object X509Utilities| CACertAndKey |
data class CACertAndKeyHelper data class to pass around public certificate and KeyPair entities when using CA certs. |
| CORDA_CLIENT_CA |
val CORDA_CLIENT_CA: String |
| CORDA_CLIENT_CA_PRIVATE_KEY |
val CORDA_CLIENT_CA_PRIVATE_KEY: String |
| CORDA_INTERMEDIATE_CA |
val CORDA_INTERMEDIATE_CA: String |
| CORDA_INTERMEDIATE_CA_PRIVATE_KEY |
val CORDA_INTERMEDIATE_CA_PRIVATE_KEY: String |
| CORDA_ROOT_CA |
val CORDA_ROOT_CA: String |
| CORDA_ROOT_CA_PRIVATE_KEY |
val CORDA_ROOT_CA_PRIVATE_KEY: String |
| ECDSA_CURVE |
val ECDSA_CURVE: String |
| KEYSTORE_TYPE |
val KEYSTORE_TYPE: String |
| KEY_GENERATION_ALGORITHM |
val KEY_GENERATION_ALGORITHM: String |
| SIGNATURE_ALGORITHM |
val SIGNATURE_ALGORITHM: String |
| addOrReplaceCertificate |
fun KeyStore.addOrReplaceCertificate(alias: String, cert: Certificate): UnitHelper extension method to add, or overwrite any public certificate data in store |
| addOrReplaceKey |
fun KeyStore.addOrReplaceKey(alias: String, key: Key, password: CharArray, chain: Array<Certificate>): UnitHelper extension method to add, or overwrite any key data in store |
| createCAKeyStoreAndTrustStore |
fun createCAKeyStoreAndTrustStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, trustStoreFilePath: Path, trustStorePassword: String): KeyStoreAll in one wrapper to manufacture a root CA cert and an Intermediate CA cert. Normally this would be run once and then the outputs would be re-used repeatedly to manufacture the server certs |
| createCertificateSigningRequest |
fun createCertificateSigningRequest(myLegalName: String, nearestCity: String, email: String, keyPair: KeyPair): <ERROR CLASS>Create certificate signing request using provided information. |
| createIntermediateCert |
fun createIntermediateCert(domain: String, certificateAuthority: CACertAndKey): CACertAndKeyCreate a de novo root intermediate X509 v3 CA cert and KeyPair. |
| createKeystoreForSSL |
fun createKeystoreForSSL(keyStoreFilePath: Path, storePassword: String, keyPassword: String, caKeyStore: KeyStore, caKeyPassword: String): KeyStoreAn all in wrapper to manufacture a server certificate and keys all stored in a KeyStore suitable for running TLS on the local machine |
| createSelfSignedCACert |
fun createSelfSignedCACert(myLegalName: String): CACertAndKeyCreate a de novo root self-signed X509 v3 CA cert and KeyPair. |
| createServerCert |
fun createServerCert(subject: <ERROR CLASS>, publicKey: PublicKey, certificateAuthority: CACertAndKey, subjectAlternativeNameDomains: List<String>, subjectAlternativeNameIps: List<String>): X509CertificateCreate an X509v3 certificate suitable for use in TLS roles. |
| generateECDSAKeyPairForSSL |
fun generateECDSAKeyPairForSSL(): KeyPairGenerate a standard curve ECDSA KeyPair suitable for TLS, although the rest of Corda uses newer curves. |
| getDevX509Name |
fun getDevX509Name(domain: String): <ERROR CLASS>Helper method to create Subject field contents |
| getX509Name |
fun getX509Name(myLegalName: String, nearestCity: String, email: String): <ERROR CLASS> |
| loadCertificateAndKey |
fun loadCertificateAndKey(keyStore: KeyStore, keyPassword: String, alias: String): CACertAndKeyHelper method to load a Certificate and KeyPair from their KeyStore. The access details should match those of the createCAKeyStoreAndTrustStore call used to manufacture the keys. |
| loadCertificateFromKeyStore |
fun loadCertificateFromKeyStore(keyStoreFilePath: Path, storePassword: String, alias: String): X509CertificateExtract public X509 certificate from a KeyStore file assuming storage alias is know |
| loadCertificateFromPEMFile |
fun loadCertificateFromPEMFile(filename: Path): X509CertificateHelper method to load back a .pem/.cer format file copy of a certificate |
| loadKeyPairFromKeyStore |
fun loadKeyPairFromKeyStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, alias: String): KeyPairExtract public and private keys from a KeyStore file assuming storage alias is known. |
| loadKeyStore |
fun loadKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStorefun loadKeyStore(input: InputStream, storePassword: String): KeyStoreHelper method to open an existing keystore for modification/read |
| loadOrCreateKeyPairFromKeyStore |
fun loadOrCreateKeyPairFromKeyStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, alias: String, keyGenerator: () -> CACertAndKey): KeyPairExtract public and private keys from a KeyStore file assuming storage alias is known, or create a new pair of keys using the provided function if the keys not exist. |
| loadOrCreateKeyStore |
fun loadOrCreateKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStoreHelper method to either open an existing keystore for modification, or create a new blank keystore. |
| saveCertificateAsPEMFile |
fun saveCertificateAsPEMFile(x509Certificate: X509Certificate, filename: Path): UnitHelper method to store a .pem/.cer format file copy of a certificate if required for import into a PC/Mac, or for inspection |
| saveKeyStore |
fun saveKeyStore(keyStore: KeyStore, keyStoreFilePath: Path, storePassword: String): UnitHelper method save KeyStore to storage |