object X509Utilities
| CACertAndKey |
data class CACertAndKey
Helper data class to pass around public certificate and KeyPair entities when using CA certs. |
| CORDA_CLIENT_CA |
val CORDA_CLIENT_CA: String |
| CORDA_CLIENT_CA_PRIVATE_KEY |
val CORDA_CLIENT_CA_PRIVATE_KEY: String |
| CORDA_INTERMEDIATE_CA |
val CORDA_INTERMEDIATE_CA: String |
| CORDA_INTERMEDIATE_CA_PRIVATE_KEY |
val CORDA_INTERMEDIATE_CA_PRIVATE_KEY: String |
| CORDA_ROOT_CA |
val CORDA_ROOT_CA: String |
| CORDA_ROOT_CA_PRIVATE_KEY |
val CORDA_ROOT_CA_PRIVATE_KEY: String |
| ECDSA_CURVE |
val ECDSA_CURVE: String |
| KEYSTORE_TYPE |
val KEYSTORE_TYPE: String |
| KEY_GENERATION_ALGORITHM |
val KEY_GENERATION_ALGORITHM: String |
| SIGNATURE_ALGORITHM |
val SIGNATURE_ALGORITHM: String |
| addOrReplaceCertificate |
fun KeyStore.addOrReplaceCertificate(alias: String, cert: Certificate): Unit
Helper extension method to add, or overwrite any public certificate data in store |
| addOrReplaceKey |
fun KeyStore.addOrReplaceKey(alias: String, key: Key, password: CharArray, chain: Array<Certificate>): Unit
Helper extension method to add, or overwrite any key data in store |
| createCAKeyStoreAndTrustStore |
fun createCAKeyStoreAndTrustStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, trustStoreFilePath: Path, trustStorePassword: String): KeyStore
All in one wrapper to manufacture a root CA cert and an Intermediate CA cert. Normally this would be run once and then the outputs would be re-used repeatedly to manufacture the server certs |
| createCertificateSigningRequest |
fun createCertificateSigningRequest(myLegalName: String, nearestCity: String, email: String, keyPair: KeyPair): PKCS10CertificationRequest
Create certificate signing request using provided information. |
| createIntermediateCert |
fun createIntermediateCert(domain: String, certificateAuthority: CACertAndKey): CACertAndKey
Create a de novo root intermediate X509 v3 CA cert and KeyPair. |
| createKeystoreForSSL |
fun createKeystoreForSSL(keyStoreFilePath: Path, storePassword: String, keyPassword: String, caKeyStore: KeyStore, caKeyPassword: String, commonName: String): KeyStore
An all in wrapper to manufacture a server certificate and keys all stored in a KeyStore suitable for running TLS on the local machine |
| createSelfSignedCACert |
fun createSelfSignedCACert(myLegalName: String): CACertAndKey
Create a de novo root self-signed X509 v3 CA cert and KeyPair. |
| createServerCert |
fun createServerCert(subject: X500Name, publicKey: PublicKey, certificateAuthority: CACertAndKey, subjectAlternativeNameDomains: List<String>, subjectAlternativeNameIps: List<String>): X509Certificate
Create an X509v3 certificate suitable for use in TLS roles. |
| generateECDSAKeyPairForSSL |
fun generateECDSAKeyPairForSSL(): KeyPair
Generate a standard curve ECDSA KeyPair suitable for TLS, although the rest of Corda uses newer curves. |
| getDevX509Name |
fun getDevX509Name(commonName: String): X500Name
Return a bogus X509 for dev purposes. Use getX509Name for something more real. |
| getX509Name |
fun getX509Name(myLegalName: String, nearestCity: String, email: String): X500Name |
| loadCertificateAndKey |
fun loadCertificateAndKey(keyStore: KeyStore, keyPassword: String, alias: String): CACertAndKey
Helper method to load a Certificate and KeyPair from their KeyStore. The access details should match those of the createCAKeyStoreAndTrustStore call used to manufacture the keys. |
| loadCertificateFromKeyStore |
fun loadCertificateFromKeyStore(keyStoreFilePath: Path, storePassword: String, alias: String): X509Certificate
Extract public X509 certificate from a KeyStore file assuming storage alias is know |
| loadCertificateFromPEMFile |
fun loadCertificateFromPEMFile(filename: Path): X509Certificate
Helper method to load back a .pem/.cer format file copy of a certificate |
| loadKeyPairFromKeyStore |
fun loadKeyPairFromKeyStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, alias: String): KeyPair
Extract public and private keys from a KeyStore file assuming storage alias is known. |
| loadKeyStore |
fun loadKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStorefun loadKeyStore(input: InputStream, storePassword: String): KeyStore
Helper method to open an existing keystore for modification/read |
| loadOrCreateKeyPairFromKeyStore |
fun loadOrCreateKeyPairFromKeyStore(keyStoreFilePath: Path, storePassword: String, keyPassword: String, alias: String, keyGenerator: () -> CACertAndKey): KeyPair
Extract public and private keys from a KeyStore file assuming storage alias is known, or create a new pair of keys using the provided function if the keys not exist. |
| loadOrCreateKeyStore |
fun loadOrCreateKeyStore(keyStoreFilePath: Path, storePassword: String): KeyStore
Helper method to either open an existing keystore for modification, or create a new blank keystore. |
| saveCertificateAsPEMFile |
fun saveCertificateAsPEMFile(x509Certificate: X509Certificate, filename: Path): Unit
Helper method to store a .pem/.cer format file copy of a certificate if required for import into a PC/Mac, or for inspection |
| saveKeyStore |
fun saveKeyStore(keyStore: KeyStore, keyStoreFilePath: Path, storePassword: String): Unit
Helper method save KeyStore to storage |