com.r3corda.core.crypto / X509Utilities

X509Utilities

object X509Utilities


Types

CACertAndKey data class CACertAndKey

Helper data class to pass around public certificate and KeyPair entities when using CA certs

Properties

CA_CERT_ALIAS val CA_CERT_ALIAS: String
CERT_PRIVATE_KEY_ALIAS val CERT_PRIVATE_KEY_ALIAS: String
ECDSA_CURVE val ECDSA_CURVE: String
INTERMEDIATE_CA_PRIVATE_KEY_ALIAS val INTERMEDIATE_CA_PRIVATE_KEY_ALIAS: String
KEYSTORE_TYPE val KEYSTORE_TYPE: String
KEY_GENERATION_ALGORITHM val KEY_GENERATION_ALGORITHM: String
ROOT_CA_CERT_PRIVATE_KEY_ALIAS val ROOT_CA_CERT_PRIVATE_KEY_ALIAS: String
SIGNATURE_ALGORITHM val SIGNATURE_ALGORITHM: String

Functions

createCAKeyStoreAndTrustStore fun createCAKeyStoreAndTrustStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, trustStoreFilePath: Path, trustStorePassword: String): KeyStore

All in one wrapper to manufacture a root CA cert and an Intermediate CA cert. Normally this would be run once and then the outputs would be re-used repeatedly to manufacture the server certs
createIntermediateCert fun createIntermediateCert(domain: String, certificateAuthority: CACertAndKey): CACertAndKey

Create a de novo root intermediate X509 v3 CA cert and KeyPair.
createKeystoreForSSL fun createKeystoreForSSL(keyStoreFilePath: Path, storePassword: String, keyPassword: String, caKeyStore: KeyStore, caKeyPassword: String): KeyStore

An all in wrapper to manufacture a server certificate and keys all stored in a KeyStore suitable for running TLS on the local machine
createSelfSignedCACert fun createSelfSignedCACert(domain: String): CACertAndKey

Create a de novo root self-signed X509 v3 CA cert and KeyPair.
createServerCert fun createServerCert(subject: <ERROR CLASS>, publicKey: PublicKey, certificateAuthority: CACertAndKey, subjectAlternativeNameDomains: List<String>, subjectAlternativeNameIps: List<String>): X509Certificate

Create an X509v3 certificate suitable for use in TLS roles.
generateECDSAKeyPairForSSL fun generateECDSAKeyPairForSSL(): KeyPair

Generate a standard curve ECDSA KeyPair suitable for TLS, although the rest of Corda uses newer curves.
getDevX509Name fun getDevX509Name(domain: String): <ERROR CLASS>

Helper method to create Subject field contents
loadCertificateAndKey fun loadCertificateAndKey(keyStore: KeyStore, keyPassword: String, alias: String): CACertAndKey

Helper method to load a Certificate and KeyPair from their KeyStore. The access details should match those of the createCAKeyStoreAndTrustStore call used to manufacture the keys.
loadCertificateFromKeyStore fun loadCertificateFromKeyStore(keyStoreFilePath: Path, storePassword: String, alias: String): X509Certificate

Extract public X509 certificate from a KeyStore file assuming storage alias is know
loadCertificateFromPEMFile fun loadCertificateFromPEMFile(filename: Path): X509Certificate

Helper method to load back a .pem/.cer format file copy of a certificate
loadKeyPairFromKeyStore fun loadKeyPairFromKeyStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, alias: String): KeyPair

Extract public and private keys from a KeyStore file assuming storage alias is know
loadKeyStore fun loadKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStore
fun loadKeyStore(input: InputStream, storePassword: String): KeyStore

Helper method to open an existing keystore for modification/read
loadOrCreateKeyStore fun loadOrCreateKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStore

Helper method to either open an existing keystore for modification, or create a new blank keystore
saveCertificateAsPEMFile fun saveCertificateAsPEMFile(x509Certificate: X509Certificate, filename: Path): Unit

Helper method to store a .pem/.cer format file copy of a certificate if required for import into a PC/Mac, or for inspection
saveKeyStore fun saveKeyStore(keyStore: KeyStore, keyStoreFilePath: Path, storePassword: String): Unit

Helper method save KeyStore to storage