com.ibm.security.certclient
Class PkEeCertReqFactory

java.lang.Object
  extended by com.ibm.security.certclient.PkEeFactory
      extended by com.ibm.security.certclient.PkEeCertReqFactory

public final class PkEeCertReqFactory
extends PkEeFactory

Produce an initial certificate request transaction. This requires an initial authentication key to be provided to allow the CA to check the validity of the request.


Field Summary
 
Fields inherited from class com.ibm.security.certclient.PkEeFactory
CA_DN, caDn, caPort, cmpEvntFmt, keystoreFilename, keystorePwd, keyStoreType, provider
 
Method Summary
static PkEeCertReqTransaction newCertRequest(int keySize, String subject, int numValidDays, boolean useRSA, boolean useShortSubjectKId, List<String> subjectAltNames, List<String> kUsage, List<String> extkUsage, String iaFile, String revoPwd, String dn)
          Initialise a certificate request to the supplied CA.
static PkEeCertReqTransaction newCertRequest(int keySize, String subject, int numValidDays, boolean useRSA, boolean useShortSubjectKId, List<String> subjectAltNames, List<String> kUsage, List<String> extkUsage, String iaFile, String revoPwd, String dn, KeyPair keyPair)
          Initialise a certificate request to the supplied CA.
static PkEeCertReqTransaction newCertRequest(String subject, String iaFile, String revoPwd, String dn)
          Initialises a certificate request to the supplied CA.
 
Methods inherited from class com.ibm.security.certclient.PkEeFactory
getCA_DN, getCaDn, getCaPort, getCmpFmt, getKeystoreFilename, getKeyStoreType, getProvider, setCA_DN, setCaDn, setCaPort, setKeystoreFilename, setKeystorePwd, setKeyStoreType, setProvider
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

newCertRequest

public static PkEeCertReqTransaction newCertRequest(int keySize,
                                                    String subject,
                                                    int numValidDays,
                                                    boolean useRSA,
                                                    boolean useShortSubjectKId,
                                                    List<String> subjectAltNames,
                                                    List<String> kUsage,
                                                    List<String> extkUsage,
                                                    String iaFile,
                                                    String revoPwd,
                                                    String dn)
                                             throws com.ibm.security.certclient.base.PkException
Initialise a certificate request to the supplied CA. The request is ready to action.

Parameters:
keySize - size of key.
subject - The Relative DN for the subject. It will be prepended to the value of parameter dn to create the subject DN.
numValidDays - period of certificate validity. Will be measured from current date.
useRSA - if true create RSA key else create with DSA key
useShortSubjectKId - if true use short form of Subject Key Id else use long form
subjectAltNames - (optional)List of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
    kUsage - (optional)List of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extkUsage - (optional)List of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    iaFile - initial authorisation file containing initial reference number and passphrase on consecutive lines
    revoPwd - password to be used when revoking this certificate after it has been signed
    dn - domain name for certificate request. If null, value of PkEeFactory CA_DN will be used.
    Throws:
    com.ibm.security.certclient.base.PkException - Parameter error

  • newCertRequest

    public static PkEeCertReqTransaction newCertRequest(int keySize,
                                                        String subject,
                                                        int numValidDays,
                                                        boolean useRSA,
                                                        boolean useShortSubjectKId,
                                                        List<String> subjectAltNames,
                                                        List<String> kUsage,
                                                        List<String> extkUsage,
                                                        String iaFile,
                                                        String revoPwd,
                                                        String dn,
                                                        KeyPair keyPair)
                                                 throws com.ibm.security.certclient.base.PkException
    Initialise a certificate request to the supplied CA. The request is ready to action.

    Parameters:
    keySize - size of key. Not used if keyPair is provided.
    subject - The Relative DN for the subject. It will be prepended to the value of parameter dn to create the subject DN.
    numValidDays - period of certificate validity. Will be measured from current date.
    useRSA - if true create RSA key else create with DSA key Not used if keyPair is provided.
    useShortSubjectKId - if true use short form of Subject Key Id else use long form
    subjectAltNames - (optional)List of subject alternate names. Specify null to indicate that no value is being specified.
  • 0. email email address for the subject , e.g. newUser@us.ibm.com
  • 1. dnsName domain name server name. Name is not case sensitive. e.g host.domain
  • 2. uri universal resource identifier ,e.g http://www.tivoli.com, ftp://www.ibm.com/
  • 3. ipaddress ipaddress for the subject , e.g. 127.0.0.1
    kUsage - (optional)List of Key Usage strings. Acceptable values are- "digital_signature" "non_repudiation" "key_encipherment" "data_encipherment" "encipher_only" "decipher_only"
    extkUsage - (optional)List of Extended Key Usage strings. Acceptable values are- "ServerAuth_Id" "ClientAuth_Id" "CodeSigning_Id" "EmailProtection_Id" "IPSecEndSystem_Id" "IPSecTunnel_Id" "IPSecUser_Id" "TimeStamping_Id"
    iaFile - initial authorisation file containing initial reference number and passphrase on consecutive lines
    revoPwd - password to be used when revoking this certificate after it has been signed
    dn - domain name for certificate request. If null, value of PkEeFactory CA_DN will be used.
    keyPair - keyPair to use for Public/Private Key
    Throws:
    com.ibm.security.certclient.base.PkException - Parameter error

  • newCertRequest

    public static PkEeCertReqTransaction newCertRequest(String subject,
                                                        String iaFile,
                                                        String revoPwd,
                                                        String dn)
                                                 throws com.ibm.security.certclient.base.PkException
    Initialises a certificate request to the supplied CA. The request is ready to action but will have the following default values keySize = 1024 numValidDays = 365 keyType = RSA SubjectKeyId algorithm is RFC 3280 Long Form SubjectAlternateNames = none KeyUsage = none ExtendedKeyUsage = none

    Parameters:
    subject - The Relative DN for the subject. It will be prepended to the value of parameter dn to create the subject DN.
    iaFile - initial authorisation file containing reference number and passphrase on consecutive lines
    revoPwd - password to be used when revoking this certificate after it has been signed
    dn - domain name for certificate request. If null, value of PkEeFactory CA_DN will be used.
    Throws:
    com.ibm.security.certclient.base.PkException - Parameter error