org.apache.clerezza.ssl.keygen.bouncy

Class BouncyKeygenService

java.lang.Object

org.apache.clerezza.ssl.keygen.bouncy.BouncyKeygenService

All Implemented Interfaces:

KeygenService

@Service
public class BouncyKeygenService
extends Object
implements KeygenService

Service that can then be called by server side components to create certificates from Certification Requests.

This one uses bouncycastle encryption library.

Question: should the methods be throwing exceptions or should they log errors and return null?

Since:

Feb 17, 2010

Author:

Bruno Harbulot, Henry Story

Field Summary

Fields inherited from interface org.apache.clerezza.ssl.keygen.KeygenService

issuer

Constructor Summary

Constructors

Constructor and Description
BouncyKeygenService()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	activate(Map properties) OSGi activate method, taking properties in order to reduce dependencies.
Certificate	createFromCRMF(String crmfReq) CRMF requests are produced by the javascript generateCRMFRequest() method in Netscape and are documented by RFC 2511.
Certificate	createFromPEM(String pemCsr) Creates a certificate stub from the given PEM CSR.
Certificate	createFromSpkac(String spkac) Creates a certificate stub from the given SPKAC CSR.
void	initialize()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BouncyKeygenService

public BouncyKeygenService()

Method Detail

activate

protected void activate(Map properties)

OSGi activate method, taking properties in order to reduce dependencies.

Parameters:

properties -

See Also:

the Component Context javadoc

initialize

public void initialize()
                throws Exception

Throws:

Exception

createFromPEM

public Certificate createFromPEM(String pemCsr)

Description copied from interface: KeygenService

Creates a certificate stub from the given PEM CSR. The returned certificate will be filled out with info from the CSR and a number of other defaults. Other information may then be added programatically before generating a certificate to return.

Internet Explorer sends PEM CSRs to the server.

Specified by:

createFromPEM in interface KeygenService

Parameters:

pemCsr - a PEM Certificate Signing Request

Returns:

a certificate using the CSR, and cert defaults

createFromSpkac

public Certificate createFromSpkac(String spkac)

Description copied from interface: KeygenService

Creates a certificate stub from the given SPKAC CSR. The returned certificate will be filled out with info from the CSR and a number of other defaults. Other information may then be added programatically before generating a certificate to return.

Safari, Firefox, Opera, return through the <keygen> element an SPKAC request (see the specification in html5)

Specified by:

createFromSpkac in interface KeygenService

Parameters:

spkac - a SPKAC Certificate Signing Request

Returns:

a certificate using the CSR, and cert defaults

createFromCRMF

public Certificate createFromCRMF(String crmfReq)

Description copied from interface: KeygenService

CRMF requests are produced by the javascript generateCRMFRequest() method in Netscape and are documented by RFC 2511.

Using this method may be needed when the server has to produce XHTML (should be rare!) as the keygen tag in Netscape browsers is only supported by html. This should be fixed soon, now that html5 supports the keygen element. For progress on this issue check bug report 101019.

A CRMF request can contain more details about the certificate, but those would better be passed using a form, as in the keygen examples, the server then setting those fields directly on the returned request. Currently we extract only the public key to generate the returned Certificate.

Specified by:

createFromCRMF in interface KeygenService

Parameters:

crmfReq - the request

Returns:

a certificate that may be filled in with some extra details in the requests such as webid