ipworksssl
Class Certmgr

java.lang.Object
  ipworksssl.Certmgr

public class Certmgr
extends java.lang.Object

The CertMgr bean is used to manage the digital certificates installed on a system.

The bean methods, such as ListCertificateStores or ListStoreCertificates , are used to list certificate stores and certificates. The corresponding lists are returned via the StoreList and CertList events. Encoded certificates are provided through the events.

You can load a certificate by setting the Cert property of the bean, then you can get information about the certificate through the corresponding fields of the Cert property (described below).

The Subject , SerialNumber , and Issuer fields identify the certificate. The EffectiveDate and ExpirationDate show the time boundaries of the certificate.

PublicKey , PublicKeyAlgorithm , PublicKeyLength , and Version provide information about the certificate keys and the certificate format (version).

UsageFlags specifies the intended usage of the certificate. The Usage field provides a text description of these flags.

Field Summary

static int	cstJKSBlob
static int	cstJKSFile
static int	cstMachine
static int	cstP7BBlob
static int	cstP7BFile
static int	cstPEMKeyBlob
static int	cstPEMKeyFile
static int	cstPFXBlob
static int	cstPFXFile
static int	cstPPKBlob
static int	cstPPKFile
static int	cstPublicKeyBlob
static int	cstPublicKeyFile
static int	cstSSHPublicKeyBlob
static int	cstSSHPublicKeyFile
static int	cstUser
static int	cstXMLBlob
static int	cstXMLFile

Constructor Summary

Certmgr()
Creates an instance of Certmgr Bean.

Certmgr(java.lang.String runtimeLicense)
Creates an instance of Certmgr Bean with specified run-time license.

Method Summary

void	addCertmgrEventListener(CertmgrEventListener l)
java.lang.String	config(java.lang.String configurationString) Sets or retrieves a {@link ipworksssl.Certmgr#config configuration setting.
void	createCertificate(java.lang.String certSubject, int serialNumber) Creates a new self-signed certificate in the current store.
void	createKey(java.lang.String keyName) Creates a new keyset associated with the provided name.
void	deleteCertificate() Deletes the currently selected certificate from the store.
void	deleteKey(java.lang.String keyName) Deletes the keyset associated with the provided name.
void	exportCertificate(java.lang.String PFXFile, java.lang.String password) Saves the current certificate to a PFX file.
java.lang.String	generateCSR(java.lang.String certSubject, java.lang.String keyName) Generates a new CSR to be sent to a signing authority.
Certificate	getCert() The current selected certificate.
CertExtensionList	getCertExtensions() A list of extensions used by the currently selected certificate.
byte[]	getCertStore() The certificate store to search for certificates.
java.lang.String	getCertStorePassword() The password for the certificate store (if any).
int	getCertStoreType() The type of certificate store for CertStore .
void	importCertificate(java.lang.String PFXFile, java.lang.String password, java.lang.String subject) Imports a certificate from a PFX file into the current certificate store.
void	importSignedCSR(byte[] signedCSR, java.lang.String keyName) Imports a signed CSR.
void	issueCertificate(java.lang.String certSubject, int serialNumber) Creates a new certificate in the current store, signed by the selected certificate.
java.lang.String	listCertificateStores() Lists certificate stores.
java.lang.String	listKeys() List keysets in a CSP.
java.lang.String	listMachineStores() List machine certificate stores.
java.lang.String	listStoreCertificates() List certificates in a store.
void	readCertificate(java.lang.String fileName) Loads a certificate from a file.
void	removeCertmgrEventListener(CertmgrEventListener l)
void	reset() Resets all certificate properties to their default values.
void	saveCertificate(java.lang.String fileName) Saves the current certificate to a file.
void	setCert(Certificate cert) The current selected certificate.
void	setCertStore(byte[] certStore) The certificate store to search for certificates.
void	setCertStorePassword(java.lang.String certStorePassword) The password for the certificate store (if any).
void	setCertStoreType(int certStoreType) The type of certificate store for CertStore .
java.lang.String	showCertificateChain() Show certificate chain.
java.lang.String	signCSR(byte[] CSR, int serialNumber) Creates a signed certificate from a CSR.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cstUser

public static final int cstUser

See Also:

Constant Field Values

cstMachine

public static final int cstMachine

See Also:

Constant Field Values

cstPFXFile

public static final int cstPFXFile

See Also:

Constant Field Values

cstPFXBlob

public static final int cstPFXBlob

See Also:

Constant Field Values

cstJKSFile

public static final int cstJKSFile

See Also:

Constant Field Values

cstJKSBlob

public static final int cstJKSBlob

See Also:

Constant Field Values

cstPEMKeyFile

public static final int cstPEMKeyFile

See Also:

Constant Field Values

cstPEMKeyBlob

public static final int cstPEMKeyBlob

See Also:

Constant Field Values

cstPublicKeyFile

public static final int cstPublicKeyFile

See Also:

Constant Field Values

cstPublicKeyBlob

public static final int cstPublicKeyBlob

See Also:

Constant Field Values

cstSSHPublicKeyBlob

public static final int cstSSHPublicKeyBlob

See Also:

Constant Field Values

cstP7BFile

public static final int cstP7BFile

See Also:

Constant Field Values

cstP7BBlob

public static final int cstP7BBlob

See Also:

Constant Field Values

cstSSHPublicKeyFile

public static final int cstSSHPublicKeyFile

See Also:

Constant Field Values

cstPPKFile

public static final int cstPPKFile

See Also:

Constant Field Values

cstPPKBlob

public static final int cstPPKBlob

See Also:

Constant Field Values

cstXMLFile

public static final int cstXMLFile

See Also:

Constant Field Values

cstXMLBlob

public static final int cstXMLBlob

See Also:

Constant Field Values

Constructor Detail

Certmgr

public Certmgr()

Creates an instance of Certmgr Bean.

Certmgr

public Certmgr(java.lang.String runtimeLicense)

Creates an instance of Certmgr Bean with specified run-time license.

Method Detail

getCert

public Certificate getCert()

The current selected certificate.

This property is populated when a specified certificate is found or loaded by the bean. It is used to specify private or public keys. Set this property to a valid Certificate object to load a certificate and perform different operations such as DeleteCertificate or ExportCertificate .

setCert

public void setCert(Certificate cert)
             throws IPWorksSSLException

The current selected certificate.

This property is populated when a specified certificate is found or loaded by the bean. It is used to specify private or public keys. Set this property to a valid Certificate object to load a certificate and perform different operations such as DeleteCertificate or ExportCertificate .

Throws:

IPWorksSSLException

getCertExtensions

public CertExtensionList getCertExtensions()

A list of extensions used by the currently selected certificate.

This property contains a list of extensions used by the currently selected certificate. When Cert is set, the bean will be read out any CertExtension and populate this list. This list may also be populated by the user prior to a call to CreateCertificate to add certificate extensions to the certificate to be created.

getCertStore

public byte[] getCertStore()

The certificate store to search for certificates.

The CertStoreType property specifies the type of the certificate store specified by CertStore . If the store is password protected, specify the password in CertStorePassword .

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

MY

A certificate store holding personal certificates with their associated private keys.

CA

Certifying authority certificates.

ROOT

Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.

setCertStore

public void setCertStore(byte[] certStore)
                  throws IPWorksSSLException

The certificate store to search for certificates.

The CertStoreType property specifies the type of the certificate store specified by CertStore . If the store is password protected, specify the password in CertStorePassword .

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

MY

A certificate store holding personal certificates with their associated private keys.

CA

Certifying authority certificates.

ROOT

Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.

Throws:

IPWorksSSLException

getCertStorePassword

public java.lang.String getCertStorePassword()

The password for the certificate store (if any).

The value of this property is used to open the certificate store if the certificate store is of a type that requires a password.

setCertStorePassword

public void setCertStorePassword(java.lang.String certStorePassword)
                          throws IPWorksSSLException

The password for the certificate store (if any).

The value of this property is used to open the certificate store if the certificate store is of a type that requires a password.

Throws:

IPWorksSSLException

getCertStoreType

public int getCertStoreType()

The type of certificate store for CertStore .

This property can take one of the following values:

0 (cstUser - default)

For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: this store type is not available in Java.

1 (cstMachine)

For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java.

2 (cstPFXFile)

The certificate store is the name of a PFX (PKCS12) file containing certificates.

3 (cstPFXBlob)

The certificate store is a string (binary or base64-encoded) representing a certificate store in PFX (PKCS12) format.

4 (cstJKSFile)

The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: this store type is only available in Java.

5 (cstJKSBlob)

The certificate store is a string (binary or base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: this store type is only available in Java.

6 (cstPEMKeyFile)

The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.

7 (cstPEMKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains a private key and an optional certificate.

8 (cstPublicKeyFile)

The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.

9 (cstPublicKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains a PEM- or DER-encoded public key certificate.

10 (cstSSHPublicKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains an SSH-style public key.

11 (cstP7BFile)

The certificate store is the name of a PKCS7 file containing certificates.

12 (cstP7BBlob)

The certificate store is a string (binary) representing a certificate store in PKCS7 format.

13 (cstSSHPublicKeyFile)

The certificate store is the name of a file that contains an SSH-style public key.

14 (cstPPKFile)

The certificate store is the name of a file that contains a PPK (PuTTY Private Key).

15 (cstPPKBlob)

The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).

16 (cstXMLFile)

The certificate store is the name of a file that contains a certificate in XML format.

17 (cstXMLBlob)

The certificate store is a string that contains a certificate in XML format.

setCertStoreType

public void setCertStoreType(int certStoreType)
                      throws IPWorksSSLException

The type of certificate store for CertStore .

This property can take one of the following values:

0 (cstUser - default)

For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: this store type is not available in Java.

1 (cstMachine)

For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java.

2 (cstPFXFile)

The certificate store is the name of a PFX (PKCS12) file containing certificates.

3 (cstPFXBlob)

The certificate store is a string (binary or base64-encoded) representing a certificate store in PFX (PKCS12) format.

4 (cstJKSFile)

The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: this store type is only available in Java.

5 (cstJKSBlob)

The certificate store is a string (binary or base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: this store type is only available in Java.

6 (cstPEMKeyFile)

The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.

7 (cstPEMKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains a private key and an optional certificate.

8 (cstPublicKeyFile)

The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.

9 (cstPublicKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains a PEM- or DER-encoded public key certificate.

10 (cstSSHPublicKeyBlob)

The certificate store is a string (binary or base64-encoded) that contains an SSH-style public key.

11 (cstP7BFile)

The certificate store is the name of a PKCS7 file containing certificates.

12 (cstP7BBlob)

The certificate store is a string (binary) representing a certificate store in PKCS7 format.

13 (cstSSHPublicKeyFile)

The certificate store is the name of a file that contains an SSH-style public key.

14 (cstPPKFile)

The certificate store is the name of a file that contains a PPK (PuTTY Private Key).

15 (cstPPKBlob)

The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).

16 (cstXMLFile)

The certificate store is the name of a file that contains a certificate in XML format.

17 (cstXMLBlob)

The certificate store is a string that contains a certificate in XML format.

Throws:

IPWorksSSLException

config

public java.lang.String config(java.lang.String configurationString)
                        throws IPWorksSSLException

Sets or retrieves a ipworksssl.Certmgr#config configuration setting.

{@link ipworksssl.Certmgr#config Config} is a generic method available in every bean. It is used to set and retrieve {@link ipworksssl.Certmgr#config configuration settingsfor the bean.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Certmgr#config Config} method.

To set a configuration setting named PROPERTY , you must call Config("PROPERTY=VALUE") , where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a {@link ipworksssl.Certmgr#config configuration setting, you must call Config("PROPERTY") . The value will be returned as a string.

The bean accepts one or more of the following configuration settings . Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Certmgr#config Config} method.

CertMgr Configuration Settings

CertComment

A comment to include in a saved certificate

This settings specified the comment to use when calling {@link ipworksssl.Certmgr#saveCertificate SaveCertificate} . This can only be used when {@link ipworksssl.Certmgr#config is set to a value other than the default value. When {@link ipworksssl.Certmgr#config is set to "SSH2PublicKey" the value of this setting should be the full header. For instance: "Comment: My Comment".

CertificateOutputFormat

The format of the certificate to save

By default when {@link ipworksssl.Certmgr#saveCertificate SaveCertificate} is called the certificate will be written in a PEM format. You may change the format by setting this setting to "P7B", "SSH2PublicKey", or "OpenSSHPublicKey". Set this to the value "PEM" to specify the default behavior.

CertKeyLength

The public key length for created certificates and keys

When {@link ipworksssl.Certmgr#createCertificate CreateCertificate} creates a new certificate and associated key, or when {@link ipworksssl.Certmgr#createKey CreateKey} creates a key, this setting determines the length of the new public key (in bits). The default value is 1024.

CertKeyType

The types of keys created for new certificates

When {@link ipworksssl.Certmgr#createCertificate CreateCertificate} creates a new certificate and associated key, or when {@link ipworksssl.Certmgr#createKey CreateKey} creates a key, this setting determines the type of key generated: 1 for key exchange (encryption) keys, and 2 for digital signature keys. The default value is 1.

CertSignatureAlgorithm

The signature algorithm used when creating certificates

When {@link ipworksssl.Certmgr#createCertificate CreateCertificate} or {@link ipworksssl.Certmgr#issueCertificate IssueCertificate} creates a new certificate, the signature algorithm used is specified by this setting. Possible values are:

• MD2
• MD5
• SHA1
• SHA256
• SHA384
• SHA512

If no value is specified, the bean will use SHA1 as the signature algorithm.

CertValidityTime

The validity period for the certificate

When {@link ipworksssl.Certmgr#createCertificate CreateCertificate} creates a new certificate, the certificate is valid the moment it is created. CertValidityTime determines the number of days until expiration. The default value is 365 days.

CSP

The Cryptographic Service Provider

The name of the Cryptographic Service Provider used to provide access to certificate signing operations.

ImportCertAction

Specified the action to take if a matching certificate or a link to a matching certificate already exists

When calling {@link ipworksssl.Certmgr#importCertificate ImportCertificate} if a matching certificate or a link to a matching certificate already exists in the Windows certificate store this setting governs what action will be taken. Possible values are:

1

CERT_STORE_ADD_NEW - Imports a certificate only if no existing certificate is present.

2

CERT_STORE_ADD_USE_EXISTING - If an existing certificate is found, it is not replaced.

3 (default)

CERT_STORE_ADD_REPLACE_EXISTING - If an existing certificate is found it is replaced.

4

CERT_STORE_ADD_ALWAYS - No checks are performed and a new certificate is always added to the store. This can result in duplicates.

5

CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES - If an existing certificate is found it is replaced, and the new certificate inherits properties from the certificate it replaces.

6

CERT_STORE_ADD_NEWER - Imports a certificate only if the certificate is newer than an existing matching certificate.

7

CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES - Imports a certificate only if the certificate is newer than an existing matching certificate, and inherits the properties of old certificate it replaces.

KeyFormat

How the public and private key are formatted

This setting controls the format of PublicKey and PrivateKey . By default these fields hold PEM formatted public and private key data. When set to 1 (XML) the keys are stored in a XML format. This only affects the values returned by the bean; the actual keys remain the same regardless of this setting. Possible values are:

• 0 (PEM - default)
• 1 (XML)

The default value is 0 (PEM).

ReplaceKey

Whether or not to replace an existing key when creating a new key

If this is false (default), the component will throw an error if a duplicate key exists while generating a new keyset using {@link ipworksssl.Certmgr#createKey CreateKey} . If set to true, the component will replace a key if it already exists when generating new keys.

Base Configuration Settings

GUIAvailable

Tells the bean whether or not a message loop is available for processing events

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The bean will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the bean does not attempt to process external events.

UseDaemonThreads

Whether threads created by the bean are daemon threads

If set to True, when the bean creates a thread the thread's Daemon property will be explicitly set to True. By default this setting is False and the bean will not set the Daemon property on the created thread.

Throws:

IPWorksSSLException

createCertificate

public void createCertificate(java.lang.String certSubject,
                              int serialNumber)
                       throws IPWorksSSLException

Creates a new self-signed certificate in the current store.

This method creates a new self-signed certificate in the current store, containing the following:

CertSubject specifies the subject of the new certificate. A new keyset (public/private key pair) is generated and associated with the new certificate.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

Field

Meaning

CN

Common Name. This is commonly a host name like www.server.com.

O

Organization

OU

Organizational Unit

L

Locality

S

State

C

Country

E

Email Address

If a field value contains a comma it must be quoted.

SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.

The time validity of the new certificate is determined by the {@link ipworksssl.Certmgr#config configuration setting, and the key size by the {@link ipworksssl.Certmgr#config configuration setting.

Throws:

IPWorksSSLException

createKey

public void createKey(java.lang.String keyName)
               throws IPWorksSSLException

Creates a new keyset associated with the provided name.

This method will create a new keyset (public/private key pair) within the Cryptographic Service Provider (CSP) used by the bean. The CSP can be set using the {@link ipworksssl.Certmgr#config configuration setting.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

deleteCertificate

public void deleteCertificate()
                       throws IPWorksSSLException

Deletes the currently selected certificate from the store.

This method will delete the selected certificate from the store. If the certificate cannot be deleted, an error is returned.

This functionality is currently not available when the provider is OpenSSL.

Throws:

IPWorksSSLException

deleteKey

public void deleteKey(java.lang.String keyName)
               throws IPWorksSSLException

Deletes the keyset associated with the provided name.

This method will delete the keyset (public/private key pair) associated with KeyName from the Cryptographic Service Provider (CSP). The CSP can be set using the {@link ipworksssl.Certmgr#config configuration setting.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

exportCertificate

public void exportCertificate(java.lang.String PFXFile,
                              java.lang.String password)
                       throws IPWorksSSLException

Saves the current certificate to a PFX file.

This method will save the current certificate to a PFX file. The current certificate and its private key are saved to the file specified by PFXFile in PKCS12 format. The file contents are protected by Password .

Throws:

IPWorksSSLException

generateCSR

public java.lang.String generateCSR(java.lang.String certSubject,
                                    java.lang.String keyName)
                             throws IPWorksSSLException

Generates a new CSR to be sent to a signing authority.

This method will generate a new Certificate Signing Request (CSR) to be sent to the signing authority. CertSubject specifies the subject of the Certificate Signing Request (CSR). KeyName specifies the name of the keyset (public/private key pair) to be used. If the keyset does not already exist in the Cryptographic Service Provider (CSP), the bean will automatically generate one. To set the CSP, use the {@link ipworksssl.Certmgr#config configuration setting.

NOTE: it is important to remember the name of the keyset that is used when creating a CSR, as keyset must be later re-associated with the certificate after the trust authority has signed the CSR.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

Field

Meaning

CN

Common Name. This is commonly a host name like www.server.com.

O

Organization

OU

Organizational Unit

L

Locality

S

State

C

Country

E

Email Address

If a field value contains a comma it must be quoted.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

importCertificate

public void importCertificate(java.lang.String PFXFile,
                              java.lang.String password,
                              java.lang.String subject)
                       throws IPWorksSSLException

Imports a certificate from a PFX file into the current certificate store.

This method will import a certificate from a PFX file into the current certificate store. The certificate specified by Subject and its private key are loaded from the PKCS12 file specified by PFXFile . If the file is password-protected Password is used to open it.

Subject is optional. If empty, the first certificate in the store is loaded instead of the matching certificate.

If the provider is OpenSSL, the current version just loads the first certificate and its private key. Subject is ignored.

Throws:

IPWorksSSLException

importSignedCSR

public void importSignedCSR(byte[] signedCSR,
                            java.lang.String keyName)
                     throws IPWorksSSLException

Imports a signed CSR.

This method will import a signed Certificate Signing Request (CSR). SignedCSR specifies a certificate that has been signed by a trust authority. KeyName is the name of the keyset (public/private key pair) that was used to create the original Certificate Signing Request (CSR).

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

issueCertificate

public void issueCertificate(java.lang.String certSubject,
                             int serialNumber)
                      throws IPWorksSSLException

Creates a new certificate in the current store, signed by the selected certificate.

This method creates a new certificate in the current store, signed by the selected certificate. CertSubject specifies the subject of the new certificate. A new keyset (public/private key pair) is generated and associated with the new certificate.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

Field

Meaning

CN

Common Name. This is commonly a host name like www.server.com.

O

Organization

OU

Organizational Unit

L

Locality

S

State

C

Country

E

Email Address

If a field value contains a comma it must be quoted.

SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.

The current certificate selected by the bean will be used as the issuing certificate.

If no certificate has been selected in the current CertStore prior to calling this method, or if the selected certificate does not have an associated private key, the method throws an exception.

The time validity of the new certificate is determined by the {@link ipworksssl.Certmgr#config configuration setting, and the key size by the {@link ipworksssl.Certmgr#config configuration setting.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

listCertificateStores

public java.lang.String listCertificateStores()
                                       throws IPWorksSSLException

Lists certificate stores.

This method lists the system certificate stores for the current user account. The results are provided through the StoreList event.

The same information is also returned upon method completion as a set of lines, one per certificate store name.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

listKeys

public java.lang.String listKeys()
                          throws IPWorksSSLException

List keysets in a CSP.

This method lists the keys (public/private key pairs) in a Cryptographic Service Provider (CSP). The results are provided through the KeyList event.

The same information is also returned upon method completion as a set of lines, one per key, with each line containing the following information separated by Tab characters: KeyContainer , KeyType , AlgId , KeyLen .

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

listMachineStores

public java.lang.String listMachineStores()
                                   throws IPWorksSSLException

List machine certificate stores.

This method behaves the same as the ListCertificateStores method, but lists certificate stores in the machine account (under HKEY_LOCAL_MACHINE in the registry).

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

listStoreCertificates

public java.lang.String listStoreCertificates()
                                       throws IPWorksSSLException

List certificates in a store.

This method lists the certificates in a store. The results are provided through the CertList event.

The same information is also returned upon method completion as a set of lines, one per certificate, with each line containing the following information separated by Tab characters: CertSubject , CertIssuer , CertSerialNumber , HasPrivateKey (as "1" or "0").

Throws:

IPWorksSSLException

readCertificate

public void readCertificate(java.lang.String fileName)
                     throws IPWorksSSLException

Loads a certificate from a file.

This method will load a certificate from a file. The file contents can be encoded in base64 (PEM) or ASN (DER) format.

Throws:

IPWorksSSLException

reset

public void reset()
           throws IPWorksSSLException

Resets all certificate properties to their default values.

This method will reset all certificate properties to their default values. If a certificate and private key is selected and/or a certificate store is opened, both are released upon calling this method.

Throws:

IPWorksSSLException

saveCertificate

public void saveCertificate(java.lang.String fileName)
                     throws IPWorksSSLException

Saves the current certificate to a file.

This method will save the current certificate to a file. The certificate is saved in base64 (PEM) format to the file specified by FileName . If the file exists, it is overwritten.

Note: This does not include the private key. To export a certificate with the private key, use ExportCertificate .

Throws:

IPWorksSSLException

showCertificateChain

public java.lang.String showCertificateChain()
                                      throws IPWorksSSLException

Show certificate chain.

This method shows the certificate chain for the certificate. The results are provided through the CertChain event.

The same information is also returned upon method completion as a set of lines, one per key, with each line containing the following information separated by Tab characters: CertSubject , CertIssuer , CertSerialNumber , TrustStatus , TrustInfo .

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

signCSR

public java.lang.String signCSR(byte[] CSR,
                                int serialNumber)
                         throws IPWorksSSLException

Creates a signed certificate from a CSR.

This method will create a signed certificate from a Certificate Signing Request (CSR). CSR specifies the Certificate Signing Request to be signed.

SerialNumber specifies the certificate serial number. All certificates signed by the same issuer must have different (unique) serial numbers.

The time validity of the new certificate is determined by the {@link ipworksssl.Certmgr#config configuration setting, and the key size by the {@link ipworksssl.Certmgr#config configuration setting.

NOTE: This functionality is only available in Windows.

Throws:

IPWorksSSLException

addCertmgrEventListener

public void addCertmgrEventListener(CertmgrEventListener l)
                             throws java.util.TooManyListenersException

Throws:

java.util.TooManyListenersException

removeCertmgrEventListener

public void removeCertmgrEventListener(CertmgrEventListener l)