Class Index | File Index

Classes


Class CVCCA

Class supporting a certification authority that can issue CVC certificates for the EAC protocol.
Defined in: CVCCA.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
CVCCA(crypto, certstore, path, parentId, path)
Creates a new CVC-CA instance
Method Summary
Method Attributes Method Name and Description
 
Counter-sign a request
 
generateCertificate(req, policy)
Generate certificate for certificate request

Certificate contents is defined through the policy object:

 	var policy = { certificateValidityDays: 2,
				   chatRoleOID: new ByteString("id-IS", OID),
				   chatRights: new ByteString("E3", HEX),
				   includeDomainParameter: true,
				   extensions: []
				 };
 
Generate an initial certificate request
 
generateRequest(car, forceInitial, signinitial)
Generate a certificate request
 
generateRequestHSM(car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key
 
generateRequestHSMCP(prov, car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key via EACCryptoProvider
 
Generate a signed initial certificate request
 
Return authentic public key with domain parameter for a given CHR subordinate to the CA
 
Returns a list of relevant certificates.
 
Return a suitable crypto instance
 
Return certificate issued by this CA
 
getPrivateKey(path, chr)
Return private key handle, either from EACCryptoProvider or Certificate Store
 
Returns true if this CA has a certificate.
 
Import a certificate into the certificate store and make it the current certificate
 
Import a list of certificates into the certificate store
 
Returns true if this CA is operational.
 
Returns true if this is a root CA
 
Remove previous key
 
Set country code to be included in sequence number of public key reference
 
Set factory generating EACCryptoProvider for private key operations (create, use, delete)
 
setKeySpec(keyparam, algorithm)
Sets the key specification for generating requests
 
setRemovePreviousKey(removePreviousKey)
Set flags that controls the removal of the previous key if the certificate for the new key is imported
 
Store issued certificate
Class Detail
CVCCA(crypto, certstore, path, parentId, path)
Creates a new CVC-CA instance
Parameters:
{Crypto} crypto
the crypto provider to use
{CVCertificateStore} certstore
the certificate store to use
{String} path
the path of holderIDs (eg. "/UTCVCA/UTDVCA/UTTERM")
parentId
path
Method Detail
{CVC} counterSignRequest(req)
Counter-sign a request
Parameters:
{CVC} req
the initial request
Returns:
the certificate request

{CVC} generateCertificate(req, policy)
Generate certificate for certificate request

Certificate contents is defined through the policy object:

 	var policy = { certificateValidityDays: 2,
				   chatRoleOID: new ByteString("id-IS", OID),
				   chatRights: new ByteString("E3", HEX),
				   includeDomainParameter: true,
				   extensions: []
				 };
Parameters:
{CVC} req
the certificate request
{Object} policy
the object with policy settings
Returns:
the certificate

{CVC} generateInitialRequest(car)
Generate an initial certificate request
Parameters:
{PublicKeyReference} car
the CA at which this request is addressed
Returns:
the certificate request

{CVC} generateRequest(car, forceInitial, signinitial)
Generate a certificate request
Parameters:
{PublicKeyReference} car
the CA at which this request is addressed
{boolean} forceInitial
force an initial request, even if a current certificate is available
{boolean} signinitial
sign with initial key (sequence = 00000)
Returns:
the certificate request

{CVC} generateRequestHSM(car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key
Parameters:
{PublicKeyReference} car
the CA at which this request is addressed
{boolean} forceInitial
force an initial request, even if a current certificate is available
{boolean} signinitial
sign with initial key (sequence = 00000)
Returns:
the certificate request

{CVC} generateRequestHSMCP(prov, car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key via EACCryptoProvider
Parameters:
{EACCryptoProvider} prov
the EACCryptoProvider
{PublicKeyReference} car
the CA at which this request is addressed
{boolean} forceInitial
force an initial request, even if a current certificate is available
{boolean} signinitial
sign with initial key (sequence = 00000)
Returns:
the certificate request

{CVC} generateSignedInitialRequest(car)
Generate a signed initial certificate request
Parameters:
{PublicKeyReference} car
the CA at which this request is addressed
Returns:
the certificate request

{Key} getAuthenticPublicKey(chr)
Return authentic public key with domain parameter for a given CHR subordinate to the CA
Parameters:
{PublicKeyReference} chr
the certificate holder reference
Returns:
the public key or null

getCertificateList(fromCAR)
Returns a list of relevant certificates.

If the CA is the root CA, then all self-signed and link certificates are returned.

If the CA is a DVCA, then all certificates of the associated root and the current DVCA certificate is returned.

Parameters:
{PublicKeyReference} fromCAR
the optional starting point for the list if not a root CA

getCrypto()
Return a suitable crypto instance

{CVC} getIssuedCertificate(chr)
Return certificate issued by this CA
Parameters:
{PublicKeyReference} chr
the certificate holder reference
Returns:
the certificate or null if not found

getPrivateKey(path, chr)
Return private key handle, either from EACCryptoProvider or Certificate Store
Parameters:
path
chr

{boolean} hasCertificate()
Returns true if this CA has a certificate.
Returns:
true if this CA is operational

importCertificate(cert)
Import a certificate into the certificate store and make it the current certificate
Parameters:
{CVC} cert
the certificate

importCertificates(certs)
Import a list of certificates into the certificate store
Parameters:
{CVC[]} certs
the list of certificates

{boolean} isOperational()
Returns true if this CA is operational.
Returns:
true if this CA is operational

{boolean} isRootCA()
Returns true if this is a root CA
Returns:
true if this is a root CA

removePreviouslyUsedKey(previous)
Remove previous key
Parameters:
{PublicKeyReference} previous
the previously used CHR

setCountryCodeForSequence(countryseq)
Set country code to be included in sequence number of public key reference
Parameters:
{String} countryseq
the two character country code

setEACCryptoProviderFactory(eaccp, eaccpid)
Set factory generating EACCryptoProvider for private key operations (create, use, delete)
Parameters:
{EACCryptoProvider} eaccp
the EAC Crypto Provider for this instance
{String} eaccpid
the instance id

setKeySpec(keyparam, algorithm)
Sets the key specification for generating requests
Parameters:
{Key} keyparam
a key object containing key parameters (e.g. EC Curve)
{ByteString} algorithm
the terminal authentication algorithm object identifier

setRemovePreviousKey(removePreviousKey)
Set flags that controls the removal of the previous key if the certificate for the new key is imported
Parameters:
{boolean} removePreviousKey
true to remove, false to keep

storeCertificate(cert)
Store issued certificate
Parameters:
{CVC} cert
a newly issued certificate

Documentation generated by JsDoc Toolkit 2.4.0 on Fri Feb 16 2024 18:38:12 GMT+0100 (CET)