---

Classes

• _global_
• AccessController
• APDU
• AuthenticationObject
• ChipAuthentication
• ChipAuthenticationDomainParameterInfo
• ChipAuthenticationInfo
• ChipAuthenticationPublicKeyInfo
• CommandInterpreter
• CRLGenerator
• CVC
• CVCCA
• CVCertificateStore
• DataUnitAPDU
• DF
• DNEncoder
• EAC20
• EAC2CVCertificateGenerator
• EAC2CVRequestGenerator
• FCP
• File
• FileSelector
• FileSystemIdObject
• FSNode
• GPSCP03
• LinearEF
• P11CVCertificateStore
• PACE
• PACEDomainParameterInfo
• PACEInfo
• PKCS10Generator
• PublicKeyReference
• RAMClient
• RestrictedIdentificationDomainParameterInfo
• RestrictedIdentificationInfo
• SecureChannelHandler
• SecureMessagingCommandAPDUDecoder
• SecurityEnvironment
• SignatureKey
• SmartCardHSM
• SmartCardHSMCrypto
• SmartCardHSMInitializer
• SmartCardHSMKey
• SmartCardHSMKeySpecGenerator
• SmartCardHSMSymmetricKeySpecGenerator
• TransparentEF
• TrustAnchor
• X509CertificateGenerator
• X509CertificateIssuer
• X509CertificateStore
• X509Signer

---

Class X509CertificateStore

Class that abstracts a certificate, request and key store for a X509 PKI.
Defined in: X509CertificateStore.js.

Class Summary

Constructor Attributes	Constructor Name and Description
	X509CertificateStore(DAOFactory) Create an object to access a X509 certificate store.

Method Summary

Method Attributes	Method Name and Description
	deletePrivateKey(pathOrHolderId, name) Remove private key
	deleteRequest(pathOrHolderId, keyId) Remove request
	generateKeyPair(pathOrHolderId, name, algo, prk, puk) Generate key pair
	getCertificateChain(pathOrHolderId) Get certificate chain for given path or holderId
	getCrypto() Return a suitable crypto object.
	getCurrentCertificate(pathOrHolderId) Get current certificate for given path or holderId
	getCurrentCertificateAndSigner(pathOrHolderId) Get current certificate for given path or holderId
	getCurrentKeyIdAndCertificate(pathOrHolderId) Get current key id
	getPrivateKeyByKeyId(pathOrHolderId, keyId) Get a private key in the certificate store
	getPrivateKeyByName(pathOrHolderId, name) Get a private key in the certificate store
	getRequest(pathOrHolderId, keyId) Return request for given keyId
	getSigner(pathOrHolderId, keyId) Get the signer identified by the keyId
	importCertificate(cert, makeCurrent, srId) Import a certificate that can be validated by one of certificates in the database.
	listHolders(pathOrHolderId) List certificate holders for a given PKI element
	newSigner(pathOrHolderId, name, puk, keyblob) Create new signer based on key pair generated externally
<static>	X509CertificateStore.nthElementOf(path, n) Return the n-element of the path
<static>	X509CertificateStore.parentPathOf(path) Strip the last element of the path, effectively defining the parent within the path
	storeCertificate(pathOrHolderId, cert, makeCurrent, srId) Store a certificate in the certificate store
	storeRequest(pathOrHolderId, req) Store a certificate request in the certificate store

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{String} name

the unique name of the signer in the holder context

Returns:

true is deleted

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{ByteString} keyId

the unique keyId of the request in the holder context

Returns:

true is deleted

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{String} name

the unique name of the signer in the holder context

{Number} algo

the key generation algorithm (Crypto.EC or Crypto.RSA)

{Key} prk

the private key template

{Key} puk

the public key template

Returns:

the subject key identifier

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

Returns:

the certificate chain, starting with the current certificate of the holder and ending with the self-signed trust anchor

---

Returns:

the Crypto object

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

Returns:

the current certificate or null if none defined

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

Returns:

the current certificate or null if none defined

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

Returns:

the current key id or null if none defined

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{ByteString} keyId

the unique key identifier

Returns:

the private key or null if not found

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{String} name

the unique name of the signer in the holder context

Returns:

the private key or null if not found

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{ByteString} keyId

the unique keyId of the request in the holder context

Returns:

the request or null

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{ByteString} keyId

the key identifier

Returns:

this Signer object

---

Parameters:

{X509} cert

the certificate

{Boolean} makeCurrent

true if this certificate becomes the current certificate

{Number} srId

service request id to be stored with issued certificate (optional)

Returns:

the Certificate entry from the database or null

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

Returns:

a list of holder ids, possibly empty

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{String} name

the unique name of the signer in the holder context

{Key} puk

the public key

{ByteString} keyblob

the wrapped private key

Returns:

the subject key identifier

---

Parameters:

{String} path

the path to return the last element from

n

Returns:

the last path element or null for the root

---

Parameters:

{String} path

the path to strip the last element from

Returns:

the parent path or null for the root

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{X509} cert

the certificate

{Boolean} makeCurrent

true if this certificate becomes the current certificate

{Number} srId

service request id to be stored with issued certificate (optional)

Returns:

the Certificate entry from the database or null

---

Parameters:

{String/Number} pathOrHolderId

the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1") or the holderId from the database

{PKCS10} req

the request

Returns:

the request's keyId

---