|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.CRL
This class builds and holds a certificate revocation list (CRL). It is the base class for a CRL. There are many kinds of CRLs, the most common is X.509. This class is general; subclasses implement the details.
Because this general CRL class does not perform any of the activities of a specified CRL (a CRL defined by some standard), it is an abstract class. Copyright © RSA Security Inc., 1999-2001. All rights reserved.
See Also
Field Summary |
|
static int |
DSA_WITH_SHA1_X930
Use this flag in |
static int |
DSA_WITH_SHA1_X957
Use this flag in |
static int |
RSA_WITH_SHA1_ISO_OIW
Use this flag in |
static int |
RSA_WITH_SHA1_PKCS
Use this flag in |
Constructor Summary |
|
CRL()
|
Method Summary |
|
getCertJ()
This is a method to get the CertJ context dynamically. |
|
getDevice()
Gets the name of the device that performed the signing or verification. |
|
String[] |
getDeviceList()
Gets a list of names of devices that performed the individual elements of the signature or verification operation, such as digest, signature algorithm, and padding scheme. |
abstract byte[] |
getSignature()
Gets the signature octets. |
getSignatureAlgorithm()
Gets the signature algorithm. |
|
byte[] |
getSignatureAlgorithmDER()
Gets the DER encoding of the signature algorithm. |
getSignatureFormat()
Gets the |
|
int |
getSignatureStandard()
Gets the signature standard for this object. |
void |
setCertJ(CertJ certJContext)
This is a method to set the CertJ context dynamically. |
void |
setSignatureStandard(int standardFlag)
Sets this object to the specified standard. |
void |
signCRL(byte[] signatureAlgorithmBER,
int offset,
String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
Signs the CRL, using the algorithm represented by the algorithm identifier signatureAlgorithmBER, and signingKey on the specified device. |
abstract void |
signCRL(String transformation,
String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
Signs the CRL, using transformation and signingKey on the specified device. |
boolean |
verifyCRLSignature(String device,
byte[] verifyingKeyBER,
int offset,
SecureRandom random)
Verifies the signature of the CRL using the public key represented by verifyingKeyBER, the BER encoding of a public key, on the specified device. |
boolean |
verifyCRLSignature(String device,
Certificate signerCert,
SecureRandom random)
Verifies the CRL's signature using the public key found in signerCert on the specified device. |
abstract boolean |
verifyCRLSignature(String device,
com.rsa.jsafe.JSAFE_PublicKey verifyingKey,
SecureRandom random)
Verifies the signature of the CRL using the public key represented by verifyingKey, the BER encoding of a public key, on the specified device. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int RSA_WITH_SHA1_PKCS
setSignatureStandard
if the signing
transformation is SHA1/RSA/PKCS1Block01Pad
and the
OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the PKCS.
This is the default. If
setSignatureStandard
is not called and the transformation
is SHA1/RSA/PKCS1Block01Pad
, the signature algorithm's BER
will follow the PKCS.
This is used only when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int RSA_WITH_SHA1_ISO_OIW
setSignatureStandard
if the signing
transformation is SHA1/RSA/PKCS1Block01Pad
and the OID and
ASN.1 definition to use for the signature algorithm's BER encoding should
follow the ISO OIW.
This is NOT the default. If
setSignatureStandard
is not called and the transformation
is SHA1/RSA/PKCS1Block01Pad
, the signature algorithm's BER
will follow the PKCS.
This is used only when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int DSA_WITH_SHA1_X930
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1 definition
to use for the signature algorithm's BER encoding should follow the X9.30
standard. This is the default. If
setSignatureStandard
is not called and the transformation
is SHA1/DSA
, the signature algorithm's BER will follow X9.30.public static final int DSA_WITH_SHA1_X957
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1 definition
to use for the signature algorithm's BER encoding should follow the X9.57
standard.
This is NOT the default. If
setSignatureStandard
is not called and the transformation
is SHA1/DSA
, the signature algorithm's BER will follow X9.30.Constructor Detail |
public CRL()
Method Detail |
public final void setCertJ(CertJ certJContext)
Parameters
certJContex |
|
public final CertJ getCertJ()
Returns
CertJ
contextpublic String getSignatureAlgorithm() throws CertificateException
String
, following the format specified
in the Crypto-J class
JSAFE_Signature
.
The following are examples:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Returns
String
specifying the signature algorithm.
Throws
CertificateException
- If the CRL is not set with
a signature algorithm.public byte[] getSignatureAlgorithmDER() throws CertificateException
Returns
byte
array that contains
the DER encoding of the signature algorithm.
Throws
CertificateException
- If the CRL is not
set with a signature algorithm.public abstract byte[] getSignature() throws CertificateException
Returns
byte
array that contains
the signature octets.
Throws
CertificateException
- If the CRL is not signed.public String getDevice() throws CertificateException
Returns
String
specifying the device
chosen to perform the signing or verification.
Throws
CertificateException
- If a device is not
set for this object.public String[] getDeviceList() throws CertificateException
Returns
String
array specifying the
devices chosen to
perform the signing or verification.
Throws
CertificateException
- If a device is not
set for this object.public void setSignatureStandard(int standardFlag)
sha1WithRSAEncryption
.
Later, the
ISO Open Systems Environment Implementors' Workshop
(OIW) defined a new OID. This class is able to read
ither OID in an existing
certificate. To create a certificate using
the ISO OIW OID, call this method with the argument
RSA_WITH_SHA1_ISO_OIW
.
If this method is not called or if it is called
with the argument RSA_WITH_SHA1_PKCS
when
creating certificates, this class uses the OID
defined in the PKCS.
sha1WithDSA
signature OID and the DSA key OID. Later, the
X9.57 standard defined
a new OID. It also redefined the ASN.1 definition of the DSA
parameters
(p
, q
, and g
).
This class can read either OID in an existing certificate.
To create a certificate using the X9.57 OID, and to represent
the public key in it with DSA parameters as defined
in X9.57, call this method with the
argument DSA_WITH_SHA1_X957
.
If this method is not called or if it is called with
the argument DSA_WITH_SHA1_X930
when creating certificates, this class
will use the OID defined in X9.30 and represent
the public key as defined in X9.30.
Parameters
standardFlag | One of the fields previously defined in this class that indicates which standard to use. |
public int getSignatureStandard()
public static final ints
previously defined in this class.
For RSA signatures, the Public Key Cryptography
Standards (PKCS)
defined an OID for sha1WithRSAEncryption
.
Later, the ISO
Open Systems Environment Implementors' Workshop (OIW)
defined a new OID.
For DSA, the X9.30 standard defined
the sha1WithDSA
signature OID and the DSA key OID. Later,
the X9.57 standard defined
a new OID. It also redefined the ASN.1
definition of the DSA
parameters (p
, q
,
and g
).
If a signature standard is not set,
it will return -1
.
Returns
public String getSignatureFormat()
String
to use when calling the
JSAFE_Signature
method
getDERAlgorithmID
.
A return value of null
means the default
value will be
used.
sha1WithRSAEncryption
.
DSA_WITH_SHA1_X930
.Returns
String
indicating the appropriate format.public abstract void signCRL(String transformation, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CertificateException
JSAFE_Signature
.
The following are examples of transformations:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
transformation | A | ||
device | A | ||
signingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Throws
CertificateException
- If the code
cannot perform the
specified transformation on
the specified device,
if the CRL is not set correctly, or
if the CRL is already signed.public void signCRL(byte[] signatureAlgorithmBER, int offset, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
signatureAlgorithmBER | The BER encoding of the
| ||
offset | The offset into signatureAlgorithmBER where the encoding begins. | ||
device | A | ||
signingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Throws
CertificateException
- If the code
cannot perform the
specified signature on the
specified device,
if the CRL is not set correctly, or
if the CRL is already signed.public abstract boolean verifyCRLSignature(String device, com.rsa.jsafe.JSAFE_PublicKey verifyingKey, SecureRandom random) throws CertificateException
SubjectPublicKeyInfo
as follows:
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
SubjectPublicKeyInfo
.
The format of device follows the format specified in
Crypto-J.
The following are examples of device agruments:
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
verifyingKey | A | ||
random | If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
indicating whether
the signature on the CRL
is valid.
Throws
CertificateException
- If the code cannot perform the
signature algorithm on the specified device.public boolean verifyCRLSignature(String device, byte[] verifyingKeyBER, int offset, SecureRandom random) throws CertificateException
SubjectPublicKeyInfo
,
as follows:
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
SubjectPublicKeyInfo
.
The format of device follows the format specified in
Crypto-J.
The following are examples of device agruments:
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
verifyingKeyBER | The BER encoding of a public key. | ||
offset | The offset into verifyingKeyBER where the encoding begins. | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
that indicates whether the signature
on the certificate is valid.
Throws
CertificateException
- If the code cannot perform the
signature algorithm on the specified device.public boolean verifyCRLSignature(String device, Certificate signerCert, SecureRandom random) throws CertificateException
SubjectPublicKeyInfo
of the signerCert for security
reasons as specified in PKIX.
The format of device follows the format specified in
Crypto-J. The following are example device arguments:
Java --Perform verification using Java code Native --Perform verification using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
signerCert | A | ||
random | If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
indicating whether the signature on the CRL
is valid.
Throws
CertificateException
- If the code cannot perform the
signature algorithm on the specified device.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |