@Component @Named(value="crypto.rsa") @Singleton public class RSACryptoScriptService extends Object implements org.xwiki.script.service.ScriptService
Modifier and Type | Field and Description |
---|---|
static String |
ROLEHINT
The role hint of this component.
|
Constructor and Description |
---|
RSACryptoScriptService() |
Modifier and Type | Method and Description |
---|---|
boolean |
checkX509CertificateChainValidity(Collection<org.xwiki.crypto.pkix.params.CertifiedPublicKey> chain)
Check that an X509 certificate chain is complete and valid now.
|
boolean |
checkX509CertificateChainValidity(Collection<org.xwiki.crypto.pkix.params.CertifiedPublicKey> chain,
Date date)
Check that an X509 certificate chain is complete and is valid on a given date.
|
byte[] |
cmsSign(byte[] data,
org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair,
boolean embedContent)
Generate a CMS (Cryptographic Message Syntax) signature for a given byte content.
|
byte[] |
cmsSign(byte[] data,
org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair,
org.xwiki.crypto.pkix.CertificateProvider certificateProvider,
boolean embedContent)
Generate a CMS (Cryptographic Message Syntax) signature for a given byte content.
|
byte[] |
cmsSign(byte[] data,
org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair,
org.xwiki.crypto.pkix.CertificateProvider certificateProvider,
org.xwiki.crypto.signer.param.CMSSignedDataVerified existingSignature,
boolean embedContent)
Generate a CMS (Cryptographic Message Syntax) signature for a given byte content.
|
org.xwiki.crypto.signer.param.CMSSignedDataVerified |
cmsVerify(byte[] signature)
Verify a CMS signature with embedded content and containing all the certificate required for validation.
|
org.xwiki.crypto.signer.param.CMSSignedDataVerified |
cmsVerify(byte[] signature,
byte[] data)
Verify a CMS signature without embedded content but containing all the certificate required for validation.
|
org.xwiki.crypto.signer.param.CMSSignedDataVerified |
cmsVerify(byte[] signature,
byte[] data,
org.xwiki.crypto.pkix.CertificateProvider certificateProvider)
Verify a CMS signature without embedded content, and requiring external certificates to be validated.
|
org.xwiki.crypto.signer.param.CMSSignedDataVerified |
cmsVerify(byte[] signature,
org.xwiki.crypto.pkix.CertificateProvider certificateProvider)
Verify a CMS signature with embedded content, but requiring external certificates to be validated.
|
org.xwiki.crypto.pkix.params.CertifiedKeyPair |
createCertifiedKeyPair(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey,
org.xwiki.crypto.pkix.params.CertifiedPublicKey certificate)
Create a CertifiedKeyPair from a private key and a certificate.
|
org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair |
generateKeyPair()
Generate a new RSA key pair.
|
org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair |
generateKeyPair(int strength)
Generate a new RSA key pair of given strength.
|
org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair |
generateKeyPair(int strength,
BigInteger publicExponent,
int certainty)
Build a new instance with all custom parameters.
|
org.xwiki.crypto.pkix.params.CertifiedKeyPair |
issueCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer,
org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair,
String dn,
int validity,
List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName)
Create an end entity certificate.
|
org.xwiki.crypto.pkix.params.CertifiedPublicKey |
issueCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer,
org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey,
String dn,
int validity,
List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName)
Create an end entity certificate.
|
org.xwiki.crypto.pkix.params.CertifiedPublicKey |
issueCertificate(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey,
org.xwiki.crypto.pkix.params.CertifiedPublicKey issuer,
org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey,
String dn,
int validity,
List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName)
Create an end entity certificate.
|
org.xwiki.crypto.pkix.params.CertifiedKeyPair |
issueIntermediateCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer,
org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair,
String dn,
int validity)
Create an intermediate CA certificate.
|
org.xwiki.crypto.pkix.params.CertifiedPublicKey |
issueIntermediateCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer,
org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey,
String dn,
int validity)
Create an intermediate CA certificate.
|
org.xwiki.crypto.pkix.params.CertifiedPublicKey |
issueIntermediateCertificate(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey,
org.xwiki.crypto.pkix.params.CertifiedPublicKey issuer,
org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey,
String dn,
int validity)
Create an intermediate CA certificate.
|
org.xwiki.crypto.pkix.params.CertifiedKeyPair |
issueRootCACertificate(org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair,
String dn,
int validity)
Create a self-signed certificate for a Root CA.
|
public static final String ROLEHINT
public org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair generateKeyPair()
public org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair generateKeyPair(int strength)
strength
- the strength in bytes.public org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair generateKeyPair(int strength, BigInteger publicExponent, int certainty)
strength
- the key strength in bytes.publicExponent
- the public exponent.certainty
- certainty for prime evaluation.public org.xwiki.crypto.pkix.params.CertifiedKeyPair createCertifiedKeyPair(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey, org.xwiki.crypto.pkix.params.CertifiedPublicKey certificate)
privateKey
- the private key.certificate
- the certified public key.public org.xwiki.crypto.pkix.params.CertifiedKeyPair issueRootCACertificate(org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair, String dn, int validity) throws IOException, GeneralSecurityException
keyPair
- the keypair to issue the certificate for and used for signing it.dn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.IOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedKeyPair issueIntermediateCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer, org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair, String dn, int validity) throws IOException, GeneralSecurityException
issuer
- the certified keypair for issuing the certificatekeyPair
- the keyPair of the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.IOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedPublicKey issueIntermediateCertificate(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey, org.xwiki.crypto.pkix.params.CertifiedPublicKey issuer, org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey, String dn, int validity) throws IOException, GeneralSecurityException
privateKey
- the private key for signing the certificateissuer
- the certificate of the issuer of the certificatepublicKey
- the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.IOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedPublicKey issueIntermediateCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer, org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey, String dn, int validity) throws IOException, GeneralSecurityException
issuer
- the certified keypair for issuing the certificatepublicKey
- the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.IOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedKeyPair issueCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer, org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyPair keyPair, String dn, int validity, List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException
issuer
- the certified keypair for issuing the certificatekeyPair
- the keyPair of the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.subjectAltName
- the alternative names for the certificateIOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedPublicKey issueCertificate(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters privateKey, org.xwiki.crypto.pkix.params.CertifiedPublicKey issuer, org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey, String dn, int validity, List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException
privateKey
- the private key for signing the certificateissuer
- the certificate of the issuer of the certificatepublicKey
- the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.subjectAltName
- the alternative names for the certificateIOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public org.xwiki.crypto.pkix.params.CertifiedPublicKey issueCertificate(org.xwiki.crypto.pkix.params.CertifiedKeyPair issuer, org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters publicKey, String dn, int validity, List<org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException
issuer
- the keypair for issuing the certificatepublicKey
- the public key to certifydn
- the distinguished name for the new the certificate.validity
- the validity of the certificate from now in days.subjectAltName
- the alternative names for the certificateIOException
- in case on error while reading the public key.GeneralSecurityException
- in case of error.public byte[] cmsSign(byte[] data, org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair, boolean embedContent) throws GeneralSecurityException
data
- the data to be signedkeyPair
- the certified key pair used for signingembedContent
- if true, the signed content is embedded with the signature.GeneralSecurityException
- on error.public byte[] cmsSign(byte[] data, org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair, org.xwiki.crypto.pkix.CertificateProvider certificateProvider, boolean embedContent) throws GeneralSecurityException
data
- the data to be signedkeyPair
- the certified key pair used for signingcertificateProvider
- Optionally, a certificate provider for obtaining the chain of certificate to embed.
If null, no certificate are embedded with the signature.embedContent
- if true, the signed content is embedded with the signature.GeneralSecurityException
- on error.public byte[] cmsSign(byte[] data, org.xwiki.crypto.pkix.params.CertifiedKeyPair keyPair, org.xwiki.crypto.pkix.CertificateProvider certificateProvider, org.xwiki.crypto.signer.param.CMSSignedDataVerified existingSignature, boolean embedContent) throws GeneralSecurityException
data
- the data to be signedkeyPair
- the certified key pair used for signingcertificateProvider
- Optionally, a certificate provider for obtaining the chain of certificate to embed.
If null, no certificate are embedded with the signature.existingSignature
- if not null, a existing signature on the same data that should be kept.embedContent
- if true, the signed content is embedded with the signature.GeneralSecurityException
- on error.public org.xwiki.crypto.signer.param.CMSSignedDataVerified cmsVerify(byte[] signature) throws GeneralSecurityException
signature
- the CMS signature to verify. The signature should have the signed content embedded as well as
all the certificates for the signers.GeneralSecurityException
- on error.public org.xwiki.crypto.signer.param.CMSSignedDataVerified cmsVerify(byte[] signature, byte[] data) throws GeneralSecurityException
signature
- the CMS signature to verify.data
- the content to verify the signature against, or null of the content is embedded in the signature.GeneralSecurityException
- on error.public org.xwiki.crypto.signer.param.CMSSignedDataVerified cmsVerify(byte[] signature, org.xwiki.crypto.pkix.CertificateProvider certificateProvider) throws GeneralSecurityException
signature
- the CMS signature to verify.certificateProvider
- Optionally, a certificate provider for obtaining the chain of certificate for
verifying the signatures. If null, certificat should all be embedded in the signature.GeneralSecurityException
- on error.public org.xwiki.crypto.signer.param.CMSSignedDataVerified cmsVerify(byte[] signature, byte[] data, org.xwiki.crypto.pkix.CertificateProvider certificateProvider) throws GeneralSecurityException
signature
- the CMS signature to verify.data
- the content to verify the signature against, or null of the content is embedded in the signature.certificateProvider
- Optionally, a certificate provider for obtaining the chain of certificate for
verifying the signatures. If null, certificat should all be embedded in the signature.GeneralSecurityException
- on error.public boolean checkX509CertificateChainValidity(Collection<org.xwiki.crypto.pkix.params.CertifiedPublicKey> chain)
chain
- the ordered chain of certificate starting from root CA.public boolean checkX509CertificateChainValidity(Collection<org.xwiki.crypto.pkix.params.CertifiedPublicKey> chain, Date date)
chain
- the ordered chain of certificate starting from root CA.date
- the date to check the validity for, or null to check for now.Copyright © 2004–2021 XWiki. All rights reserved.