org.opcfoundation.ua.utils
Class BouncyCastleUtils

java.lang.Object
  extended by org.opcfoundation.ua.utils.BouncyCastleUtils

public class BouncyCastleUtils
extends Object

BouncyCastle specific implementations of certain Crypto Utilities. Called normally from the CryptoUtil or CertificateUtils class, so use those methods instead.


Constructor Summary
BouncyCastleUtils()
           
 
Method Summary
static byte[] base64Decode(String string)
          base64Decode.
static String base64Encode(byte[] bytes)
          base64Encode.
static X509Certificate generateCertificate(String domainName, PublicKey publicKey, PrivateKey privateKey, KeyPair issuerKeys, Date from, Date to, BigInteger serial, String applicationUri, String... hostNames)
          Generates a new certificate using the Bouncy Castle implementation.
static X509Certificate generateIssuerCert(PublicKey publicKey, PrivateKey privateKey, KeyPair issuerKeys, String commonName, BigInteger serialNr, Date startDate, Date expiryDate)
          Build a X509 V3 certificate to use as an issuer (CA) certificate.
static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
          getSubjectAlternativeNames.
static byte[] PKCS5PasswordToBytes(char[] password)
          Converts a password to a byte array according to the scheme in PKCS5 (ascii, no padding)
static void writeToPem(Object key, File savePath, String password, String algorithm)
          writeToPem.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BouncyCastleUtils

public BouncyCastleUtils()
Method Detail

generateIssuerCert

public static X509Certificate generateIssuerCert(PublicKey publicKey,
                                                 PrivateKey privateKey,
                                                 KeyPair issuerKeys,
                                                 String commonName,
                                                 BigInteger serialNr,
                                                 Date startDate,
                                                 Date expiryDate)
                                          throws GeneralSecurityException,
                                                 IOException
Build a X509 V3 certificate to use as an issuer (CA) certificate. The certificate does not define OPC UA specific fields, so it cannot be used for an application instance certificate.

Parameters:
publicKey - the public key to use for the certificate
privateKey - the private key corresponding to the publicKey
issuerKeys - the certificate and private key of the certificate issuer: if null a self-signed certificate is created.
commonName - the CommonName to use for the subject of the certificate.
serialNr - a BigInteger object.
startDate - a Date object.
expiryDate - a Date object.
Returns:
a X509Certificate object.
Throws:
GeneralSecurityException - if any.
IOException - if any.

generateCertificate

public static X509Certificate generateCertificate(String domainName,
                                                  PublicKey publicKey,
                                                  PrivateKey privateKey,
                                                  KeyPair issuerKeys,
                                                  Date from,
                                                  Date to,
                                                  BigInteger serial,
                                                  String applicationUri,
                                                  String... hostNames)
                                           throws IOException,
                                                  GeneralSecurityException
Generates a new certificate using the Bouncy Castle implementation.

The method is used from CertificateUtils.createApplicationInstanceCertificate(String, String, String, int, String...) and CertificateUtils.renewApplicationInstanceCertificate(String, String, String, int, org.opcfoundation.ua.transport.security.KeyPair, String...)

Parameters:
domainName - the X500 domain name for the certificate
publicKey - the public key of the cert
privateKey - the private key of the cert
issuerKeys - the certificate and private key of the issuer
from - validity start time
to - validity end time
applicationUri - the OPC UA ApplicationUri of the application - added to SubjectAlternativeName
hostNames - the additional host names to ass to SubjectAlternativeName
serial - a BigInteger object.
Returns:
the generated certificate
Throws:
GeneralSecurityException - if the generation fails
IOException - if the generation fails due to an IO exception

writeToPem

public static void writeToPem(Object key,
                              File savePath,
                              String password,
                              String algorithm)
                       throws IOException

writeToPem.

Parameters:
key - certificate of private key
savePath - a File object.
password - a String object.
algorithm - a String object.
Throws:
FileNotFoundException - if any.
IOException - if any.

base64Decode

public static byte[] base64Decode(String string)

base64Decode.

Parameters:
string - a String object.
Returns:
an array of byte.

base64Encode

public static String base64Encode(byte[] bytes)

base64Encode.

Parameters:
bytes - an array of byte.
Returns:
a String object.

getSubjectAlternativeNames

public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
                                                      throws CertificateParsingException

getSubjectAlternativeNames.

Parameters:
cert - a X509Certificate object.
Returns:
a Collection object.
Throws:
CertificateParsingException - if any.

PKCS5PasswordToBytes

public static byte[] PKCS5PasswordToBytes(char[] password)
Converts a password to a byte array according to the scheme in PKCS5 (ascii, no padding)

Parameters:
password - a character array representing the password.
Returns:
a byte array representing the password.


Copyright © 2018. All rights reserved.