RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class CertRequest

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert

Class CertRequest

java.lang.Object
  |
  +--com.rsa.certj.cert.CertRequest

All Implemented Interfaces:: Cloneable, Serializable

Direct Known Subclasses:: PKCS10CertRequest

public abstract class CertRequest
extends Object
implements Cloneable, Serializable

This class builds and holds certificate requests. It is the base class for certificate requests. There are a number of possible certificate request formats, including PKCS #10. This class is general; subclasses implement the details.

Because this general certificate request class does not perform any of the activities of a specified certificate request (a request defined by some standard), it is an abstract class.

See Also: Serialized Form

Field Summary

static int
DSA_WITH_SHA1_X930

Use this flag in setSignatureStandard if the signing transformation is SHA1/DSA and the OID and ASN.1 definition to use for the signature algorithm's BER encoding should follow the X9.30 standard.

static int
DSA_WITH_SHA1_X957

Use this flag in setSignatureStandard if the signing transformation is SHA1/DSA and the OID and ASN.1 definition to use for the signature algorithm's BER encoding should follow the X9.57 standard.

static int
RSA_WITH_SHA1_ISO_OIW

Use this flag in setSignatureStandard if the signing transformation is SHA1/RSA/PKCS1Block01Pad, and the OID and ASN.1 definition to use for the BER encoding of the signature algorithm should follow the ISO OIW.

static int
RSA_WITH_SHA1_PKCS

Use this flag in setSignatureStandard if the signing transformation is SHA1/RSA/PKCS1Block01Pad, and the OID and ASN.1 definition to use for the BER encoding of the signature algorithm should follow the PKCS.

Constructor Summary

CertRequest()

Method Summary

CertJ
getCertJ()

This is a method to get the CertJ context dynamically.

String
getDevice()

Gets the name of the device that performed the signing or verification.

String[]
getDeviceList()

Gets a list of names of devices that actually performed the individual elements of the signature or verification operation, such as digest, signature algorithm, or padding scheme.

abstract byte[]
getSignature()

Gets the actual signature octets.

String
getSignatureAlgorithm()

Gets the signature algorithm.

byte[]
getSignatureAlgorithmDER()

Gets the DER encoding of the signature algorithm.

String
getSignatureFormat()

Gets the String to use when calling the JSAFE_Signature method, getDERAlgorithmID.

int
getSignatureStandard()

Gets the signature standard of this object.

com.rsa.jsafe.JSAFE_PublicKey
getSubjectPublicKey(String device)

Gets the public key from the certificate request specified in device.

void
setCertJ(CertJ certJContext)

This is a method to set the CertJ context dynamically.

void
setSignatureStandard(int standardFlag)

Sets this object to the specified standard.

void
setSubjectPublicKey(byte[] publicKeyBER, int offset)

Sets the public key in this certificate request to be the public key represented by the BER encoding publicKeyBER.

void
setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey)

Sets the public key in this certificate to be public key.

abstract void
signCertRequest(String transformation, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random)

Signs the certificate request using transformation and signingKey on the specified device.

abstract boolean
verifyCertRequestSignature(String device, SecureRandom random)

Verifies the signature of the certificate request, using the public key of the request on the specified device.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RSA_WITH_SHA1_PKCS

public static final int RSA_WITH_SHA1_PKCS

Use this flag in setSignatureStandard if the signing transformation is SHA1/RSA/PKCS1Block01Pad, and the OID and ASN.1 definition to use for the BER encoding of the signature algorithm should follow the PKCS.

This setting is the default. If setSignatureStandard is not called and the transformation is SHA1/RSA/PKCS1Block01Pad, the BER of the signature algorithm follows the PKCS. This is used only when the digest algorithm is SHA1. For all other RSA signatures, do not set the signature standard.

RSA_WITH_SHA1_ISO_OIW

public static final int RSA_WITH_SHA1_ISO_OIW

This setting is NOT the default. If setSignatureStandard is not called and the transformation is SHA1/RSA/PKCS1Block01Pad, the signature algorithm's BER follows the PKCS. This is used only when the digest algorithm is SHA1. For all other RSA signatures, do not set the signature standard.

DSA_WITH_SHA1_X930

public static final int DSA_WITH_SHA1_X930

Use this flag in setSignatureStandard if the signing transformation is SHA1/DSA and the OID and ASN.1 definition to use for the signature algorithm's BER encoding should follow the X9.30 standard.

This is the default. If setSignatureStandard is not called and the transformation is SHA1/DSA, the signature algorithm's BER follows X9.30.

DSA_WITH_SHA1_X957

public static final int DSA_WITH_SHA1_X957

This is NOT the default. If setSignatureStandard is not called and the transformation is SHA1/DSA, the signature algorithm's BER follows X9.30.

Constructor Detail

CertRequest

public CertRequest()

Method Detail

setCertJ

public final void setCertJ(CertJ certJContext)

This is a method to set the CertJ context dynamically. Applications either call this method or instantiate PKCS10CertRequest object with CertJ context specified to initialize CertJ context. The value is checked when it is used.

Parameters

certJContex

CertJ

getCertJ

public final CertJ getCertJ()

This is a method to get the CertJ context dynamically. The toolkit does not use it for the time being.

Returns: CertJ context

getSignatureAlgorithm

public String getSignatureAlgorithm()
                             throws CertificateException

Gets the signature algorithm. The return value will be a String that follows the format specified in the Crypto-J class JSAFE_Signature. The following are examples:

   "MD5/RSA/PKCS1Block01Pad"
   "SHA1/DSA"

Returns: A String that specifies the signature algorithm.
Throws: CertificateException - If the certificate request has not yet been set with a signature algorithm.

getSignatureAlgorithmDER

public byte[] getSignatureAlgorithmDER()
                                throws CertificateException

Gets the DER encoding of the signature algorithm.

Returns: A new byte array that contains the DER encoding of the signature algorithm.
Throws: CertificateException - If the certificate request has not been set with a signature algorithm.

getSignature

public abstract byte[] getSignature()
                             throws CertificateException

Gets the actual signature octets.

Returns: A new byte array that contains the signature octets.
Throws: CertificateException - If the certificate request has not been signed.

getDevice

public String getDevice()
                 throws CertificateException

Gets the name of the device that performed the signing or verification.

The format of device follows the format specified in Crypto-J. The following are examples of device arguments:

   Java          --Perform signature using Java code
   Native        --Perform signature using the native link
   Native/Java   --Use native if possible, if not, use Java

Returns: A String that specifies the device chosen to perform the signing or verification.
Throws: CertificateException - If the object has not yet been set with a device.

getDeviceList

public String[] getDeviceList()
                       throws CertificateException

Gets a list of names of devices that actually performed the individual elements of the signature or verification operation, such as digest, signature algorithm, or padding scheme.

The format of device follows the format specified in Crypto-J. The following are examples of device arguments:

   Java          --Perform signature using Java code
   Native        --Perform signature using the native link
   Native/Java   --Use native if possible, if not, use Java

Returns: A String array specifying the devices chosen to perform the signing or verification.
Throws: CertificateException - If the object has not yet been set with a device.

setSignatureStandard

public void setSignatureStandard(int standardFlag)

Sets this object to the specified standard. This will affect only the BER encoding of the signature algorithm ID. Use one of fields defined in the this class.

For RSA signatures, the Public Key Cryptography Standards (PKCS) defined an OID for sha1WithRSAEncryption. Later, the ISO Open Systems Environment Implementors' Workshop (OIW) defined a new OID. This class is able to read either OID in an existing certificate. To create a certificate using the ISO OIW OID, call this method with the argument RSA_WITH_SHA1_ISO_OIW. If this method is not called or if it is called with the argument RSA_WITH_SHA1_PKCS when creating certificates, this class uses the OID defined in the PKCS.
For DSA, the X9.30 standard defined the sha1WithDSA signature OID and the DSA key OID. Later, the X9.57 standard defined a new OID. It also redefined the ASN.1 definition of the DSA parameters (p, q, and g). This class can read either OID in an existing certificate. To create a certificate using the X9.57 OID, and to represent the public key in it with DSA parameters as defined in X9.57, call this method with the argument DSA_WITH_SHA1_X957. If this method is not called or if it is called with the argument DSA_WITH_SHA1_X930 when creating certificates, this class will use the OID defined in X9.30 and represent the public key as defined in X9.30.

Note that this method should be called before the setSubjectPublicKey method is called as well as before any signing or verification is performed.

Parameters

standardFlag

One of the fields previously defined in this class that indicates which standard to use.

getSignatureStandard

public int getSignatureStandard()

Gets the signature standard of this object. Returns one of the fields previously defined in this class.

For RSA signatures, the Public Key Cryptography Standards (PKCS) defined an OID for sha1WithRSAEncryption. Later, the ISO Open Systems Environment Implementors' Workshop (OIW) defined a new OID.

For DSA, the X9.30 standard defined the sha1WithDSA signature OID and the DSA key OID. Later, the X9.57 standard defined a new OID. It also redefined the ASN.1 definition of the DSA parameters (p, q, and g). If the signature standard is not set, it will return -1.

Returns: The signature algorithm format that indicates which standard to use. It is one of the fields defined in this class.

getSignatureFormat

public String getSignatureFormat()

Gets the String to use when calling the JSAFE_Signature method, getDERAlgorithmID. A return value of null means one of the following default values will be used: the PKCS-defined sha1WithRSAEncryption for RSA, and X.930-defined DSA_WITH_SHA1_X930 for DSA.

Returns: A String that indicates the appropriate format.

setSubjectPublicKey

public void setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey)
                         throws CertificateException

Sets the public key in this certificate to be public key. If the algorithm of the public key requires system parameters, they must be in the key object for security reasons, as specified in PKIX. If the certificate object possesses a signature, calling this method deletes the signature.

Throws: CertificateException - If the public key object is not valid.

getSubjectPublicKey

public com.rsa.jsafe.JSAFE_PublicKey getSubjectPublicKey(String device)
                                                  throws CertificateException

Gets the public key from the certificate request specified in device.

Returns: A JSAFE_PublicKey object that contains the public key.
Throws: CertificateException - If the certificate has not been set with a public key.

setSubjectPublicKey

public void setSubjectPublicKey(byte[] publicKeyBER,
                                int offset)
                         throws CertificateException

Sets the public key in this certificate request to be the public key represented by the BER encoding publicKeyBER. The input should follow the ASN.1 definition SubjectPublicKeyInfo, as follows:

   SubjectPublicKeyInfo ::= SEQUENCE {
     algorithmID       AlgorithmIdentifier,
     subjectPublicKey  BIT STRING }

If the certificate request object has a signature, calling this method deletes the signature.

Throws: CertificateException - If the public key BER is not a valid public key.

signCertRequest

public abstract void signCertRequest(String transformation,
                                     String device,
                                     com.rsa.jsafe.JSAFE_PrivateKey signingKey,
                                     SecureRandom random)
                              throws CertificateException

Signs the certificate request using transformation and signingKey on the specified device. The format of transformation follows the format specified in the Crypto-J class JSAFE_Signature. The following are examples of transformations:

   "MD5/RSA/PKCS1Block01Pad"
   "SHA1/DSA"

The format of device follows the format specified in Crypto-J. The following are examples of device arguments:

   Java          -- Perform signature using Java code
   Native        -- Perform signature using the native link
   Native/Java   -- Use native if possible, if not, use Java

Throws: CertificateException - If the code cannot perform the specified transformation on the specified device, or if the certificate request is not set correctly, or if the certificate request is already signed.

verifyCertRequestSignature

public abstract boolean verifyCertRequestSignature(String device,
                                                   SecureRandom random)
                                            throws CertificateException

Verifies the signature of the certificate request, using the public key of the request on the specified device.