@Service public class BouncyKeygenService extends Object implements KeygenService
Service that can then be called by server side components to create certificates from Certification Requests.
This one uses bouncycastle encryption library.
Question: should the methods be throwing exceptions or should they log errors and return null?issuer
Constructor and Description |
---|
BouncyKeygenService() |
Modifier and Type | Method and Description |
---|---|
protected void |
activate(Map properties)
OSGi activate method, taking properties in order to reduce dependencies.
|
Certificate |
createFromCRMF(String crmfReq)
CRMF requests are produced by the javascript generateCRMFRequest()
method in Netscape and are documented by RFC 2511.
|
Certificate |
createFromPEM(String pemCsr)
|
Certificate |
createFromSpkac(String spkac)
|
void |
initialize() |
protected void activate(Map properties)
properties
- public Certificate createFromPEM(String pemCsr)
KeygenService
createFromPEM
in interface KeygenService
pemCsr
- a PEM Certificate Signing Requestpublic Certificate createFromSpkac(String spkac)
KeygenService
<keygen>
element an SPKAC request
(see the specification in html5)createFromSpkac
in interface KeygenService
spkac
- a SPKAC Certificate Signing Requestpublic Certificate createFromCRMF(String crmfReq)
KeygenService
CRMF requests are produced by the javascript generateCRMFRequest() method in Netscape and are documented by RFC 2511.
Using this method may be needed when the server has to produce XHTML (should be rare!) as the keygen
tag in Netscape browsers is only supported by html. This should be fixed soon, now that html5 supports the keygen
element. For progress on this issue check bug report 101019.
A CRMF request can contain more details about the certificate, but those would better be passed using a form, as in the keygen examples, the server then setting those fields directly on the returned request. Currently we extract only the public key to generate the returned Certificate.
createFromCRMF
in interface KeygenService
crmfReq
- the requestCopyright © 2014 The Apache Software Foundation. All Rights Reserved.