CertAndKeyGen (MA3 Api SmartCard Android Module 2.2.1.4 API)

java.lang.Object
- sun.security.x509.CertAndKeyGen

```
public final class CertAndKeyGen
extends java.lang.Object
```
Generate a pair of keys, and provide access to them. This class is provided primarily for ease of use.
This provides some simple certificate management functionality. Specifically, it allows you to create self-signed X.509 certificates as well as PKCS 10 based certificate signing requests.
Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing. At this time, this interface does not provide a way to provide such algorithm parameters, e.g. by providing the CA certificate which includes those parameters.
Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys, used for secure key exchange, may be supported later.

Author:

David Brownell, Hemma Prafullchandra

See Also:
PKCS10, X509CertImpl

Constructor Summary

Constructors
Constructor and Description
`CertAndKeyGen(java.lang.String keyType, java.lang.String sigAlg)` Creates a CertAndKeyGen object for a particular key type and signature algorithm.
`CertAndKeyGen(java.lang.String keyType, java.lang.String sigAlg, java.lang.String providerName)` Creates a CertAndKeyGen object for a particular key type, signature algorithm, and provider.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`generate(int keyBits)` Generates a random public/private key pair, with a given key size.
`java.security.PrivateKey`	`getPrivateKey()` Returns the private key of the generated key pair.
`X509Key`	`getPublicKey()` Returns the public key of the generated key pair if it is of type `X509Key`, or null if the public key is of a different type.
`X509Cert`	`getSelfCert(X500Name myname, long validity)` Deprecated. Use the new
`java.security.cert.X509Certificate`	`getSelfCertificate(X500Name myname, java.util.Date firstDate, long validity)` Returns a self-signed X.509v3 certificate for the public key.
`java.security.cert.X509Certificate`	`getSelfCertificate(X500Name myname, long validity)`
`void`	`setRandom(java.security.SecureRandom generator)` Sets the source of random numbers used when generating keys.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CertAndKeyGen
```
public CertAndKeyGen(java.lang.String keyType,
             java.lang.String sigAlg)
              throws java.security.NoSuchAlgorithmException
```
    Creates a CertAndKeyGen object for a particular key type and signature algorithm.
    
    Parameters:
    keyType - type of key, e.g. "RSA", "DSA"
    sigAlg - name of the signature algorithm, e.g. "MD5WithRSA", "MD2WithRSA", "SHAwithDSA".
    
    Throws:
    
    java.security.NoSuchAlgorithmException - on unrecognized algorithms.
  - CertAndKeyGen
```
public CertAndKeyGen(java.lang.String keyType,
             java.lang.String sigAlg,
             java.lang.String providerName)
              throws java.security.NoSuchAlgorithmException,
                     java.security.NoSuchProviderException
```
    Creates a CertAndKeyGen object for a particular key type, signature algorithm, and provider.
    
    Parameters:
    keyType - type of key, e.g. "RSA", "DSA"
    sigAlg - name of the signature algorithm, e.g. "MD5WithRSA", "MD2WithRSA", "SHAwithDSA".
    providerName - name of the provider
    
    Throws:
    
    java.security.NoSuchAlgorithmException - on unrecognized algorithms.
    
    java.security.NoSuchProviderException - on unrecognized providers.
- Method Detail
  - setRandom
```
public void setRandom(java.security.SecureRandom generator)
```
    Sets the source of random numbers used when generating keys. If you do not provide one, a system default facility is used. You may wish to provide your own source of random numbers to get a reproducible sequence of keys and signatures, or because you may be able to take advantage of strong sources of randomness/entropy in your environment.
  - generate
```
public void generate(int keyBits)
              throws java.security.InvalidKeyException
```
    Generates a random public/private key pair, with a given key size. Different algorithms provide different degrees of security for the same key size, because of the "work factor" involved in brute force attacks. As computers become faster, it becomes easier to perform such attacks. Small keys are to be avoided.
    Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509 compatible keys, an invalid key exception is thrown.
    
    Parameters:
    keyBits - the number of bits in the keys.
    
    Throws:
    
    java.security.InvalidKeyException - if the environment does not provide X.509 public keys for this signature algorithm.
  - getPublicKey
```
public X509Key getPublicKey()
```
    Returns the public key of the generated key pair if it is of type X509Key, or null if the public key is of a different type. XXX Note: This behaviour is needed for backwards compatibility. What this method really should return is the public key of the generated key pair, regardless of whether or not it is an instance of X509Key. Accordingly, the return type of this method should be PublicKey.
  - getPrivateKey
```
public java.security.PrivateKey getPrivateKey()
```
    Returns the private key of the generated key pair.
    Be extremely careful when handling private keys. When private keys are not kept secret, they lose their ability to securely authenticate specific entities ... that is a huge security risk!
  - getSelfCert
```
@Deprecated
public X509Cert getSelfCert(X500Name myname,
                              long validity)
                     throws java.security.InvalidKeyException,
                            java.security.SignatureException,
                            java.security.NoSuchAlgorithmException
```
    Deprecated. Use the new
    
    Returns a self-signed X.509v1 certificate for the public key. The certificate is immediately valid.
    Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
    
    Parameters:
    myname - X.500 name of the subject (who is also the issuer)
    validity - how long the certificate should be valid, in seconds
    
    Throws:
    
    java.security.InvalidKeyException
    
    java.security.SignatureException
    
    java.security.NoSuchAlgorithmException
  - getSelfCertificate
```
public java.security.cert.X509Certificate getSelfCertificate(X500Name myname,
                                                    java.util.Date firstDate,
                                                    long validity)
                                                      throws java.security.cert.CertificateException,
                                                             java.security.InvalidKeyException,
                                                             java.security.SignatureException,
                                                             java.security.NoSuchAlgorithmException,
                                                             java.security.NoSuchProviderException
```
    Returns a self-signed X.509v3 certificate for the public key. The certificate is immediately valid. No extensions.
    Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
    
    Parameters:
    myname - X.500 name of the subject (who is also the issuer)
    firstDate - the issue time of the certificate
    validity - how long the certificate should be valid, in seconds
    
    Throws:
    
    java.security.cert.CertificateException - on certificate handling errors.
    
    java.security.InvalidKeyException - on key handling errors.
    
    java.security.SignatureException - on signature handling errors.
    
    java.security.NoSuchAlgorithmException - on unrecognized algorithms.
    
    java.security.NoSuchProviderException - on unrecognized providers.
  - getSelfCertificate
```
public java.security.cert.X509Certificate getSelfCertificate(X500Name myname,
                                                    long validity)
                                                      throws java.security.cert.CertificateException,
                                                             java.security.InvalidKeyException,
                                                             java.security.SignatureException,
                                                             java.security.NoSuchAlgorithmException,
                                                             java.security.NoSuchProviderException
```
    Throws:
    
    java.security.cert.CertificateException
    
    java.security.InvalidKeyException
    
    java.security.SignatureException
    
    java.security.NoSuchAlgorithmException
    
    java.security.NoSuchProviderException

Class CertAndKeyGen

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CertAndKeyGen

CertAndKeyGen

Method Detail

setRandom

generate

getPublicKey

getPrivateKey

getSelfCert

getSelfCertificate

getSelfCertificate