commonName,
int days,
KeyPair issuerCert)
Create a new issuer certificate that can be used to issue certificates built with createApplicationInstanceCertificate(String, String, String, int, String...) |
static byte[] |
createThumbprint(byte[] data)
Create SHA-1 Thumbprint |
static X509Certificate |
decodeX509Certificate(byte[] encodedCertificate)
Decode X509 Certificate |
static String |
getApplicationUriOfCertificate(Cert certificate)
getApplicationUriOfCertificate. |
static String |
getApplicationUriOfCertificate(X509Certificate certificate)
getApplicationUriOfCertificate. |
static CertificateProvider |
getCertificateProvider()
Getter for the field certificateProvider. |
static String |
getCertificateSignatureAlgorithm()
Getter for the field certificateSignatureAlgorithm. |
static int |
getKeySize()
Getter for the field keySize. |
protected static Collection<List<?>> |
getSubjectAlternativeNames(X509Certificate cert)
getSubjectAlternativeNames. |
static RSAPrivateKey |
loadFromKeyStore(URL keystoreUrl,
String password)
Load private key from a key store |
static KeyPair |
loadKeyPairFromProtectedStore(String storeLocation,
String alias,
String storePW,
String privatePW)
Load a KeyPair from a Java Key Store. |
static X509Certificate |
readX509Certificate(File file)
Load X.509 Certificate from a file |
static X509Certificate |
readX509Certificate(URL url)
Load X.509 Certificate from an url |
static KeyPair |
renewApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair oldKeys,
KeyPair issuerKeys,
String... hostNames)
Renew a certificate KeyPair using the old keys. |
static KeyPair |
renewApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair oldKeys,
String... hostNames)
Renew a certificate KeyPair. |
static boolean |
saveKeyPairToProtectedStore(KeyPair keyPairToSave,
String storeLocation,
String alias,
String storePW,
String privatePW)
Save the KeyPair to a Java Key Store. |
static void |
saveToProtectedStore(PrivateKey privateKey,
Certificate certificate,
File storeLocation,
String alias,
String privateKeyPassword,
String keyStorePassword,
String keyStoreType)
Save the private key to a jks or pfx (PKCS12)-keystore. |
static void |
setCertificateProvider(CertificateProvider certificateProvider)
Define the preferred CertificateProvider. |
static void |
setCertificateSignatureAlgorithm(String certificateSignatureAlgorithm)
Define the algorithm to use for certificate signatures. |
static void |
setKeySize(int keySize)
Define the key size for the certificates. |
static SignatureData |
sign(PrivateKey signerKey,
SecurityAlgorithm algorithm,
byte[] dataToSign)
Deprecated. Use CryptoUtil.signAsymm(PrivateKey, SecurityAlgorithm, byte[]) instead. |
static KeyPair |
toKeyPair(X509Certificate cert,
PrivateKey privateKey)
toKeyPair. |
static boolean |
verify(X509Certificate certificate,
SecurityAlgorithm algorithm,
byte[] data,
byte[] signature)
Deprecated. Use CryptoUtil.verifyAsymm(X509Certificate, SecurityAlgorithm, byte[], byte[]) instead. |
static void |
writeToPem(X509Certificate key,
File file)
writeToPem. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public CertificateUtils()
| Method Detail |
|---|
public static SignatureData sign(PrivateKey signerKey,
SecurityAlgorithm algorithm,
byte[] dataToSign)
throws NoSuchAlgorithmException,
SignatureException,
InvalidKeyException
CryptoUtil.signAsymm(PrivateKey, SecurityAlgorithm, byte[]) instead.
signerKey - a PrivateKey object.algorithm - asymmetric signer algorithm, See SecurityAlgorithmdataToSign - an array of byte.
NoSuchAlgorithmException - if any.
SignatureException - if any.
InvalidKeyException - if any.
public static boolean verify(X509Certificate certificate,
SecurityAlgorithm algorithm,
byte[] data,
byte[] signature)
throws SignatureException,
InvalidKeyException,
NoSuchAlgorithmException
CryptoUtil.verifyAsymm(X509Certificate, SecurityAlgorithm, byte[], byte[]) instead.
certificate - a X509Certificate object.algorithm - asymmetric signer algorithm, See SecurityAlgorithmdata - an array of byte.signature - an array of byte.
SignatureException - if any.
InvalidKeyException - if any.
NoSuchAlgorithmException - if any.
public static X509Certificate readX509Certificate(URL url)
throws IOException,
CertificateException
url - a URL object.
IOException - if any.
CertificateException - In case the certificate is not valid
public static X509Certificate readX509Certificate(File file)
throws IOException,
CertificateException
file - a File object.
IOException - if any.
CertificateException - In case the certificate is not validpublic static byte[] createThumbprint(byte[] data)
data - an array of byte.
public static X509Certificate decodeX509Certificate(byte[] encodedCertificate)
throws CertificateException
encodedCertificate - an array of byte.
CertificateException - if any.
public static RSAPrivateKey loadFromKeyStore(URL keystoreUrl,
String password)
throws IOException,
NoSuchAlgorithmException,
CertificateException,
KeyStoreException,
UnrecoverableKeyException
keystoreUrl - url to key storepassword - password to key store
IOException - if any.
CertificateException - if any.
NoSuchAlgorithmException - if any.
KeyStoreException - if any.
UnrecoverableKeyException - if any.
public static boolean saveKeyPairToProtectedStore(KeyPair keyPairToSave,
String storeLocation,
String alias,
String storePW,
String privatePW)
throws KeyStoreException,
IOException,
NoSuchAlgorithmException,
CertificateException
keyPairToSave - a KeyPair object.storeLocation - a String object.alias - a String object.storePW - a String object.privatePW - a String object.
KeyStoreException - if any.
IOException - if any.
NoSuchAlgorithmException - if any.
CertificateException - if any.
public static KeyPair loadKeyPairFromProtectedStore(String storeLocation,
String alias,
String storePW,
String privatePW)
throws KeyStoreException,
IOException,
NoSuchAlgorithmException,
CertificateException,
UnrecoverableKeyException
storeLocation - a String object.alias - a String object.storePW - a String object.privatePW - a String object.
KeyPair object.
KeyStoreException - if any.
IOException - if any.
NoSuchAlgorithmException - if any.
CertificateException - if any.
UnrecoverableKeyException - if any.
public static KeyPair renewApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair oldKeys,
KeyPair issuerKeys,
String... hostNames)
throws IOException,
IllegalStateException,
GeneralSecurityException
commonName - - Common Name (CN) for generated certificateorganisation - - Organisation (O) for generated certificateapplicationUri - - Alternative name (one of x509 extensiontype) for generated
certificate. Must not be nullvalidityTime - - the time that the certificate is valid (in days)oldKeys - the old keys to renewissuerKeys - the optional issuer certificate and private key to use for
signing the certificatehostNames - a String object.
KeyPair object.
IOException - if any.
IllegalStateException - if any.
GeneralSecurityException - if any.
public static KeyPair renewApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair oldKeys,
String... hostNames)
throws IOException,
IllegalStateException,
GeneralSecurityException
commonName - - Common Name (CN) for generated certificateorganisation - - Organisation (O) for generated certificateapplicationUri - - Alternative name (one of x509 extensiontype) for generated
certificate. Must not be nullvalidityTime - - the time that the certificate is valid (in days)oldKeys - the old keys to renewhostNames - a String object.
KeyPair object.
IOException - if any.
IllegalStateException - if any.
GeneralSecurityException - if any.public static void setCertificateSignatureAlgorithm(String certificateSignatureAlgorithm)
The OPC UA specification defines that the algorithm should be (at least) "SHA1WithRSA" for application instance certificates used for security policies Basic128Rsa15 and Basic256. For Basic256Sha256 it should be "SHA256WithRSA".
Default: "SHA256WithRSA"
certificateSignatureAlgorithm - the certificateSignatureAlgorithm to setpublic static int getKeySize()
Getter for the field keySize.
public static void setKeySize(int keySize)
keySize - size of the certificates. Good values are multiples of 1024,2048(,3072) and 4096
IllegalArgumentException - if the value is not acceptedpublic static CertificateProvider getCertificateProvider()
Getter for the field certificateProvider.
CertificateProvider object.public static void setCertificateProvider(CertificateProvider certificateProvider)
certificateProvider - the certificateProvider to set
public static KeyPair createApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
String... hostNames)
throws IOException,
GeneralSecurityException
createApplicationInstanceCertificate.
commonName - - Common Name (CN) for generated certificateorganisation - - Organisation (O) for generated certificateapplicationUri - - Alternative name (one of x509 extensiontype) for generated
certificate. Must not be nullvalidityTime - - the time that the certificate is valid (in days)hostNames - - alternate host names or IP addresses to add to
SubjectAlternativeNames
KeyPair object.
IOException - if any.
GeneralSecurityException - if any.
public static KeyPair createApplicationInstanceCertificate(String commonName,
String organisation,
String applicationUri,
int validityTime,
KeyPair issuerKeys,
String... hostNames)
throws IOException,
GeneralSecurityException
createApplicationInstanceCertificate.
commonName - - Common Name (CN) for the generated certificateorganisation - - Organisation (O) for the generated certificateapplicationUri - - Alternative name (one of x509 extensiontype) for generated
certificate. Must not be nullvalidityTime - - the time that the certificate is valid (in days)issuerKeys - the optional issuer certificate and private key to use for
signing the certificate. If null a self-signed certificate is generatedhostNames - - alternate host names or IP addresses to add to
SubjectAlternativeNames
KeyPair object.
IOException - if any.
GeneralSecurityException - if any.
public static KeyPair toKeyPair(X509Certificate cert,
PrivateKey privateKey)
throws CertificateEncodingException
toKeyPair.
cert - a X509Certificate object.privateKey - a PrivateKey object.
KeyPair object.
CertificateEncodingException - if any.
public static KeyPair createIssuerCertificate(String commonName,
int days,
KeyPair issuerCert)
throws GeneralSecurityException,
IOException
createApplicationInstanceCertificate(String, String, String, int, String...)
or
createHttpsCertificate(String, String, int, org.opcfoundation.ua.transport.security.KeyPair)
commonName - The common name to use for the Subject of the certificate (the
name will be prepended with "CN=" if it does not start with it
already)days - - the time that the certificate is valid (in days)issuerCert - - The certificate of the issuer that should sign the
certificate. If null, a self-signed certificate is created
GeneralSecurityException - if any.
IOException - if any.
public static KeyPair createHttpsCertificate(String hostName,
String applicationUri,
int days,
KeyPair issuerCert)
throws IOException,
GeneralSecurityException
hostName - - HostName of the computer in which the application is
running: used to initialize the Subject field of the
certificate. The client applications may validate this field
of the server certificate, so it should match the hostName
used in the ApplicationUri of the application.applicationUri - - The ApplicationUri corresponding to the respective field of
the ApplicationDescription of the application for which the
certificate is createddays - - the time that the certificate is valid (in days)issuerCert - - The certificate of the issuer that should sign the
certificate. If null, a self-signed certificate is created
IOException - if any.
GeneralSecurityException - if any.
public static void writeToPem(X509Certificate key,
File file)
throws IOException
writeToPem.
key - a X509Certificate object.file - a File object.
IOException - if any.
public static void saveToProtectedStore(PrivateKey privateKey,
Certificate certificate,
File storeLocation,
String alias,
String privateKeyPassword,
String keyStorePassword,
String keyStoreType)
throws IOException,
KeyStoreException,
NoSuchProviderException,
NoSuchAlgorithmException,
CertificateException
storeLocation - save location of the keystorealias - alias used for the keypairprivateKeyPassword - password to secure the private key, cannot be null for
keyStoreType "JKS"keyStorePassword - password to secure the key storekeyStoreType - type of the key store, "JKS" and "PKCS12" supportedprivateKeyPassword - password to secure the private key, cannot be null for
keyStoreType "JKS"privateKey - a PrivateKey object.certificate - a Certificate object.
IOException - if storeLocation is not available
NoSuchProviderException - The required security Provider not found
KeyStoreException - keystore failed
CertificateException - certificate problem
NoSuchAlgorithmException - cryptographic algorithm not foundpublic static String getCertificateSignatureAlgorithm()
Getter for the field certificateSignatureAlgorithm.
String object.
protected static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
throws CertificateParsingException
getSubjectAlternativeNames.
cert - a X509Certificate object.
Collection object.
CertificateParsingException - if any.
public static String getApplicationUriOfCertificate(X509Certificate certificate)
throws CertificateParsingException
getApplicationUriOfCertificate.
certificate - a X509Certificate object.
String object.
CertificateParsingException - if any.
public static String getApplicationUriOfCertificate(Cert certificate)
throws CertificateParsingException
getApplicationUriOfCertificate.
certificate - a Cert object.
String object.
CertificateParsingException - if any.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||