|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.prosysopc.ua.SecureIdentity
com.prosysopc.ua.ApplicationIdentity
public class ApplicationIdentity
ApplicationIdentity defines the security settings for the OPC UA application. These are used when a new Session is created. Use Mode to define the selected security level to use. SecurityKeys define the application instance certificate generated for the installed application.
UserIdentity| Field Summary | |
|---|---|
static String |
CERT_FILE_EXTENSIONS
|
| Fields inherited from class com.prosysopc.ua.SecureIdentity |
|---|
certificate, privateKey |
| Constructor Summary | |
|---|---|
ApplicationIdentity()
Create a new empty identity. |
|
ApplicationIdentity(org.opcfoundation.ua.transport.security.Cert certificate,
org.opcfoundation.ua.transport.security.PrivKey privateKey)
Create a new identity |
|
ApplicationIdentity(File certificateFile,
File privateKeyFile,
String privateKeyPassword)
Create an identity with an application certificate. |
|
ApplicationIdentity(File storeLocation,
String alias,
String privateKeyPassword,
String keyStorePassword,
String keyStoreType)
|
|
ApplicationIdentity(org.opcfoundation.ua.transport.security.KeyPair... keyPairs)
|
|
ApplicationIdentity(URL certificateFile,
URL privateKeyFile,
String privateKeyPassword)
Create an identity with an application certificate. |
|
| Method Summary | |
|---|---|
void |
addSoftwareCertificates(org.opcfoundation.ua.core.SignedSoftwareCertificate[] softwareCertificates)
Deprecated. this method does nothing as the serverSoftwareCertificates parameter of CreateSessionResponse is deprecated in UA 1.04 |
static ApplicationIdentity |
createCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String... hostNames)
Create a new Application Identity certificate. |
static ApplicationIdentity |
createCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String... hostNames)
Create a new self-signed Application Identity certificate. |
static ApplicationIdentity |
createCertificate(String applicationName,
String organisation,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String applicationUri,
String... hostNames)
Create the Application Identity certificate. |
static org.opcfoundation.ua.transport.security.KeyPair |
createHttpsCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDecription,
String hostName,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys)
/** Create certificate and private key to be used for HTTPS |
static org.opcfoundation.ua.transport.security.KeyPair |
createKeyPair(String commonName,
String organisation,
int certificateDays,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String applicationUri,
String... hostNames)
Create a new Certificate. |
boolean |
equals(Object obj)
|
static String |
getActualHostName()
Returns the hostname with domain (if available). |
static String |
getActualHostNameWithoutDomain()
Returns the hostname without the domain part. |
org.opcfoundation.ua.core.ApplicationDescription |
getApplicationDescription()
The application description defines information about the running application instance. |
protected static File |
getBestFile(File path,
String baseName,
String... extension)
|
org.opcfoundation.ua.transport.security.KeyPair[] |
getCertificates()
The OPC UA Application Instance Certificates of the application. |
static int |
getDefaultCertificateDays()
The number of days new certificates are valid. |
org.opcfoundation.ua.transport.security.KeyPair |
getHttpsCertificate()
The HTTPS Certificate (and private key). |
String |
getOrganisation()
The organization name used for the application certificates. |
org.opcfoundation.ua.core.SignedSoftwareCertificate[] |
getSoftwareCertificates()
Deprecated. this method returns empty array always as the serverSoftwareCertificates parameter of CreateSessionResponse is deprecated in UA 1.04 |
int |
hashCode()
|
protected static org.opcfoundation.ua.transport.security.KeyPair |
loadCertificate(String certType,
String privateKeyPassword,
boolean enableRenew,
File certFile,
File privFile,
boolean usePfx)
|
static ApplicationIdentity |
loadOrCreateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
File path,
boolean enableRenew,
String... hostNames)
Load the Application Identity certificate, or create a new one and save it. |
static ApplicationIdentity |
loadOrCreateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
File path,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
int[] keySizes,
boolean enableRenew,
String... hostNames)
Load the Application Identity certificate, or create a new one and save it. |
static ApplicationIdentity |
loadOrCreateCertificate(String applicationName,
String organisation,
File certFile,
File privFile,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
boolean enableRenew,
String applicationUri,
String... hostNames)
Load the Application Identity certificate, or create a new one and save it. |
static ApplicationIdentity |
loadOrCreateCertificate(String applicationName,
String organisation,
String privateKeyPassword,
File path,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
int[] keySizes,
boolean enableRenew,
String applicationUri,
String... hostNames)
Load the Application Identity certificate, or create a new one and save it. |
protected static ApplicationIdentity |
loadOrCreateFromProtectedStore(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
String keystoreLocation,
String keyStorePassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String... hostNames)
Load the Application Identity certificate from a protected key store, or create a new one and save it to the store. |
static org.opcfoundation.ua.transport.security.KeyPair |
loadOrCreateHttpsCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDecription,
String hostName,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
File path,
boolean enableRenew)
Load certificate and private key from applicationName_https.der & .pem - or create ones if they do not exist |
static org.opcfoundation.ua.transport.security.KeyPair |
loadOrCreateIssuerCertificate(String issuerName,
File path,
String privateKeyPassword,
int days,
boolean enableRenew)
Load CA certificate and private key from |
static org.opcfoundation.ua.transport.security.KeyPair |
loadOrCreateKeyPair(String applicationName,
String organisation,
File certFile,
File privFile,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair caKeys,
boolean enableRenew,
String applicationUri,
String... hostNames)
|
protected static String |
replaceHostNameTagWithActualHostName(String s)
|
protected static void |
saveCertificate(String certType,
org.opcfoundation.ua.transport.security.KeyPair keys,
File certFile,
File privFile,
String privateKeyPassword,
boolean usePfx)
|
void |
setApplicationDescription(org.opcfoundation.ua.core.ApplicationDescription applicationDescription)
Define the application description information. |
static void |
setCacheLocalHostname(boolean cacheLocalHostname)
Set to true to cache the values of getActualHostName() and
getActualHostNameWithoutDomain() for subsequent calls. |
static void |
setDefaultCertificateDays(int days)
Define the number of days new certificates are valid. |
void |
setHttpsCertificate(org.opcfoundation.ua.transport.security.KeyPair httpsCertificate)
The HTTPS Certificate (and private key). |
void |
setOrganisation(String organisation)
Define the organisation name used for the application |
| Methods inherited from class com.prosysopc.ua.SecureIdentity |
|---|
decrypt, decrypt, encrypt, getCertificate, getKeys, getPrivateKey |
| Methods inherited from class java.lang.Object |
|---|
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final String CERT_FILE_EXTENSIONS
| Constructor Detail |
|---|
public ApplicationIdentity()
public ApplicationIdentity(org.opcfoundation.ua.transport.security.Cert certificate,
org.opcfoundation.ua.transport.security.PrivKey privateKey)
certificate - The application certificateprivateKey - The private key
public ApplicationIdentity(File certificateFile,
File privateKeyFile,
String privateKeyPassword)
throws IOException,
SecureIdentityException
certificateFile - the file containing the user certificateprivateKeyFile - the file containing the user private keyprivateKeyPassword - password used to secure the private key
IOException - if the files cannot be read
SecureIdentityException - if the certificate or private key file is not valid
public ApplicationIdentity(File storeLocation,
String alias,
String privateKeyPassword,
String keyStorePassword,
String keyStoreType)
throws IOException,
SecureIdentityException
IOException
SecureIdentityExceptionpublic ApplicationIdentity(org.opcfoundation.ua.transport.security.KeyPair... keyPairs)
keyPairs -
public ApplicationIdentity(URL certificateFile,
URL privateKeyFile,
String privateKeyPassword)
throws IOException,
SecureIdentityException
certificateFile - the file containing the user certificateprivateKeyFile - the file containing the user private keyprivateKeyPassword - password used to secure the private key
IOException - if the files cannot be read
SecureIdentityException - if the certificate or private key file is not valid| Method Detail |
|---|
public static ApplicationIdentity createCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String... hostNames)
throws SecureIdentityException
Generates a new public&private key pair and creates a new ApplicationIdentity using it.
The certificate is signed with the issuerKeys.
applicationDescription - Application name to use in the certificate and also as the file
name base. If the ApplicationUri contains 'localhost' or 'domainname', it will be
converted to the actual host name ( getActualHostName()). If it contains
'hostname', it will be converted to the hostname without domain (
getActualHostNameWithoutDomain())organisation - Organization name to use in the certificate.issuerKeys - the certificate and private key of the issuer, to be used for signing the new
certificatehostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be generated. Read the cause for
the original exception.
public static ApplicationIdentity createCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String... hostNames)
throws SecureIdentityException
Generates a new public&private key pair and creates a new ApplicationIdentity using it.
applicationDescription - Application name to use in the certificate and also as the file
name base. If the ApplicationUri contains 'localhost' or 'domainname', it will be
converted to the actual host name ( getActualHostName()). If it contains
'hostname', it will be converted to the hostname without domain (
getActualHostNameWithoutDomain())organisation - Organization name to use in the certificate.hostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be generated. Read the cause for
the original exception.
public static ApplicationIdentity createCertificate(String applicationName,
String organisation,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String applicationUri,
String... hostNames)
throws SecureIdentityException
Generates a new public&private key pair and creates a new ApplicationIdentity using it.
applicationName - Application name to use in the certificate and also as the file name
base. If the ApplicationUri contains 'localhost' or 'domainname', it will be converted
to the actual host name ( getActualHostName()). If it contains 'hostname', it
will be converted to the hostname without domain (
getActualHostNameWithoutDomain())organisation - Organization name to use in the certificate.issuerKeys - the certificate and private key of the issuer, to be used for signing the new
certificateapplicationUri - The application URI to use for SubjectAlternativeNamehostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be generated. Read the cause for
the original exception.
public static org.opcfoundation.ua.transport.security.KeyPair createHttpsCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDecription,
String hostName,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys)
throws GeneralSecurityException,
IOException
applicationDescription - Application name to use in the certificate and also as the file
name base.hostName - The hostname to use for the certificate subject. The clients may verify the
hostname that it matches the URL of the server.issuerKeys - The certificate and private key of the issuer, to be used for signing the new
certificate
GeneralSecurityException
IOException
public static org.opcfoundation.ua.transport.security.KeyPair createKeyPair(String commonName,
String organisation,
int certificateDays,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String applicationUri,
String... hostNames)
throws SecureIdentityException
commonName - The value for the Common Name field of the certificateorganisation - The value for the Common Name field of the certificatecertificateDays - Number of days that the certificate is to be validissuerKeys - the keys of the optional Certificate Authority to use for signing the
certificateapplicationUri - The application URI to use for SubjectAlternativeNamehostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be createdpublic static String getActualHostName()
setCacheLocalHostname(boolean) is true,
which by default is.
public static String getActualHostNameWithoutDomain()
getActualHostName() and removing everything after first dot. If there is no domain
part, just returns the whole hostname. Calling this method the first time may be slow,
subsequent calls use cached value, if setCacheLocalHostname(boolean) is true, which by
default is.
public static int getDefaultCertificateDays()
public static ApplicationIdentity loadOrCreateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
File path,
boolean enableRenew,
String... hostNames)
throws SecureIdentityException,
IOException
In the first run this method creates public&private key pair and saves them to files. In other runs the key pairs are loaded from files.
applicationDescription - Application name to use in the certificate and also as the file
name base.organisation - Organization name to use in the certificate.privateKeyPassword - The password for private keypath - Optional path to the filesenableRenew - Enable renewing the certificate if it has expired.hostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be loaded or generated. Read the
cause for the original exception.
IOException - if the certificate files cannot be read or created.
public static ApplicationIdentity loadOrCreateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
File path,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
int[] keySizes,
boolean enableRenew,
String... hostNames)
throws SecureIdentityException,
IOException
In the first run this method creates public&private key pair and saves them to files. In other runs the key pairs are loaded from files.
applicationDescription - Application name to use in the certificate and also as the file
name base.organisation - Organization name to use in the certificate.privateKeyPassword - The password for private keypath - Optional path to the filesissuerKeys - the certificate and private key of the issuer, to be used for signing the new
certificatekeySizes - an array of key sizes to use for the identity. A separate certificate will be
created with each size. The various key sizes may be necessary, depending on which
SecurityPolicy alternatives are enabled by the application.enableRenew - Enable renewing the certificate if it has expired.hostNames - alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be loaded or generated. Read the
cause for the original exception.
IOException - if the certificate files cannot be read or created.
public static ApplicationIdentity loadOrCreateCertificate(String applicationName,
String organisation,
File certFile,
File privFile,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
boolean enableRenew,
String applicationUri,
String... hostNames)
throws SecureIdentityException,
IOException
In the first run this method creates public&private key pair and saves them to files. In other runs the key pairs are loaded from files.
If the certificate expires, it is automatically renewed, if enableRenew is true.
The key size will be the default, as defined by CertificateUtils.getKeySize().
applicationName - Application name to use in the certificate and also as the file name
base.organisation - Organization name to use in the certificate.certFile - The file used to store the certificate. The certificate is saved in binary DER
formatprivFile - The file used to store the private key. The key is saved in PEM format, but can
be read in PFX or raw binary as well, depending on the actual format of the file.privateKeyPassword - The password for private keyissuerKeys - The certificate and private key of the issuer, to be used for signing the new
certificate. If null, a self-signed certificate is created.enableRenew - Enable renewing the certificate if it has expired.applicationUri - The application URI to use for SubjectAlternativeNamehostNames - Alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be loaded or generated. Read the
cause for the original exception.
IOException - if the certificate files cannot be loaded or created.
public static ApplicationIdentity loadOrCreateCertificate(String applicationName,
String organisation,
String privateKeyPassword,
File path,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
int[] keySizes,
boolean enableRenew,
String applicationUri,
String... hostNames)
throws SecureIdentityException,
IOException
In the first run this method creates public&private key pair and saves them to files. In other runs the key pairs are loaded from files.
applicationName - Application name to use in the certificate and also as the file name
base.organisation - Organization name to use in the certificate.privateKeyPassword - The password for private keypath - Optional path to the filesissuerKeys - The certificate and private key of the issuer, to be used for signing the new
certificate. If null, a self-signed certificate is created.keySizes - An array of key sizes to use for the identity. A separate certificate will be
created with each size. The various key sizes may be necessary, depending on which
SecurityPolicy alternatives are enabled by the application. The first entry may
be 0, in which case the default KeySize is used - and the fileName to look for is not
appended with the keySize. If the keySizes is omitted (null or empty), the default key
size, as defined by CertificateUtils.getKeySize(), is used.enableRenew - Enable renewing the certificate if it has expired.applicationUri - The application URI to use for SubjectAlternativeNamehostNames - Alternate host names or IP addresses to add to SubjectAlternativeName
SecureIdentityException - if the certificate could not be loaded or generated. Read the
cause for the original exception.
IOException - if the certificate files cannot be loaded or created.
public static org.opcfoundation.ua.transport.security.KeyPair loadOrCreateHttpsCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDecription,
String hostName,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
File path,
boolean enableRenew)
throws IOException,
SecureIdentityException
applicationDescription - Application name to use in the certificate and also as the file
name base.hostName - The hostname to use for the certificate subject. The clients may verify the
hostname that it matches the URL of the server.path - Optional path to the filesissuerKeys - The certificate and private key of the issuer, to be used for signing the new
certificateenableRenew - Enable renewing the certificate if it has expired.
IOException - if the certificate or private key cannot be stored in the defined path.
SecureIdentityException - if the certificate creation fails.
public static org.opcfoundation.ua.transport.security.KeyPair loadOrCreateIssuerCertificate(String issuerName,
File path,
String privateKeyPassword,
int days,
boolean enableRenew)
throws IOException,
SecureIdentityException
issuerName - The name of the issuer to use as the Subject for the certificate and file
names.path - optional path to the filesprivateKeyPassword - the password used to protect the private key filedays - number of days the certificate will be validenableRenew -
IOException
SecureIdentityException
public static org.opcfoundation.ua.transport.security.KeyPair loadOrCreateKeyPair(String applicationName,
String organisation,
File certFile,
File privFile,
String privateKeyPassword,
org.opcfoundation.ua.transport.security.KeyPair caKeys,
boolean enableRenew,
String applicationUri,
String... hostNames)
throws IOException,
SecureIdentityException
IOException
SecureIdentityExceptionpublic static void setCacheLocalHostname(boolean cacheLocalHostname)
getActualHostName() and
getActualHostNameWithoutDomain() for subsequent calls. Default value is true.
public static void setDefaultCertificateDays(int days)
protected static File getBestFile(File path,
String baseName,
String... extension)
protected static org.opcfoundation.ua.transport.security.KeyPair loadCertificate(String certType,
String privateKeyPassword,
boolean enableRenew,
File certFile,
File privFile,
boolean usePfx)
throws SecureIdentityException
SecureIdentityException
protected static ApplicationIdentity loadOrCreateFromProtectedStore(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
String organisation,
String privateKeyPassword,
String keystoreLocation,
String keyStorePassword,
org.opcfoundation.ua.transport.security.KeyPair issuerKeys,
String... hostNames)
throws IOException,
SecureIdentityException
applicationDescription - Application description to use in the certificate and also as the
file name base. Must not be nullorganisation - Organization name to use in the certificate.privateKeyPassword - keystoreLocation - keyStorePassword -
IOException - if the key store cannot be opened
SecureIdentityException - if the certificate could not be generated. Read the cause for
the original exception.protected static String replaceHostNameTagWithActualHostName(String s)
s -
protected static void saveCertificate(String certType,
org.opcfoundation.ua.transport.security.KeyPair keys,
File certFile,
File privFile,
String privateKeyPassword,
boolean usePfx)
throws IOException,
GeneralSecurityException
IOException
GeneralSecurityException@Deprecated public void addSoftwareCertificates(org.opcfoundation.ua.core.SignedSoftwareCertificate[] softwareCertificates)
softwareCertificates - public boolean equals(Object obj)
equals in class SecureIdentitypublic org.opcfoundation.ua.core.ApplicationDescription getApplicationDescription()
public org.opcfoundation.ua.transport.security.KeyPair[] getCertificates()
public org.opcfoundation.ua.transport.security.KeyPair getHttpsCertificate()
loadOrCreateHttpsCertificate(ApplicationDescription, String, String, KeyPair, File, boolean)
.
public String getOrganisation()
@Deprecated public org.opcfoundation.ua.core.SignedSoftwareCertificate[] getSoftwareCertificates()
public int hashCode()
hashCode in class SecureIdentitypublic void setApplicationDescription(org.opcfoundation.ua.core.ApplicationDescription applicationDescription)
applicationDescription - the application description information.public void setHttpsCertificate(org.opcfoundation.ua.transport.security.KeyPair httpsCertificate)
loadOrCreateHttpsCertificate(ApplicationDescription, String, String, KeyPair, File, boolean)
.
httpsCertificate - public void setOrganisation(String organisation)
organisation -
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||