Class X509Signer
Class implementing a signer backed by a X.509 certificate
Defined in: X509Signer.js.
Constructor Attributes | Constructor Name and Description |
---|---|
X509Signer(daof, cpf, holder)
Create a signer based on a X.509 certificate
|
Method Attributes | Method Name and Description |
---|---|
<static> |
X509Signer.createSigner(daof, pathOrHolderId, certtype, template)
Create a new signer
|
Determine subject distinguished name for new signer
|
|
Determine signer name for newly generated signer
|
|
Return the holder from the holder database for this element
|
|
Return the holderId from the holder database for this element
|
|
getRequest(keyId)
Get request for the given subject key identifier
|
|
getRequestBinary(keyId)
Get request for the given subject key identifier
|
|
Determine the key usage for the request
|
|
Return the signer from the signer database for this element
|
|
Return the signer's certificate
|
|
newSigner(name, template)
Create a new signer key pair
|
|
Parse the policy from the signer's values object
|
|
setPolicy(crldp)
Set policy for signer object.
|
|
storeCertificate(cert, makeCurrent, keyId, srId)
Store a certificate issued for this signer
|
|
storeCertificateForHolder(cert, makeCurrent, keyId, srId, srId)
Store a certificate issued for a certain holder
|
Class Detail
X509Signer(daof, cpf, holder)
Create a signer based on a X.509 certificate
- Parameters:
- {DAOFactory} daof
- the factory that can create the required data access objects
- {CryptoProviderFactory} cpf
- factory implementing getCryptoProvider() used to get access to crypto providers
- {Holder} holder
- the holder object for this signer
Method Detail
<static>
{Number}
X509Signer.createSigner(daof, pathOrHolderId, certtype, template)
Create a new signer
- Parameters:
- {DAOFactory} daof
- the factory that can create the required data access objects
- {String/Number} pathOrHolderId
- the path of holderIDs (eg. "/UTCVCA/UTDVCA/UTTERM") or the holderId from the database
- {Number} certtype
- optional argument, default Holder.X509
- {Object} template
- template for database entry
- Returns:
- the newly created holder id
{String}
determineDistinguishedName(name)
Determine subject distinguished name for new signer
- Parameters:
- {String} name
- Returns:
- the distringuished name for the new signer
{String}
determineSignerName()
Determine signer name for newly generated signer
- Returns:
- the unique name
{Number}
getHolder()
Return the holder from the holder database for this element
- Returns:
- the holderId
{Number}
getHolderId()
Return the holderId from the holder database for this element
- Returns:
- the holderId
{PKCS10}
getRequest(keyId)
Get request for the given subject key identifier
- Parameters:
- {ByteString} keyId
- the subject key identifier
- Returns:
- the PKCS10 request
{ByteString}
getRequestBinary(keyId)
Get request for the given subject key identifier
- Parameters:
- {ByteString} keyId
- the subject key identifier
- Returns:
- the raw request
{Number}
getRequestKeyUsage()
Determine the key usage for the request
- Returns:
- the key usage defined in PKIXCommon
{Signer}
getSigner()
Return the signer from the signer database for this element
- Returns:
- the signer value object or null
{X509}
getSignerCertificate()
Return the signer's certificate
- Returns:
- the signer's certificate
{ByteString}
newSigner(name, template)
Create a new signer key pair
- Parameters:
- {String} name
- the signer name
- template
- Returns:
- the subject key identifier
{Object}
parsePolicyFromSigner()
Parse the policy from the signer's values object
- Returns:
- the policy
setPolicy(crldp)
Set policy for signer object.
The policy object shall contain the following properties
- distinguishedName - The distinguishedName object as defined in PKIXCommon.encodeName()
- keySpecification - A Key object initialized with the key parameter.
- signatureAlgorithm - A ByteString encoding the object identifier for the signature algorithm
- validityDaysSelfSigned - Number of days the self-signed certificate is valid
- validityDays - Number of days the issued certificate is valid
- pathLenConstraint - Number of subordinate CAs
- requestFormat - "pkcs10" or "sc-hsm"
- overwriteKey - Set to true to overwrite a key with the same label
- Parameters:
- {String} crldp
- the URL of the distribution point
- See:
- PKIXCommon.encodeName()
storeCertificate(cert, makeCurrent, keyId, srId)
Store a certificate issued for this signer
- Parameters:
- {X509} cert
- the certificate
- {Boolean} makeCurrent
- true if this certificate becomes the current certificate
- {ByteString} keyId
- the key id that links this certificate to the signer (usually the subjectKeyIdentifier)
- {Number} srId
- service request id
{Number}
storeCertificateForHolder(cert, makeCurrent, keyId, srId, srId)
Store a certificate issued for a certain holder
- Parameters:
- {X509} cert
- the certificate
- {Boolean} makeCurrent
- true if this certificate becomes the current certificate
- {ByteString} keyId
- the key id that links this certificate to the signer (usually the subjectKeyIdentifier)
- {Number} srId
- service request id
- srId
- Returns:
- the database id of the certificate