Package net.solarnetwork.node.service

Interface PKIService

public interface PKIService
API for managing the node's certificate infrastructure.
Since:
2.0
Version:
1.0
Author:
matt

  • Method Details

    • saveCACertificate

      void saveCACertificate(X509Certificate cert) throws net.solarnetwork.service.CertificateException
      Save the trusted CA certificate.

      The node maintains a root CA certificate for the SolarNet network it is associated with.

      Parameters:
      cert - the certificate
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • getCACertificate

      X509Certificate getCACertificate() throws net.solarnetwork.service.CertificateException
      Get the configured CA certificate.
      Returns:
      the CA certificate, or null if not available
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • getNodeCertificate

      X509Certificate getNodeCertificate() throws net.solarnetwork.service.CertificateException
      Get the configured node certificate.
      Returns:
      the node certificate, or null if not available
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • isNodeCertificateValid

      boolean isNodeCertificateValid(String issuerDN) throws net.solarnetwork.service.CertificateException
      Check if the node's certificate is valid.

      The certificate is considered valid if it is signed by the given authority and its chain can be verified and it has not expired.

      Parameters:
      issuerDN - the expected issuer subject DN
      Returns:
      boolean true if considered valid
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • generateNodeSelfSignedCertificate

      X509Certificate generateNodeSelfSignedCertificate(String dn) throws net.solarnetwork.service.CertificateException
      Generate a new public and private key pair, and a new self-signed certificate.
      Parameters:
      dn - the certificate subject DN
      Returns:
      the Certificate
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • generateNodePKCS10CertificateRequestString

      String generateNodePKCS10CertificateRequestString() throws net.solarnetwork.service.CertificateException
      Generate a PKCS#10 certificate signing request (CSR) for the node's certificate.
      Returns:
      the PEM-encoded CSR
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • generateNodePKCS7CertificateString

      String generateNodePKCS7CertificateString() throws net.solarnetwork.service.CertificateException
      Generate a PKCS#7 PEM encoding of the node's certificate.
      Returns:
      the PEM-encoded certificate
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • generateNodePKCS7CertificateChainString

      String generateNodePKCS7CertificateChainString() throws net.solarnetwork.service.CertificateException
      Generate a PKCS#7 PEM encoding of the node's certificate chain.
      Returns:
      the PEM-encoded certificate chain
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • saveNodeSignedCertificate

      void saveNodeSignedCertificate(String certificateChain) throws net.solarnetwork.service.CertificateException
      Save a signed node certificate (previously created via generateNodeSelfSignedCertificate(String)).

      The issuer of the certificate must match the subject of the configured CA certificate, and the certificate's subject must match the existing node certificate's subject.

      Parameters:
      certificateChain - the PKCS#7 signed certificate chain
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • savePKCS12Keystore

      void savePKCS12Keystore(String keystore, String password) throws net.solarnetwork.service.CertificateException
      Save a PKCS#12 keystore as the node's certificate.

      The keystore can contain either a single self-signed certificate or a signed certificate chain.

      Parameters:
      keystore - the PKCS#12 keystore as a Base64 encoded string
      password - the keystore password
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs

    • generatePKCS12KeystoreString

      String generatePKCS12KeystoreString(String password) throws net.solarnetwork.service.CertificateException
      Generate a PKCS#12 keystore from the node's keystore, encrpyted with the given password.
      Parameters:
      password - The password to encrypt the keystore with.
      Returns:
      The generated keystore.
      Throws:
      net.solarnetwork.service.CertificateException - if any certificate related error occurs
      Since:
      1.1