java.lang.Object
se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
se.swedenconnect.signservice.certificate.simple.ca.BasicCAService
All Implemented Interfaces:
se.swedenconnect.ca.engine.ca.issuer.CAService

public class BasicCAService extends se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
Basic CA service implementation equipped to issue certificates to signers.
  • Constructor Summary

    Constructors
    Constructor
    Description
    BasicCAService(PkiCredential caCredential, se.swedenconnect.ca.engine.ca.repository.CARepository caRepository, se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel issuerModel, se.swedenconnect.ca.engine.revocation.crl.CRLIssuerModel crlIssuerModel)
    Constructor.
  • Method Summary

    Modifier and Type
    Method
    Description
    protected se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder
    getBaseCertificateModelBuilder(se.swedenconnect.ca.engine.ca.models.cert.CertNameModel<?> subject, PublicKey subjectPublicKey, org.bouncycastle.cert.X509CertificateHolder issuerCertificate, se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel certificateIssuerModel)
    se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer
    protected se.swedenconnect.ca.engine.revocation.crl.CRLIssuer
    se.swedenconnect.ca.engine.revocation.ocsp.OCSPResponder
    org.bouncycastle.cert.X509CertificateHolder
    void
    setOcspResponder(se.swedenconnect.ca.engine.revocation.ocsp.OCSPResponder ocspResponder, String ocspResponderUrl, X509Certificate ocspResponderCertificate)
    Assigns the OCSP responder for this CA service.
    void
    Assigns the certificate profile to be adopted in issued certificates.

    Methods inherited from class se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService

    getCaCertificate, getCACertificateChain, getCaRepository, getCertificateModelBuilder, getCurrentCrl, issueCertificate, publishNewCrl, revokeCertificate, revokeCertificate

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • BasicCAService

      public BasicCAService(@Nonnull PkiCredential caCredential, @Nonnull se.swedenconnect.ca.engine.ca.repository.CARepository caRepository, @Nonnull se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel issuerModel, @Nullable se.swedenconnect.ca.engine.revocation.crl.CRLIssuerModel crlIssuerModel) throws NoSuchAlgorithmException, CertificateException, CRLException
      Constructor.
      Parameters:
      caCredential - the CA credential (private key and certificates)
      caRepository - repository for storing issued certificates
      issuerModel - model for issuing certificates
      crlIssuerModel - model for publishing CRL:s (optional)
      Throws:
      NoSuchAlgorithmException - algorithm is not supported
      CertificateException - for certificate errors
      CRLException - if a CRL cannot be published
  • Method Details

    • getCertificateIssuer

      @Nonnull public se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer getCertificateIssuer()
      Specified by:
      getCertificateIssuer in class se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
    • getCrlIssuer

      @Nullable protected se.swedenconnect.ca.engine.revocation.crl.CRLIssuer getCrlIssuer()
      Specified by:
      getCrlIssuer in class se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
    • getCaAlgorithm

      @Nonnull public String getCaAlgorithm()
    • getCrlDpURLs

      @Nonnull public List<String> getCrlDpURLs()
    • getOCSPResponderCertificate

      @Nullable public org.bouncycastle.cert.X509CertificateHolder getOCSPResponderCertificate()
    • getOCSPResponderURL

      @Nullable public String getOCSPResponderURL()
    • getOCSPResponder

      @Nullable public se.swedenconnect.ca.engine.revocation.ocsp.OCSPResponder getOCSPResponder()
      Specified by:
      getOCSPResponder in interface se.swedenconnect.ca.engine.ca.issuer.CAService
      Specified by:
      getOCSPResponder in class se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
    • setOcspResponder

      public void setOcspResponder(@Nonnull se.swedenconnect.ca.engine.revocation.ocsp.OCSPResponder ocspResponder, @Nonnull String ocspResponderUrl, @Nonnull X509Certificate ocspResponderCertificate)
      Assigns the OCSP responder for this CA service.
      Parameters:
      ocspResponder - the OCSP responder implementation
      ocspResponderUrl - the URL for sending requests to the OCSP responder
      ocspResponderCertificate - the OCSP responder certificate
    • getBaseCertificateModelBuilder

      protected se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder getBaseCertificateModelBuilder(@Nonnull se.swedenconnect.ca.engine.ca.models.cert.CertNameModel<?> subject, @Nonnull PublicKey subjectPublicKey, @Nullable org.bouncycastle.cert.X509CertificateHolder issuerCertificate, @Nonnull se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel certificateIssuerModel) throws se.swedenconnect.ca.engine.ca.issuer.CertificateIssuanceException
      Specified by:
      getBaseCertificateModelBuilder in class se.swedenconnect.ca.engine.ca.issuer.impl.AbstractCAService<se.swedenconnect.ca.engine.ca.models.cert.impl.DefaultCertificateModelBuilder>
      Throws:
      se.swedenconnect.ca.engine.ca.issuer.CertificateIssuanceException
    • setProfileConfiguration

      public void setProfileConfiguration(@Nullable CertificateProfileConfiguration profileConfiguration)
      Assigns the certificate profile to be adopted in issued certificates.
      Parameters:
      profileConfiguration - certificate profile configuration