org.keycloak.common.util.CertificateUtils 連携図

静的公開メンバ関数
static X509Certificate	generateV3Certificate (KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception

static X509Certificate	generateV1SelfSignedCertificate (KeyPair caKeyPair, String subject)

static X509Certificate	generateV1SelfSignedCertificate (KeyPair caKeyPair, String subject, BigInteger serialNumber)

static ContentSigner	createSigner (PrivateKey privateKey)

静的関数
	[static initializer]

詳解

The Class CertificateUtils provides utility functions for generation of V1 and V3 java.security.cert.X509Certificate

著者: Bill Burke; Giriraj Sharma

バージョン

Revision: 2

関数詳解

◆ [static initializer]()

org.keycloak.common.util.CertificateUtils.[static initializer] ( )

inlinestaticpackage

◆ createSigner()

static ContentSigner org.keycloak.common.util.CertificateUtils.createSigner ( PrivateKey privateKey )

inlinestatic

Creates the content signer for generation of Version 1 java.security.cert.X509Certificate.

引数

privateKey the private key

戻り値: the content signer

                                                                     {
         try {
             AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
             AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
 
             return new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
                     .build(PrivateKeyFactory.createKey(privateKey.getEncoded()));
         } catch (Exception e) {
             throw new RuntimeException("Could not create content signer.", e);
         }
     }

◆ generateV1SelfSignedCertificate() [1/2]

static X509Certificate org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate	(	KeyPair	caKeyPair,
		String	subject
	)

inlinestatic

Generate version 1 self signed java.security.cert.X509Certificate..

引数

caKeyPair	the CA key pair
subject	the subject name

戻り値: the x509 certificate

例外

Exception the exception

                                                                                                      {
         return generateV1SelfSignedCertificate(caKeyPair, subject, BigInteger.valueOf(System.currentTimeMillis()));
     }

◆ generateV1SelfSignedCertificate() [2/2]

static X509Certificate org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate	(	KeyPair	caKeyPair,
		String	subject,
		BigInteger	serialNumber
	)

inlinestatic

                                                                                                                               {
         try {
             X500Name subjectDN = new X500Name("CN=" + subject);
             Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
             Calendar calendar = Calendar.getInstance();
             calendar.add(Calendar.YEAR, 10);
             Date validityEndDate = new Date(calendar.getTime().getTime());
             SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
 
             X509v1CertificateBuilder builder = new X509v1CertificateBuilder(subjectDN, serialNumber, validityStartDate,
                     validityEndDate, subjectDN, subPubKeyInfo);
             X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
 
             return new JcaX509CertificateConverter().getCertificate(holder);
         } catch (Exception e) {
             throw new RuntimeException("Error creating X509v1Certificate.", e);
         }
     }

◆ generateV3Certificate()

static X509Certificate org.keycloak.common.util.CertificateUtils.generateV3Certificate	(	KeyPair	keyPair,
		PrivateKey	caPrivateKey,
		X509Certificate	caCert,
		String	subject
	)		throws Exception

inlinestatic

Generates version 3 java.security.cert.X509Certificate.

引数

keyPair	the key pair
caPrivateKey	the CA private key
caCert	the CA certificate
subject	the subject name

戻り値: the x509 certificate

例外

Exception the exception

                                              {
         try {
             X500Name subjectDN = new X500Name("CN=" + subject);
 
             // Serial Number
             SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
             BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
 
             // Validity
             Date notBefore = new Date(System.currentTimeMillis());
             Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
 
             // SubjectPublicKeyInfo
             SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic()
                     .getEncoded()));
 
             X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()),
                     serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
 
             DigestCalculator digCalc = new BcDigestCalculatorProvider()
                     .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
             X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
 
             // Subject Key Identifier
             certGen.addExtension(Extension.subjectKeyIdentifier, false,
                     x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
 
             // Authority Key Identifier
             certGen.addExtension(Extension.authorityKeyIdentifier, false,
                     x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
 
             // Key Usage
             certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign
                     | KeyUsage.cRLSign));
 
             // Extended Key Usage
             KeyPurposeId[] EKU = new KeyPurposeId[2];
             EKU[0] = KeyPurposeId.id_kp_emailProtection;
             EKU[1] = KeyPurposeId.id_kp_serverAuth;
 
             certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
 
             // Basic Constraints
             certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
 
             // Content Signer
             ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
 
             // Certificate
             return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
         } catch (Exception e) {
             throw new RuntimeException("Error creating X509v3Certificate.", e);
         }
     }

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/common/util/CertificateUtils.java

静的公開メンバ関数

静的関数

詳解

関数詳解

◆ [static initializer]()

◆ createSigner()

◆ generateV1SelfSignedCertificate() [1/2]

◆ generateV1SelfSignedCertificate() [2/2]

◆ generateV3Certificate()