Class CVCCA
Class supporting a certification authority that can issue CVC certificates
for the EAC protocol.
Defined in: CVCCA.js.
Constructor Attributes | Constructor Name and Description |
---|---|
CVCCA(crypto, certstore, path, parentId, path)
Creates a new CVC-CA instance
|
Method Attributes | Method Name and Description |
---|---|
counterSignRequest(req)
Counter-sign a request
|
|
generateCertificate(req, policy)
Generate certificate for certificate request
Certificate contents is defined through the policy object: var policy = { certificateValidityDays: 2, chatRoleOID: new ByteString("id-IS", OID), chatRights: new ByteString("E3", HEX), includeDomainParameter: true, extensions: [] }; |
|
Generate an initial certificate request
|
|
generateRequest(car, forceInitial, signinitial)
Generate a certificate request
|
|
generateRequestHSM(car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key
|
|
generateRequestHSMCP(prov, car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key via EACCryptoProvider
|
|
Generate a signed initial certificate request
|
|
Return authentic public key with domain parameter for a given CHR subordinate to the CA
|
|
getCertificateList(fromCAR)
Returns a list of relevant certificates.
|
|
Return a suitable crypto instance
|
|
getIssuedCertificate(chr)
Return certificate issued by this CA
|
|
getPrivateKey(path, chr)
Return private key handle, either from EACCryptoProvider or Certificate Store
|
|
Returns true if this CA has a certificate.
|
|
importCertificate(cert)
Import a certificate into the certificate store and make it the current certificate
|
|
importCertificates(certs)
Import a list of certificates into the certificate store
|
|
Returns true if this CA is operational.
|
|
isRootCA()
Returns true if this is a root CA
|
|
removePreviouslyUsedKey(previous)
Remove previous key
|
|
setCountryCodeForSequence(countryseq)
Set country code to be included in sequence number of public key reference
|
|
setEACCryptoProviderFactory(eaccp, eaccpid)
Set factory generating EACCryptoProvider for private key operations (create, use, delete)
|
|
setKeySpec(keyparam, algorithm)
Sets the key specification for generating requests
|
|
setRemovePreviousKey(removePreviousKey)
Set flags that controls the removal of the previous key if the certificate for the new key is imported
|
|
storeCertificate(cert)
Store issued certificate
|
Class Detail
CVCCA(crypto, certstore, path, parentId, path)
Creates a new CVC-CA instance
- Parameters:
- {Crypto} crypto
- the crypto provider to use
- {CVCertificateStore} certstore
- the certificate store to use
- {String} path
- the path of holderIDs (eg. "/UTCVCA/UTDVCA/UTTERM")
- parentId
- path
Method Detail
{CVC}
counterSignRequest(req)
Counter-sign a request
- Parameters:
- {CVC} req
- the initial request
- Returns:
- the certificate request
{CVC}
generateCertificate(req, policy)
Generate certificate for certificate request
Certificate contents is defined through the policy object:
var policy = { certificateValidityDays: 2, chatRoleOID: new ByteString("id-IS", OID), chatRights: new ByteString("E3", HEX), includeDomainParameter: true, extensions: [] };
- Parameters:
- {CVC} req
- the certificate request
- {Object} policy
- the object with policy settings
- Returns:
- the certificate
{CVC}
generateInitialRequest(car)
Generate an initial certificate request
- Parameters:
- {PublicKeyReference} car
- the CA at which this request is addressed
- Returns:
- the certificate request
{CVC}
generateRequest(car, forceInitial, signinitial)
Generate a certificate request
- Parameters:
- {PublicKeyReference} car
- the CA at which this request is addressed
- {boolean} forceInitial
- force an initial request, even if a current certificate is available
- {boolean} signinitial
- sign with initial key (sequence = 00000)
- Returns:
- the certificate request
{CVC}
generateRequestHSM(car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key
- Parameters:
- {PublicKeyReference} car
- the CA at which this request is addressed
- {boolean} forceInitial
- force an initial request, even if a current certificate is available
- {boolean} signinitial
- sign with initial key (sequence = 00000)
- Returns:
- the certificate request
{CVC}
generateRequestHSMCP(prov, car, forceInitial, signinitial)
Generate a certificate request using a SmartCard-HSM based private key via EACCryptoProvider
- Parameters:
- {EACCryptoProvider} prov
- the EACCryptoProvider
- {PublicKeyReference} car
- the CA at which this request is addressed
- {boolean} forceInitial
- force an initial request, even if a current certificate is available
- {boolean} signinitial
- sign with initial key (sequence = 00000)
- Returns:
- the certificate request
{CVC}
generateSignedInitialRequest(car)
Generate a signed initial certificate request
- Parameters:
- {PublicKeyReference} car
- the CA at which this request is addressed
- Returns:
- the certificate request
{Key}
getAuthenticPublicKey(chr)
Return authentic public key with domain parameter for a given CHR subordinate to the CA
- Parameters:
- {PublicKeyReference} chr
- the certificate holder reference
- Returns:
- the public key or null
getCertificateList(fromCAR)
Returns a list of relevant certificates.
If the CA is the root CA, then all self-signed and link certificates are returned.
If the CA is a DVCA, then all certificates of the associated root and the current DVCA certificate is returned.
- Parameters:
- {PublicKeyReference} fromCAR
- the optional starting point for the list if not a root CA
getCrypto()
Return a suitable crypto instance
{CVC}
getIssuedCertificate(chr)
Return certificate issued by this CA
- Parameters:
- {PublicKeyReference} chr
- the certificate holder reference
- Returns:
- the certificate or null if not found
getPrivateKey(path, chr)
Return private key handle, either from EACCryptoProvider or Certificate Store
- Parameters:
- path
- chr
{boolean}
hasCertificate()
Returns true if this CA has a certificate.
- Returns:
- true if this CA is operational
importCertificate(cert)
Import a certificate into the certificate store and make it the current certificate
- Parameters:
- {CVC} cert
- the certificate
importCertificates(certs)
Import a list of certificates into the certificate store
- Parameters:
- {CVC[]} certs
- the list of certificates
{boolean}
isOperational()
Returns true if this CA is operational.
- Returns:
- true if this CA is operational
{boolean}
isRootCA()
Returns true if this is a root CA
- Returns:
- true if this is a root CA
removePreviouslyUsedKey(previous)
Remove previous key
- Parameters:
- {PublicKeyReference} previous
- the previously used CHR
setCountryCodeForSequence(countryseq)
Set country code to be included in sequence number of public key reference
- Parameters:
- {String} countryseq
- the two character country code
setEACCryptoProviderFactory(eaccp, eaccpid)
Set factory generating EACCryptoProvider for private key operations (create, use, delete)
- Parameters:
- {EACCryptoProvider} eaccp
- the EAC Crypto Provider for this instance
- {String} eaccpid
- the instance id
setKeySpec(keyparam, algorithm)
Sets the key specification for generating requests
- Parameters:
- {Key} keyparam
- a key object containing key parameters (e.g. EC Curve)
- {ByteString} algorithm
- the terminal authentication algorithm object identifier
setRemovePreviousKey(removePreviousKey)
Set flags that controls the removal of the previous key if the certificate for the new key is imported
- Parameters:
- {boolean} removePreviousKey
- true to remove, false to keep
storeCertificate(cert)
Store issued certificate
- Parameters:
- {CVC} cert
- a newly issued certificate