Class X509CertificateStore
Class that abstracts a certificate, request and key store for a X509 PKI.
Defined in: X509CertificateStore.js.
Constructor Attributes | Constructor Name and Description |
---|---|
X509CertificateStore(DAOFactory)
Create an object to access a X509 certificate store.
|
Method Attributes | Method Name and Description |
---|---|
deletePrivateKey(pathOrHolderId, name)
Remove private key
|
|
deleteRequest(pathOrHolderId, keyId)
Remove request
|
|
generateKeyPair(pathOrHolderId, name, algo, prk, puk)
Generate key pair
|
|
getCertificateChain(pathOrHolderId)
Get certificate chain for given path or holderId
|
|
Return a suitable crypto object.
|
|
getCurrentCertificate(pathOrHolderId)
Get current certificate for given path or holderId
|
|
getCurrentCertificateAndSigner(pathOrHolderId)
Get current certificate for given path or holderId
|
|
getCurrentKeyIdAndCertificate(pathOrHolderId)
Get current key id
|
|
getPrivateKeyByKeyId(pathOrHolderId, keyId)
Get a private key in the certificate store
|
|
getPrivateKeyByName(pathOrHolderId, name)
Get a private key in the certificate store
|
|
getRequest(pathOrHolderId, keyId)
Return request for given keyId
|
|
getSigner(pathOrHolderId, keyId)
Get the signer identified by the keyId
|
|
importCertificate(cert, makeCurrent, srId)
Import a certificate that can be validated by one of certificates in the database.
|
|
listHolders(pathOrHolderId)
List certificate holders for a given PKI element
|
|
newSigner(pathOrHolderId, name, puk, keyblob)
Create new signer based on key pair generated externally
|
|
<static> |
X509CertificateStore.nthElementOf(path, n)
Return the n-element of the path
|
<static> |
X509CertificateStore.parentPathOf(path)
Strip the last element of the path, effectively defining the parent within the path
|
storeCertificate(pathOrHolderId, cert, makeCurrent, srId)
Store a certificate in the certificate store
|
|
storeRequest(pathOrHolderId, req)
Store a certificate request in the certificate store
|
Class Detail
X509CertificateStore(DAOFactory)
Create an object to access a X509 certificate store.
- Parameters:
- {DAOFactory} DAOFactory
- the factory that can create data access objects for persistent information
Method Detail
{boolean}
deletePrivateKey(pathOrHolderId, name)
Remove private key
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {String} name
- the unique name of the signer in the holder context
- Returns:
- true is deleted
{boolean}
deleteRequest(pathOrHolderId, keyId)
Remove request
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {ByteString} keyId
- the unique keyId of the request in the holder context
- Returns:
- true is deleted
{ByteString}
generateKeyPair(pathOrHolderId, name, algo, prk, puk)
Generate key pair
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {String} name
- the unique name of the signer in the holder context
- {Number} algo
- the key generation algorithm (Crypto.EC or Crypto.RSA)
- {Key} prk
- the private key template
- {Key} puk
- the public key template
- Returns:
- the subject key identifier
{X509[]}
getCertificateChain(pathOrHolderId)
Get certificate chain for given path or holderId
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- Returns:
- the certificate chain, starting with the current certificate of the holder and ending with the self-signed trust anchor
{Crypto}
getCrypto()
Return a suitable crypto object. This may be overwritten by derived classes
- Returns:
- the Crypto object
{X509}
getCurrentCertificate(pathOrHolderId)
Get current certificate for given path or holderId
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- Returns:
- the current certificate or null if none defined
{X509}
getCurrentCertificateAndSigner(pathOrHolderId)
Get current certificate for given path or holderId
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- Returns:
- the current certificate or null if none defined
{ByteString}
getCurrentKeyIdAndCertificate(pathOrHolderId)
Get current key id
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- Returns:
- the current key id or null if none defined
{Key}
getPrivateKeyByKeyId(pathOrHolderId, keyId)
Get a private key in the certificate store
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {ByteString} keyId
- the unique key identifier
- Returns:
- the private key or null if not found
{Key}
getPrivateKeyByName(pathOrHolderId, name)
Get a private key in the certificate store
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {String} name
- the unique name of the signer in the holder context
- Returns:
- the private key or null if not found
{PKCS10}
getRequest(pathOrHolderId, keyId)
Return request for given keyId
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {ByteString} keyId
- the unique keyId of the request in the holder context
- Returns:
- the request or null
{Signer}
getSigner(pathOrHolderId, keyId)
Get the signer identified by the keyId
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {ByteString} keyId
- the key identifier
- Returns:
- this Signer object
{Certificate}
importCertificate(cert, makeCurrent, srId)
Import a certificate that can be validated by one of certificates in the database.
- Parameters:
- {X509} cert
- the certificate
- {Boolean} makeCurrent
- true if this certificate becomes the current certificate
- {Number} srId
- service request id to be stored with issued certificate (optional)
- Returns:
- the Certificate entry from the database or null
{String[]}
listHolders(pathOrHolderId)
List certificate holders for a given PKI element
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- Returns:
- a list of holder ids, possibly empty
{ByteString}
newSigner(pathOrHolderId, name, puk, keyblob)
Create new signer based on key pair generated externally
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {String} name
- the unique name of the signer in the holder context
- {Key} puk
- the public key
- {ByteString} keyblob
- the wrapped private key
- Returns:
- the subject key identifier
<static>
{String}
X509CertificateStore.nthElementOf(path, n)
Return the n-element of the path
- Parameters:
- {String} path
- the path to return the last element from
- n
- Returns:
- the last path element or null for the root
<static>
{String}
X509CertificateStore.parentPathOf(path)
Strip the last element of the path, effectively defining the parent within the path
- Parameters:
- {String} path
- the path to strip the last element from
- Returns:
- the parent path or null for the root
{Certificate}
storeCertificate(pathOrHolderId, cert, makeCurrent, srId)
Store a certificate in the certificate store
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {X509} cert
- the certificate
- {Boolean} makeCurrent
- true if this certificate becomes the current certificate
- {Number} srId
- service request id to be stored with issued certificate (optional)
- Returns:
- the Certificate entry from the database or null
{ByteString}
storeRequest(pathOrHolderId, req)
Store a certificate request in the certificate store
- Parameters:
- {String/Number} pathOrHolderId
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database
- {PKCS10} req
- the request
- Returns:
- the request's keyId