|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.CertRequest
This class builds and holds certificate requests. It is the base class for certificate requests. There are a number of possible certificate request formats, including PKCS #10. This class is general; subclasses implement the details.
Because this general certificate request class does not perform any of the activities of a specified certificate request (a request defined by some standard), it is an abstract class. Copyright © RSA Security Inc., 1998-2001. All rights reserved.
See Also
Field Summary |
|
static int |
DSA_WITH_SHA1_X930
Use this flag in |
static int |
DSA_WITH_SHA1_X957
Use this flag in |
static int |
RSA_WITH_SHA1_ISO_OIW
Use this flag in |
static int |
RSA_WITH_SHA1_PKCS
Use this flag in |
Constructor Summary |
|
CertRequest()
|
Method Summary |
|
getCertJ()
This is a method to get the CertJ context dynamically. |
|
getDevice()
Gets the name of the device that performed the signing or verification. |
|
String[] |
getDeviceList()
Gets a list of names of devices that actually performed the individual elements of the signature or verification operation, such as digest, signature algorithm, or padding scheme. |
abstract byte[] |
getSignature()
Gets the actual signature octets. |
getSignatureAlgorithm()
Gets the signature algorithm. |
|
byte[] |
getSignatureAlgorithmDER()
Gets the DER encoding of the signature algorithm. |
getSignatureFormat()
Gets the |
|
int |
getSignatureStandard()
Gets the signature standard of this object. |
com.rsa.jsafe.JSAFE_PublicKey |
getSubjectPublicKey(String device)
Gets the public key from the certificate request specified in device. |
void |
setCertJ(CertJ certJContext)
This is a method to set the CertJ context dynamically. |
void |
setSignatureStandard(int standardFlag)
Sets this object to the specified standard. |
void |
setSubjectPublicKey(byte[] publicKeyBER,
int offset)
Sets the public key in this certificate request to be the public key represented by the BER encoding publicKeyBER. |
void |
setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey)
Sets the public key in this certificate to be public key. |
abstract void |
signCertRequest(String transformation,
String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
Signs the certificate request using transformation and signingKey on the specified device. |
abstract boolean |
verifyCertRequestSignature(String device,
SecureRandom random)
Verifies the signature of the certificate request, using the public key of the request on the specified device. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int RSA_WITH_SHA1_PKCS
setSignatureStandard
if the signing
transformation is SHA1/RSA/PKCS1Block01Pad
, and
the OID and ASN.1 definition to use for the BER encoding
of the signature algorithm should follow the PKCS.
This setting is the default.
If setSignatureStandard
is not
called and the transformation
is SHA1/RSA/PKCS1Block01Pad
,
the BER of the signature algorithm follows the PKCS.
This is used only when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int RSA_WITH_SHA1_ISO_OIW
setSignatureStandard
if the
signing transformation is
SHA1/RSA/PKCS1Block01Pad
,
and the OID and ASN.1 definition to use for the
BER encoding of the signature algorithm should
follow the ISO OIW.
This setting is NOT the default.
If setSignatureStandard
is not
called and the transformation is
SHA1/RSA/PKCS1Block01Pad
,
the signature algorithm's BER follows the PKCS.
This is used only when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int DSA_WITH_SHA1_X930
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the X9.30 standard.
This is the default. If setSignatureStandard
is not
called and the transformation is SHA1/DSA
, the signature
algorithm's BER follows X9.30.public static final int DSA_WITH_SHA1_X957
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1 definition
to use for the signature algorithm's BER encoding should follow the X9.57
standard.
This is NOT the default. If setSignatureStandard
is not
called and the transformation is SHA1/DSA
, the signature
algorithm's BER follows X9.30.Constructor Detail |
public CertRequest()
Method Detail |
public final void setCertJ(CertJ certJContext)
Parameters
certJContex |
|
public final CertJ getCertJ()
Returns
CertJ
contextpublic String getSignatureAlgorithm() throws CertificateException
String
that follows the format specified in the Crypto-J
class JSAFE_Signature
.
The following are examples:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Returns
String
that specifies the signature algorithm.
Throws
CertificateException
- If the certificate request has
not yet been set with a signature algorithm.public byte[] getSignatureAlgorithmDER() throws CertificateException
Returns
byte
array that contains the
DER encoding of the signature algorithm.
Throws
CertificateException
- If the certificate request has
not been set with a signature algorithm.public abstract byte[] getSignature() throws CertificateException
Returns
byte
array that contains the signature
octets.
Throws
CertificateException
- If the certificate request has not
been signed.public String getDevice() throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Returns
String
that specifies the device
chosen to perform the signing
or verification.
Throws
CertificateException
- If the object has not yet been set
with a device.public String[] getDeviceList() throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Returns
String
array specifying the devices
chosen to perform the signing or verification.
Throws
CertificateException
- If the object has not yet been set
with a device.public void setSignatureStandard(int standardFlag)
sha1WithRSAEncryption
.
Later, the
ISO Open Systems Environment Implementors' Workshop
(OIW) defined a new OID. This class is able to read
either OID in an existing
certificate. To create a certificate using
the ISO OIW OID, call this method with the argument
RSA_WITH_SHA1_ISO_OIW
.
If this method is not called or if it is called
with the argument RSA_WITH_SHA1_PKCS
when
creating certificates, this class uses the OID
defined in the PKCS.
sha1WithDSA
signature OID and the DSA key OID. Later, the
X9.57 standard defined
a new OID. It also redefined the ASN.1 definition of the DSA
parameters
(p
, q
, and g
).
This class can read either OID in an existing certificate.
To create a certificate using the X9.57 OID, and to represent
the public key in it with DSA parameters as defined
in X9.57, call this method with the
argument DSA_WITH_SHA1_X957
.
If this method is not called or if it is called with
the argument DSA_WITH_SHA1_X930
when creating certificates, this class
will use the OID defined in X9.30 and represent
the public key as defined in X9.30.
Note that this method should be called before the
setSubjectPublicKey
method is called as well as
before any signing or verification is performed.
Parameters
standardFlag | One of the fields previously defined in this class that indicates which standard to use. |
public int getSignatureStandard()
sha1WithRSAEncryption
.
Later, the ISO Open Systems Environment Implementors'
Workshop (OIW) defined a new OID.
For DSA, the X9.30 standard defined the sha1WithDSA
signature OID and the DSA key OID. Later, the X9.57 standard
defined a new OID. It also redefined the ASN.1 definition
of the DSA parameters (p
, q
,
and g
).
If the signature standard is not set,
it will return -1
.
Returns
public String getSignatureFormat()
String
to use when calling
the JSAFE_Signature
method, getDERAlgorithmID
.
A return value of null
means one of the
following default values will be used: the PKCS-defined
sha1WithRSAEncryption
for RSA, and X.930-defined
DSA_WITH_SHA1_X930
for DSA.
Returns
String
that indicates the appropriate format.public void setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey) throws CertificateException
Parameters
publicKey | A |
Throws
CertificateException
- If the public key object is not
valid.public com.rsa.jsafe.JSAFE_PublicKey getSubjectPublicKey(String device) throws CertificateException
Parameters
device | A |
Returns
JSAFE_PublicKey
object that contains the public
key.
Throws
CertificateException
- If the certificate has not
been set with a public key.public void setSubjectPublicKey(byte[] publicKeyBER, int offset) throws CertificateException
SubjectPublicKeyInfo
, as follows:
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
Parameters
publicKeyBER | The BER encoding of a public key. | ||
offset | The offset into publicKeyBER where the encoding begins. |
Throws
CertificateException
- If the public key BER
is not a valid public key.public abstract void signCertRequest(String transformation, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CertificateException
JSAFE_Signature
. The following are examples
of transformations:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Java -- Perform signature using Java code Native -- Perform signature using the native link Native/Java -- Use native if possible, if not, use Java |
Parameters
transformation | A | ||
device | A | ||
signingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Throws
CertificateException
- If the code cannot
perform the specified transformation on the
specified device, or if the certificate request
is not set correctly, or if the certificate
request is already signed.public abstract boolean verifyCertRequestSignature(String device, SecureRandom random) throws CertificateException
Java --Perform verification using Java code Native --Perform verification using the native link Native/Java" --Use native if possible, if not, use Java |
Parameters
device | A | ||
random | If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
indicating whether the
signature on the certificate request is valid.
Throws
CertificateException
- If the code cannot perform the
signature algorithm on the specified device.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |