|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.Certificate
This class builds and holds certificates. It is the base class for certificates. There are many kinds of certificates, the most popular is X.509. This class is general; subclasses implement the details. Because this general certificate class does not perform any of the activities of a specified certificate (a certificate defined by some standard), it is an abstract class.
Copyright © RSA Security Inc., 1998-2001. All rights reserved.
See Also
Field Summary |
|
static int |
DSA_WITH_SHA1_X930
Use this flag in |
static int |
DSA_WITH_SHA1_X957
Use this flag in |
static int |
RSA_WITH_SHA1_ISO_OIW
Use this flag in |
static int |
RSA_WITH_SHA1_PKCS
Use this flag in |
Constructor Summary |
|
Certificate()
|
Method Summary |
|
getCertJ()
This is a method to get the CertJ context dynamically. |
|
getDevice()
Gets the name of the device that performed the signing or verification. |
|
String[] |
getDeviceList()
Gets a list of names of devices that performed the individual elements of the signature or verification operation, such as digest, signature algorithm, and padding scheme. |
abstract byte[] |
getSignature()
Gets the actual signature octets. |
getSignatureAlgorithm()
Gets the signature algorithm. |
|
byte[] |
getSignatureAlgorithmDER()
Gets the DER encoding of the signature algorithm. |
getSignatureFormat(String transformation)
Gets the |
|
int |
getSignatureStandard()
Gets the signature standard of this object and returns one of the previously defined fields in this class. |
com.rsa.jsafe.JSAFE_PublicKey |
getSubjectPublicKey(String device)
Gets the public key from the certificate request specified in device. |
byte[] |
getSubjectPublicKeyBER()
Gets the public key BER from the certificate. |
byte[] |
getUniqueID()
Gets a unique identifier for this certificate. |
void |
setCertJ(CertJ certJContext)
This is a method to set the CertJ context dynamically. |
void |
setSignatureStandard(int standardFlag)
Sets this object to the specified standard. |
void |
setSubjectPublicKey(byte[] publicKeyBER,
int offset)
Sets the public key in this certificate request to be the public key represented by the BER encoding publicKeyBER. |
void |
setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey)
Sets the public key in this certificate to be public key. |
void |
signCertificate(byte[] signatureAlgorithmBER,
int offset,
String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
Signs the certificate using the algorithm represented by the algorithm identifier signatureAlgorithmBER, and signingKey on the specified device. |
abstract void |
signCertificate(String transformation,
String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
Signs the certificate using transformation and signingKey, on the specified device. |
boolean |
verifyCertificateSignature(String device,
byte[] verifyingKeyBER,
int offset,
SecureRandom random)
Verifies the signature of the certificate using the public key represented by verifyingKeyBER, the BER encoding of a public key, on the specified device. |
boolean |
verifyCertificateSignature(String device,
Certificate signerCert,
SecureRandom random)
Verifies the signature of the certificate using the public key found in signerCert on the specified device. |
abstract boolean |
verifyCertificateSignature(String device,
com.rsa.jsafe.JSAFE_PublicKey verifyingKey,
SecureRandom random)
Verifies the signature of the certificate, using verifyingKey on the specified device. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int RSA_WITH_SHA1_PKCS
setSignatureStandard
if the signing
transformation is SHA1/RSA/PKCS1Block01Pad
and if the
OID and ASN.1 definition to use for the signature algorithm's BER
encoding should follow the PKCS. This is the default. If
setSignatureStandard
is not called and the transformation
is SHA1/RSA/PKCS1Block01Pad
, the signature algorithm's
BER follows the PKCS.
Use this only when the digest algorithm is SHA1
. For
all other RSA signatures, do not set the signature standard.public static final int RSA_WITH_SHA1_ISO_OIW
setSignatureStandard
if the signing
transformation is SHA1/RSA/PKCS1Block01Pad
and the
OID and ASN.1 definition to use for the signature algorithm's BER
encoding should follow the ISO OIW.
This is NOT the default. If setSignatureStandard
is not
called and the transformation is SHA1/RSA/PKCS1Block01Pad
,
the signature algorithm's BER follows the PKCS.
Use this only when the digest algorithm is SHA1
. For
all other RSA signatures, do not set the signature standard.public static final int DSA_WITH_SHA1_X930
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the X9.30 standard. This is the default. If
setSignatureStandard
is not called and the transformation
is SHA1/DSA
, the signature algorithm's BER will follow X9.30.public static final int DSA_WITH_SHA1_X957
setSignatureStandard
if the signing
transformation is SHA1/DSA
and the OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the X9.57 standard. This is NOT the default. If
setSignatureStandard
is not called and the transformation
is SHA1/DSA
, the signature algorithm's BER
should follow X9.30.Constructor Detail |
public Certificate()
Method Detail |
public final void setCertJ(CertJ certJContext)
Parameters
certJContex |
|
public final CertJ getCertJ()
Returns
CertJ
contextpublic String getSignatureAlgorithm() throws CertificateException
String
,
following the format specified in the Crypto-J class
JSAFE_Signature
.
The following are examples of returned signature algorithms:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Returns
String
specifying the signature algorithm
Throws
CertificateException
- If the certificate has not been set
with a signature algorithm.public byte[] getSignatureAlgorithmDER() throws CertificateException
Returns
byte
array that contains the DER
encoding of the signature algorithm.
Throws
CertificateException
- If the certificate has
not been set with a signature algorithm.public abstract byte[] getSignature() throws CertificateException
Returns
byte
array that contains
the signature octets.
Throws
CertificateException
- If the certificate has not
been signed.public String getDevice() throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Returns
String
specifying the device chosen to
perform the signing or verification.
Throws
CertificateException
- If the object has not been set
with a device.public String[] getDeviceList() throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Returns
String
array specifying the devices chosen
to perform the signing or verification.
Throws
CertificateException
- If the object has not been set
with a device.public void setSignatureStandard(int standardFlag)
sha1WithRSAEncryption
.
Later, the
ISO Open Systems Environment Implementors' Workshop
(OIW) defined a new OID. This class is able to read
either OID in an existing
certificate. To create a certificate using
the ISO OIW OID, call this method with the argument
RSA_WITH_SHA1_ISO_OIW
.
If this method is not called or if it is called
with the argument RSA_WITH_SHA1_PKCS
when
creating certificates, this class uses the OID
defined in the PKCS.
sha1WithDSA
signature OID and the DSA key OID. Later, the
X9.57 standard defined
a new OID. It also redefined the ASN.1 definition of the DSA
parameters
(p
, q
, and g
).
This class can read either OID in an existing certificate.
To create a certificate using the X9.57 OID, and to represent
the public key in it with DSA parameters as defined
in X9.57, call this method with the
argument DSA_WITH_SHA1_X957
.
If this method is not called or if it is called with
the argument DSA_WITH_SHA1_X930
)
when creating certificates, this class
will use the OID defined in X9.30 and represent
the public key as defined in X9.30.
Parameters
standardFlag | One of the fields previously defined in this class that indicates which standard to use. |
public int getSignatureStandard()
sha1WithRSAEncryption
. Later, the ISO
Open Systems Environment Implementors' Workshop (OIW) defined a new OID.
For DSA, the X9.30 standard defined the sha1WithDSA
signature OID and the DSA key OID. Later, the X9.57 standard defined
a new OID. It also redefined the ASN.1 definition of the DSA
parameters (p
, q
, and g
).
If a signature standard is not set, it will return -1
.
Returns
public String getSignatureFormat(String transformation)
String
that should be used when calling
the JSAFE_Signature
method getDERAlgorithmID
.
A return value of null
means that the
following default value will be used:
sha1WithRSAEncryption
.
DSA_WITH_SHA1_X930
.Parameters
transformation | A
|
Returns
String
indicating the appropriate format.public void setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey) throws CertificateException
Parameters
publicKey | A |
Throws
CertificateException
- If the public key
object is not valid.public void setSubjectPublicKey(byte[] publicKeyBER, int offset) throws CertificateException
SubjectPublicKeyInfo
, as follows:
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
Parameters
publicKeyBER | The BER encoding of a public key. | ||
offset | The offset into publicKeyBER where the encoding begins. |
Throws
CertificateException
- If the public key BER
is not a valid public key.public com.rsa.jsafe.JSAFE_PublicKey getSubjectPublicKey(String device) throws CertificateException
Parameters
device | A |
Returns
JSAFE_PublicKey
object that contains
the public key.
Throws
CertificateException
- If the certificate has not
been set with a public key.public byte[] getSubjectPublicKeyBER() throws CertificateException
Returns
byte
array that contains the public key BER.
Throws
CertificateException
- If the certificate has not been
set with a public key.public byte[] getUniqueID()
X509Certificate
returns
a byte
array based on the
serial number and issuer name. This implementation
returns an MD5 hash
of the subject's public key.
Returns
byte
array that contains the unique ID.public abstract void signCertificate(String transformation, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CertificateException
JSAFE_Signature
. The following are examples
of transformation arguments:
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
transformation | A | ||
device | A | ||
signingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Throws
CertificateException
- If the code cannot perform the
specified transformation on the specified device,
if the certificate is not set correctly, or if the certificate is
already signed.public void signCertificate(byte[] signatureAlgorithmBER, int offset, String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
signatureAlgorithmBER | The BER encoding of the
| ||
offset | The offset into signatureAlgorithmBER where the encoding begins. | ||
device | A | ||
signingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Throws
CertificateException
- If the code cannot perform the
specified transformation on the specified device,
if the certificate is not set correctly, or if the certificate is
already signed.public abstract boolean verifyCertificateSignature(String device, com.rsa.jsafe.JSAFE_PublicKey verifyingKey, SecureRandom random) throws CertificateException
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
verifyingKey | A | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
indicating whether
the signature on the certificate is valid.
Throws
CertificateException
- If the code
cannot perform the
signature algorithm on the specified device.public boolean verifyCertificateSignature(String device, byte[] verifyingKeyBER, int offset, SecureRandom random) throws CertificateException
SubjectPublicKeyInfo
,
as follows:
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
SubjectPublicKeyInfo
.
The format of device follows the format specified in
Crypto-J.
The following are examples of device arguments:
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
verifyingKeyBER | The BER encoding of a public key. | ||
offset | The offset into verifyingKeyBER where the encoding begins. | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
that indicates whether the signature
on the certificate is valid.
Throws
CertificateException
- If the code cannot perform the
signature algorithm on the specified device.public boolean verifyCertificateSignature(String device, Certificate signerCert, SecureRandom random) throws CertificateException
SubjectPublicKeyInfo
of the signerCert,
for security reasons as specified in PKIX.
The format of device follows the format specified in
Crypto-J.
The following are examples of device arguments:
Java --Perform signature using Java code Native --Perform signature using the native link Native/Java --Use native if possible, if not, use Java |
Parameters
device | A | ||
signerCert | A certificate that contains the public key of the entity that signed the certificate from which the signature is being verified. | ||
random | Random bytes. If the signature algorithm needs random bytes, get them from this object. |
Returns
boolean
indicating
whether the signature
on the certificate is valid.
Throws
CertificateException
- If the code
cannot perform the signature algorithm on
the specified device.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |