org.apache.directory.server.core.security

Class TlsKeyGenerator

java.lang.Object

org.apache.directory.server.core.security.TlsKeyGenerator

public final class TlsKeyGenerator
extends java.lang.Object

Generates the default RSA key pair for the server.

Field Summary

Fields

Modifier and Type	Field and Description
private static java.lang.String	ALGORITHM
private static java.lang.String	BASE_DN
static java.lang.String	CERTIFICATE_PRINCIPAL_DN
static java.lang.String	KEY_ALGORITHM_AT
private static int	KEY_SIZE
private static org.slf4j.Logger	LOG
static java.lang.String	PRIVATE_KEY_AT
static java.lang.String	PRIVATE_KEY_FORMAT_AT
static java.lang.String	PUBLIC_KEY_AT
static java.lang.String	PUBLIC_KEY_FORMAT_AT
static java.lang.String	TLS_KEY_INFO_OC
static java.lang.String	USER_CERTIFICATE_AT
private static long	YEAR_MILLIS

Constructor Summary

Constructors

Modifier	Constructor and Description
private	TlsKeyGenerator()

Method Summary

Modifier and Type	Method and Description
static void	addKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry) Adds a private key pair along with a self signed certificate to an entry making sure it contains the objectClasses and attributes needed to support the additions.
static void	addKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry, java.lang.String issuerDN, java.lang.String subjectDN, java.lang.String keyAlgo)
static java.security.cert.X509Certificate	getCertificate(org.apache.directory.api.ldap.model.entry.Entry entry) Gets the certificate associated with the self signed TLS private/public key pair.
static java.security.KeyPair	getKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry) Extracts the public private key pair from the tlsKeyInfo entry.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

TLS_KEY_INFO_OC

public static final java.lang.String TLS_KEY_INFO_OC

See Also:

Constant Field Values

PRIVATE_KEY_AT

public static final java.lang.String PRIVATE_KEY_AT

See Also:

Constant Field Values

PUBLIC_KEY_AT

public static final java.lang.String PUBLIC_KEY_AT

See Also:

Constant Field Values

KEY_ALGORITHM_AT

public static final java.lang.String KEY_ALGORITHM_AT

See Also:

Constant Field Values

PRIVATE_KEY_FORMAT_AT

public static final java.lang.String PRIVATE_KEY_FORMAT_AT

See Also:

Constant Field Values

PUBLIC_KEY_FORMAT_AT

public static final java.lang.String PUBLIC_KEY_FORMAT_AT

See Also:

Constant Field Values

USER_CERTIFICATE_AT

public static final java.lang.String USER_CERTIFICATE_AT

See Also:

Constant Field Values

BASE_DN

private static final java.lang.String BASE_DN

See Also:

Constant Field Values

CERTIFICATE_PRINCIPAL_DN

public static final java.lang.String CERTIFICATE_PRINCIPAL_DN

See Also:

Constant Field Values

ALGORITHM

private static final java.lang.String ALGORITHM

See Also:

Constant Field Values

KEY_SIZE

private static final int KEY_SIZE

See Also:

Constant Field Values

YEAR_MILLIS

private static final long YEAR_MILLIS

See Also:

Constant Field Values

Constructor Detail

TlsKeyGenerator

private TlsKeyGenerator()

Method Detail

getCertificate

public static java.security.cert.X509Certificate getCertificate(org.apache.directory.api.ldap.model.entry.Entry entry)
                                                         throws org.apache.directory.api.ldap.model.exception.LdapException

Gets the certificate associated with the self signed TLS private/public key pair.

Parameters:

entry - the TLS key/cert entry

Returns:

the X509 certificate associated with that entry

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing or decoding

getKeyPair

public static java.security.KeyPair getKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry)
                                        throws org.apache.directory.api.ldap.model.exception.LdapException

Extracts the public private key pair from the tlsKeyInfo entry.

Parameters:

entry - an entry of the tlsKeyInfo objectClass

Returns:

the private and public key pair

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are format or access issues

addKeyPair

public static void addKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry)
                       throws org.apache.directory.api.ldap.model.exception.LdapException

Adds a private key pair along with a self signed certificate to an entry making sure it contains the objectClasses and attributes needed to support the additions. This function is intended for creating a TLS key value pair and self signed certificate for use by the server to authenticate itself during SSL handshakes in the course of establishing an LDAPS connection or a secure LDAP connection using StartTLS. Usually this information is added to the administrator user's entry so the administrator (effectively the server) can manage these security concerns.

Parameters:

entry - the entry to add security attributes to

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - on problems generating the content in the entry

addKeyPair

public static void addKeyPair(org.apache.directory.api.ldap.model.entry.Entry entry,
                              java.lang.String issuerDN,
                              java.lang.String subjectDN,
                              java.lang.String keyAlgo)
                       throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

See Also:

TODO the code is duplicate atm, will eliminate this redundancy after finding a better thought (an instant one is to call this method from the aboveaddKeyPair(entry) and remove the impl there)